Re: FYI brotli

2017-01-16 Thread Jacob Champion
On 01/16/2017 04:42 PM, Jacob Champion wrote: Current guidance to avoid BREACH is still, AFAIK, to avoid situations where third-party data is being sent in the same response as first-party secrets. I don't think we have a way to know when this is happening ...though if the current response is

Re: FYI brotli

2017-01-16 Thread Jacob Champion
On 01/16/2017 04:06 PM, William A Rowe Jr wrote: Before we push this at users.. is there a concern that brotoli compression has similar dictionary or simply size based vulnerabilities as deflate? If you mean HTTP compression oracles (BREACH et al), then I would expect *any* compression

Re: FYI brotli

2017-01-16 Thread William A Rowe Jr
Before we push this at users.. is there a concern that brotoli compression has similar dictionary or simply size based vulnerabilities as deflate? If so, maybe we teach both to step out of the way when SSL encryption filters are in place? On Jan 16, 2017 10:14, "Jim Jagielski"

Re: svn commit: r1776575 - in /httpd/httpd/trunk: docs/log-message-tags/next-number docs/manual/mod/mod_remoteip.xml modules/metadata/mod_remoteip.c

2017-01-16 Thread Daniel Ruggeri
For the most part, yes except the portions that make the header presence optional (the HDR_MISSING case). Those were added as it came into the code base to handle a use case I was working on. I've added some comments inline since I won't have time to poke around myself for a while yet. For

Re: FYI brotli

2017-01-16 Thread Evgeny Kotkov
Jim Jagielski writes: > Functional patch avail... working on doccos. > > http://home.apache.org/~jim/patches/brotli-2.4.patch Hi Jim, Thank you for the backport patch. There is, however, a potential problem with backporting mod_brotli, since it relies on the Brotli

Re: FCGI_ABORT behavior in mod-proxy-fcgi

2017-01-16 Thread Jacob Champion
On 01/11/2017 10:37 AM, Luca Toscano wrote: I still haven't found any good/clear motivation to send the FCGI_ABORT record (just before dropping the connection), but I am probably missing some good point or my assumptions could be wrong. Any comment or suggestion would be really welcome :) My

Re: FYI brotli

2017-01-16 Thread Jim Jagielski
Functional patch avail... working on doccos. http://home.apache.org/~jim/patches/brotli-2.4.patch > On Jan 16, 2017, at 11:11 AM, Jim Jagielski wrote: > > Just a head's up that I am working on the backport proposal/patch > for brotli for 2.4.x...

Re: svn commit: r1776575 - in /httpd/httpd/trunk: docs/log-message-tags/next-number docs/manual/mod/mod_remoteip.xml modules/metadata/mod_remoteip.c

2017-01-16 Thread Jim Jagielski
Let me take a look... afaict, this is a copy of what was donated, which has been working for numerous people. But that doesn't mean it can't have bugs ;) > On Jan 16, 2017, at 7:20 AM, Ruediger Pluem wrote: > > Anyone? > > Regards > > RĂ¼diger > > On 01/10/2017 12:39 PM,

FYI brotli

2017-01-16 Thread Jim Jagielski
Just a head's up that I am working on the backport proposal/patch for brotli for 2.4.x...

Re: svn commit: r1776575 - in /httpd/httpd/trunk: docs/log-message-tags/next-number docs/manual/mod/mod_remoteip.xml modules/metadata/mod_remoteip.c

2017-01-16 Thread Ruediger Pluem
Anyone? Regards RĂ¼diger On 01/10/2017 12:39 PM, Ruediger Pluem wrote: > > > On 12/30/2016 03:20 PM, drugg...@apache.org wrote: >> Author: druggeri >> Date: Fri Dec 30 14:20:48 2016 >> New Revision: 1776575 >> >> URL: http://svn.apache.org/viewvc?rev=1776575=rev >> Log: >> Merge new PROXY

Re: RemoteIPProxyProtocol

2017-01-16 Thread Graham Leggett
On 15 Jan 2017, at 18:35, Daniel Ruggeri wrote: >> As we *sure* we want to call it RemoteIPProxyProtocol instead >> of just "regular" ProxyProtocol ? >> >> The latter just sounds and looks "more right" to me. > > I still like RemoteIPProxyProtocol because I also like the