William A. Rowe, Jr. wrote:
[EMAIL PROTECTED] wrote:
@@ -443,8 +443,8 @@
directivesynopsis
nameMaxClients/name
-descriptionMaximum number of child processes that will be created
-to serve requests/description
+descriptionMaximum number of simultaneous requests that will
+be
the consensus is about the intention
here. Perhaps the doc could be clarified.
--
Dan Poirier [EMAIL PROTECTED]
a value that's
one too many. I don't think that's a terrible problem, but I'd welcome
suggestions on how to catch that case.
Thanks.
Dan Poirier
[EMAIL PROTECTED]
Index: modules/loggers/mod_log_config.c
===
--- modules/loggers
questions:
1) Is the browser behaving properly, or should it wait another hour
after each 304 before making another request?
2) If the browser behavior is right, is there a way to configure
Apache to tell the browser to only check once an hour instead of
every time?
Thanks.
--
Dan Poirier [EMAIL
Ruediger Pluem wrote:
On 09/17/2008 10:00 PM, Dan Poirier wrote:
I've looked at mod_expires doc and RFC 2616, but can't really
tell what the right behavior is supposed to be in this case.
Using mod_expire to set the expiration time to something like
access plus 1 hour, we see a browser
I hate to re-open this can of worms, but...
Unless I'm missing something, in trunk right now, uncommenting includes
for the examples like extra/httpd-manual.conf does not result in being
able to serve the documentation pages.
In the main config file:
Directory /
Require all denied
On Tue, 23 Sep 2008 11:05:45 -0700, Chris Darroch
[EMAIL PROTECTED] said:
Dan Poirier wrote:
...
I read through some previous discussion of the authz inheritance
behavior, but it doesn't seem to have considered the effect of having
Require all denied at the top level, which is overriding
[from the users list]
On Wed, Oct 22, 2008 at 9:02 PM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] wrote:
Hello All,
I've compile and installed apache-2.2.10 from source and would like to
remove it from my system. I notice that I cannot use 'make uninstall'
anymore.
Could
Chris Darroch said the following on 10/29/2008 10:35 PM:
Directory /humans_and_friendlies_only
Require valid-user
SatisfyNotAll
Require group alien
SatisfyAny
Require group hostile
Require group neutral
Require group noninterventionist
/SatisfyAny
/SatisfyNotAll
William A. Rowe, Jr. said the following on 11/03/2008 07:32 AM:
But studio (or eclipse or codewarrior or [name your IDE]) users would
appreciate a perspective into the sources. The IDE-accessible nature
of the original Win32 port is what made it so easy for me to jump in,
understand and
I'm having a little trouble understanding how this works. I'm sure I
must be missing some subtlety.
Before this change, if ap_die was called with AP_FILTER_ERROR, it would
return without writing any response. If the response hadn't already
been written by some other code, then no response would
A couple of missed ap_'s.
Index: modules/generators/mod_suexec.c
===
--- modules/generators/mod_suexec.c (revision 722900)
+++ modules/generators/mod_suexec.c (working copy)
@@ -64,7 +64,7 @@
if (err != NULL) {
thought I post what I
have so far...
http://svwe10.itex.at/downloads/httpd-sni/make_sni.pl
Has this ever made it into subversion? I looked in test but
didn't see it.
--
Dan Poirier poir...@pobox.com
Paul Querna c...@force-elite.com writes:
Ryan Phillips wrote:
Thanks for the tips. IN6_IS_ADDR_V4MAPPED is defined in netinet/in.h on
unices and APR defines it on windows. I've modified the patch to check for
APR_HAVE_IPV6 support and check for APR_HAVE_NETINET_IN_H. Also, this patch
will
instead Invalid method in request %s - possible attempt to establish
SSL connection on non-SSL port.
I'm interested in comments - does this seem useful? Is this the best
way to go about it?
Thanks.
--
Dan Poirier poir...@pobox.com
BTW, I've found this book to be excellent on how filters work, and
Apache 2 modules in general:
Nick Kew, _The Apache Modules Book_
Prentice Hall, 2007
page
would still be in subversion if anyone wants to work on it later.
That said, it looks to me as if much of the information there is still
relevant, such as the Run-time Configuration section. It seems worth
preserving.
--
Dan Poirier poir...@pobox.com
It appears that %b logging of bytes sent can be wrong if something
happens to the connection during the request processing.
