[users@httpd] disk cache setup

2017-07-13 Thread David Mehler
Hello, Wondering about disk cache setup? Should I have lines like this in my main httpd.conf as an include or in each individual virtual host? # Disc cache setup CacheQuickHandler off CacheLock on CacheLockPath /tmp/mod_cache-lock CacheLockMaxAge 5 CacheIgnoreHeaders

Re: [users@httpd] mod_lua and subprocess_env

2017-07-13 Thread Jim Jagielski
Maybe this would be better discussed on dev@ ?? > On Jul 13, 2017, at 9:21 AM, Andrei Ivanov wrote: > > Yann? Is it a good time now?  > > On Tue, Jun 20, 2017 at 6:41 PM, Andrei Ivanov > wrote: > Hi, > Seeing that 2.4.26 was released, is

Re: [users@httpd] mod_lua and subprocess_env

2017-07-13 Thread Andrei Ivanov
Yann? Is it a good time now?  On Tue, Jun 20, 2017 at 6:41 PM, Andrei Ivanov wrote: > Hi, > Seeing that 2.4.26 was released, is this a good time?  > > Thanks again. > > On Sun, May 28, 2017 at 11:54 PM, Yann Ylavic > wrote: > >> Hi Andrei, >> >>

[users@httpd] CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest

2017-07-13 Thread William A Rowe Jr
CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest Severity: Important Vendor: The Apache Software Foundation Versions Affected: all versions through 2.2.33 and 2.4.26 Description: The value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or

[users@httpd] CVE-2017-9789: Read after free in mod_http2

2017-07-13 Thread William A Rowe Jr
CVE-2017-9789: Read after free in mod_http2 Severity: Important Vendor: The Apache Software Foundation Versions Affected: httpd 2.4.26 Description: When under stress, closing many connections, the HTTP/2 handling code would sometimes access memory after it has been freed, resulting in

[users@httpd] Re: Apache (2.4.26) changing permissions on passwd file?

2017-07-13 Thread Kevin Miles
Thanks Jacob and Eric. Switching to 2.4.27 resolved the problem. Regards. On 11/07/2017 16:53, Kevin Miles wrote: I wonder if someone can shed some light on this. I've been running Apache 2.4.7 on Ubuntu 14.04LTS using a VirtualHost with a passwd file and all was working fine. I upgraded

Re: [users@httpd] Server status - meaning of Reading Request state

2017-07-13 Thread Tamas Kocsis
Testing by telnet is a good hint, thanks! But I'm not sure how to send half a request... I see now what SS is for, thanks. But if we take that column SS out of the picture and let's say I'm reloading server-status periodically and see that - a request comes in, status is Reading - refreshing