The number logged by mod_log_config is r-bytes_sent, which is computed
in ap_content_length_filter(). If something goes wrong (maybe I pull
Apache's network cable) while
a behavior that my FTP servers don't
have, and doesn't seem to be mentioned in RFC 959.
--
Dan Poirier poir...@pobox.com
another directive to turn that
behavior off, but I'd like to better understand why that behavior is
there, since it appears to assume a behavior that my FTP servers don't
have, and doesn't seem to be mentioned in RFC 959.
--
Dan Poirier poir...@pobox.com
Eric Covener cove...@gmail.com writes:
On Tue, Feb 24, 2009 at 10:29 AM, Dan Poirier poir...@pobox.com wrote:
Also, in testing that change, I found that mod_proxy_ftp escapes
wildcards in filenames using backslashes when sending them to the FTP
server, which none of the FTP servers I
httpd issues the message
server reached MaxClients setting, consider raising the
MaxClients setting
as soon as the number of spare threads drops below MinSpareThreads. In
a pathological case where MinSpareThreads is high, the number of threads
actually in use might be nowhere near MaxClients.
Sorry, my email client mangled that patch. Trying another
one:
Index: server/mpm/worker/worker.c
===
--- server/mpm/worker/worker.c (revision 756126)
+++ server/mpm/worker/worker.c (working copy)
@@ -1509,15 +1509,27 @@
Dan Poirier poir...@pobox.com writes:
httpd issues the message
server reached MaxClients setting, consider raising the
MaxClients setting
as soon as the number of spare threads drops below MinSpareThreads. In
a pathological case where MinSpareThreads is high, the number of threads
the encoding
of the content they're inserting.
In any case, count me as an interested party willing to help out with
this.
--
Dan Poirier poir...@pobox.com
to trunk. It would be nice to backport that fix so
the stable release doesn't fail tests (or else do something with that
test).
--
Dan Poirier poir...@pobox.com
Torsten Foertsch torsten.foert...@gmx.net writes:
On Wed 01 Apr 2009, Dan Poirier wrote:
Lars Eilebrecht l...@eilebrecht.net writes:
Torsten Foertsch wrote:
[mod_include DATE_LOCAL bug]
Is this a known bug?
It's probably this one:
https://issues.apache.org/bugzilla/show_bug.cgi
[Please followup to d...@httpd.apache.org]
I've started a documentation page for using virtual hosts
over SSL with SNI at
http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
Comments are welcome, or make improvements directly on
the wiki.
--
Dan Poirier poir...@pobox.com
an awfully steep learning curve.
--
Dan Poirier poir...@pobox.com
Torsten Foertsch torsten.foert...@gmx.net writes:
On Wed 15 Apr 2009, Dan Poirier wrote:
I'm wondering - what's the state of Apache::Test and httpd/test? Are
there active developers using them who understand how they work? Or
have they fallen into disuse?
Background: I wanted to see if I
rj...@apache.org writes:
Log:
Add name of program to spawn to the error
message, when starting piped loggers fails.
Thanks. Error messages that keep secret the information you need to fix
the error are so frustrating.
--
Dan Poirier poir...@pobox.com
jsessionid
--
Dan Poirier poir...@pobox.com
of knowledge out there based on the current configuration scheme,
and throwing all that out would be a shame.
--
Dan Poirier poir...@pobox.com
or a virtual host yourself.
I really don't want to spend the next however-many-years debugging not
only users' configurations, but their programming as well.
--
Dan Poirier poir...@pobox.com
cove...@apache.org writes:
==
--- httpd/httpd/trunk/docs/manual/env.xml (original)
+++ httpd/httpd/trunk/docs/manual/env.xml Tue Jun 9 01:27:43 2009
@@ -325,6 +325,7 @@
/section
section
from 4096 to
8192 to tuning that limit, but it seems nothing changes.
Try adjusting APR_BUCKET_BUFF_SIZE in
srclib/apr-util/buckets/apr_buckets.h (no idea if that'll break
anything, but that's where the 8000 is coming from).
--
Dan Poirier poir...@pobox.com
, s2, NULL);
Shouldn't we free the previous s1 buffer?
Pools don't provide a way of freeing individual allocations; you have
to destroy the whole pool.
Anyway, I do not understand why the memory is not released, as the
pool is supposed to be destroyed.
See above.
--
Dan Poirier poir
Would wait_for_io_or_timeout() be a good candidate for apr?
--
Dan Poirier poir...@pobox.com
and backreferences, that would solve a whole class of
problems that are really pretty difficult right now.
That sounds a whole lot like using the config as a runtime.
I'm not sure I follow that. I do like that the config would still look
a lot like it does now, only more flexible.
--
Dan Poirier poir
useful at all in its current state?
Regardless, I might take a stab at cleaning some of that up, if nobody
else is working on it already.
--
Dan Poirier poir...@pobox.com
time to hack it.
Sounds like a good idea. Let me see if I have any round tuits lying
around...
--
Dan Poirier poir...@pobox.com
I'm not so sure of.
--
Dan Poirier poir...@pobox.com
= 1;
}
c-keepalives will tell you how many requests the connection has
handled, not whether it's going to be kept alive past the current
request. For that you need to look at c-keepalive.
--
Dan Poirier poir...@pobox.com
);
return OK;
@@ -155,6 +158,7 @@
strcpy(shm_rec++, ); /* space == separator */
strcpy(shm_rec, ip);
shm_rec += strlen(ip);
+strcpy(shm_rec, ); /* put separator at end too */
}
}
}
--
Dan Poirier poir
- * will report success, and leave it to the access and error
- * logs to note that the connection was aborted.
- */
return APR_SUCCESS;
}
--
Dan Poirier poir...@pobox.com
, just in two parts with a pause in
between.
--
Dan Poirier poir...@pobox.com
Plüm, Rüdiger, VF-Group ruediger.pl...@vodafone.com writes:
-Original Message-
From: Dan Poirier
Sent: Donnerstag, 9. Juli 2009 15:10
To: dev@httpd.apache.org
Subject: Re: svn commit: r790589 -
/httpd/test/framework/trunk/t/security/CVE-2009-1890.t
The test doesn't seem to do
Joe Orton jor...@redhat.com writes:
On Thu, Jun 11, 2009 at 09:46:39AM -0400, Dan Poirier wrote:
I was looking at mod_auth_digest and bug 16057. Currently the shared
memory code in that module is disabled, and it turns out that has
effects throughout the module, such as disabling all client
wouldn't think it
would break anything.
--
Dan Poirier poir...@pobox.com
Nicholas Sherlock n.sherl...@gmail.com writes:
If you make a conditional request for a cached document, but the
document is expired in the cache, mod_cache currently passes on the
conditional request to the backend. If the backend responds with a
304 Not Modified response that indicates that
we wouldn't want to do
during configtest, but we can at least see if the directory exists, and
if it appears to be writeable.
--
Dan Poirier poir...@pobox.com
--On Friday, July 31, 2009 09:56:07 AM + rj...@apache.org wrote:
URL: http://svn.apache.org/viewvc?rev=799563view=rev
Log:
Adding back Dan Poirier, now also to xdocs.
Dan missed xdocs in r795301 and Paul
accidentily removed his entry in r799152.
Thanks and sorry for the trouble. I'm
I've noticed that when folks vote and the STATUS file update messages go
to the commits list, there's typically not enough context in the email
to tell what was voted on. Would it make sense to increase the lines of
context in these messages?
Dan
-2.2.13 as GA
(nonbinding)
Ubuntu 9.04 i686: md5sum okay, configures and builds clean, no test
regressions
Mac OS X 10.5.7 Intel: configures and builds clean, no test regressions
--
Dan Poirier poir...@pobox.com
We would worry less about what others think of us if we realized how
seldom they do
). Even better, buy _The
Apache Modules Book_ by Nick Kew; if you're writing a module, there's a
lot of other information in there that you'll find useful.
What are you working on? Is it something others might find useful?
--
Dan Poirier poir...@pobox.com
://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=801528r1=801527r2=801528view=diff
This commit added some funny characters to the beginning of CHANGES.
--
Dan Poirier poir...@pobox.com
Maybe it would be helpful to put a template into STATUS. Or somewhere
else and put a pointer to it there, anyway.
Dan
On Fri, 28 Aug 2009 12:14 -0700, Roy T. Fielding field...@gbiv.com
wrote:
On Aug 28, 2009, at 7:44 AM, j...@apache.org wrote:
Submitted by: rpluem Reviewed/backported by:
mod_auth_digest cannot implement nonce-count checking or the md5-sess
algorithm if the platform doesn't have shared memory.
Right now, if the admin configures either of these options and the
platform doesn't have shared memory, the module issues a warning and
continues without the requested
On 09/09/2009 10:57 AM, Jeff Trawick wrote:
2) If it should be changed, what's the best way to do it? The
change could break configurations that currently appear to work,
although they're not really doing what the admin configured them to do.
how many affected configurations are
the provider
mechanism, maybe names like dav_options_provider would be clearer.
--
Dan Poirier poir...@pobox.com
; it
+doesn't even look difficult to avoid allocating/copying.)
Can you elaborate? I don't see how these changes create additional and
unbounded memory usage.
Dan Poirier
Dan Poirier poir...@pobox.com writes:
Can you elaborate? I don't see how these changes create additional
and unbounded memory usage.
Sorry, I was confused and thought the comment applied to another, more
innocuous proposed backport. I'll go look at this again.
--
Dan Poirier poir
On 09/11/2009 07:57 PM, minf...@apache.org wrote:
Modified: httpd/httpd/trunk/support/htcacheclean.c
URL:
http://svn.apache.org/viewvc/httpd/httpd/trunk/support/htcacheclean.c?rev=814091r1=814090r2=814091view=diff
==
used.
I've put a first pass at implementing this at
http://people.apache.org/~poirier/log_command_line_at_startup.patch.txt
and welcome comments.
--
Dan Poirier poir...@pobox.com
of the Apache Group, which sounds like PMC members, but that
would imply that not all committers can cast binding votes,
contradicting what was said earlier.
Can someone clarify that for me?
Thanks.
--
Dan Poirier poir...@pobox.com
' should return
'/interesting/directory'.
They should be able to access anything under
there, but not anything outside that subtree.
--
Dan Poirier poir...@pobox.com
and just add the one hook.
--
Dan Poirier poir...@pobox.com
your concern. Or if you have particular issues you need
to raise, a post to the dev list is in order.
Yes, that was my concern. Committed now.
--
Dan Poirier poir...@pobox.com
of a wrapper function sounds good for 2.2 though, since it
doesn't require an API change. How about if I give that a try in trunk
so we can see how it works before considering a backport?
--
Dan Poirier poir...@pobox.com
Looks good on Mac OS 10.6.1, with a *
- gpg signature checks on tar.bz2 download
- builds with CC=gcc -arch i386*
- perl test framework passes
* Without CC=gcc -arch i386 apr failed some tests (testfmt, one
other), so I played it safe and built everything with -arch i386.
--
Dan Poirier poir
)
Thanks,
--
Dan Poirier poir...@pobox.com
, that specifies an expiration, and per RFC
2616 13.4 we would expect it to be cached.
I'm attaching a trunk patch that would implement these changes.
--
Dan Poirier poir...@pobox.com
svn status for directory ~/apache/httpd/httpd/trunk/modules/cache/
0 file(s) marked
821762 821552 minfrin
And here's the right patch file, sorry.
--
Dan Poirier poir...@pobox.com
Index: mod_cache.c
===
--- mod_cache.c (revision 821763)
+++ mod_cache.c (working copy)
@@ -767,7 +767,8 @@
reason = Expires header already expired
mod_ssl_extract_dn_vars be better?
--
Dan Poirier poir...@pobox.com
jor...@apache.org writes:
Author: jorton
Date: Sun Oct 25 17:21:10 2009
New Revision: 829619
...
+const char *ssl_cmd_SSLStaplingResponseTimeSkew(cmd_parms *cmd, void *dcfg,
+const char *arg)
+{
+SSLSrvConfigRec *sc =
Ruediger Pluem rpl...@apache.org writes:
On 10/26/2009 01:37 PM, Dan Poirier wrote:
jor...@apache.org writes:
Author: jorton
Date: Sun Oct 25 17:21:10 2009
New Revision: 829619
...
+const char *ssl_cmd_SSLStaplingResponseTimeSkew(cmd_parms *cmd, void *dcfg
Jeff Trawick traw...@gmail.com writes:
On Thu, Oct 29, 2009 at 1:06 PM, poir...@apache.org wrote:
Author: poirier
Date: Thu Oct 29 17:06:15 2009
New Revision: 831031
URL: http://svn.apache.org/viewvc?rev=831031view=rev
Log:
Merge r823536, r823563 from trunk:
...
Reviewed by: poirier
minf...@apache.org writes:
Author: minfrin
Date: Mon Nov 30 22:53:43 2009
New Revision: 885606
URL: http://svn.apache.org/viewvc?rev=885606view=rev
Log:
...
Remove the use of the apachectl script, as a script calling
another script makes no sense.
I wonder if this is a good idea?
the holiday, but I'm
not seeing how it would cause a problem. Could you please expand on
that?
--
Dan Poirier poir...@pobox.com
Graham Leggett minf...@sharp.fm writes:
Dan Poirier wrote:
Redhat's init scripts don't work anything like the apachectl script, and
trying to call one from the other causes the exact problem you mention -
loss of environment variables, and all round weirdness.
Maybe I'm just slow getting
John ORourke john-p...@o-rourke.org writes:
The Authorize.net system makes HTTP POST requests to our server, and
about 1 in every 500 transactions, the Authorize.net system reports a
timeout and there's no trace of the request in our logs. Authorize.net
won't investigate in any detail
Jordi Prats jordi.pr...@gmail.com writes:
If you start apache with root as usual, you realize that every module
is able to run code with root privileges:
...
Why is coded this way? Shouldn't run with lower privileges?
No. That's not the purpose of apache modules.
Graham Dumpleton graham.dumple...@gmail.com writes:
2009/12/16 Dan Poirier poir...@pobox.com:
Jordi Prats jordi.pr...@gmail.com writes:
If you start apache with root as usual, you realize that every module
is able to run code with root privileges:
...
Why is coded this way? Shouldn't run
William A. Rowe Jr. wr...@rowe-clan.net writes:
One thing we should refactor is 'debug' logging. Proper debug
logging is log early and often, but there is overhead involved
in preparing the args and submitting the log request, only to have
it fall on deaf ears.
If we are doing any
William A. Rowe Jr. wr...@rowe-clan.net writes:
Dan Poirier wrote:
William A. Rowe Jr. wr...@rowe-clan.net writes:
One thing we should refactor is 'debug' logging. Proper debug
logging is log early and often, but there is overhead involved
in preparing the args and submitting the log
Colm MacCárthaigh c...@allcosts.net writes:
Because ... stealing an idea from wrowe@ ... how about we formally
deprecate the 1.3.x branch? Make one more release, but attach a notice
to the effect that it will be the final release, and that in future
we'll be distributing security updates by
c...@apache.org writes:
--- httpd/httpd/branches/1.3.x/README (original)
+++ httpd/httpd/branches/1.3.x/README Wed Jan 6 11:13:11 2010
@@ -14,8 +14,17 @@
The Latest Version
--
- Details of the latest version can be found on the Apache HTTP
- server project page
Ruediger Pluem rpl...@apache.org writes:
IMHO patches in the patches directory are as official as previous patches.
Oh, sorry, I didn't realize that. I don't think I've ever seen a vote
to release a patch.
Some comments based on
http://people.apache.org/~sf/mod_reqtimeout.2.2.patch:
Code:
- The units are confusing in the computation and use of the rate_factor
values. rate_factor is computed as
apr_time_from_sec(1)/min_rate
where min_rate's units are bytes/second, so the units for the
Stefan Fritsch s...@sfritsch.de writes:
I am not particularly happy about the syntax, yet. I just had the idea
to have one keyword xxx that can optionally accept a range, instead of
two keywords xxxinit and xxxmax:
Header=30
Body=5-50 BodyMinRate=500
or
Plüm, Rüdiger, VF-Group ruediger.pl...@vodafone.com writes:
-Original Message-
From: news [mailto:n...@ger.gmane.org] On Behalf Of Dan Poirier
We might simplify the model by not exposing the internal extending of
the timeout. Just let the admin specify an overall max time
I noticed that http://httpd.apache.org still invites folks to attend
ApacheCon US 2009, which was last November. Maybe it's time to change
that to link to the video archives, and announce whatever the next
ApacheCon will be.
Dan
Stefan Fritsch s...@sfritsch.de writes:
In any case, we need at least three values to completely define the
behaviour. IIRC I chose the initial timeout/maximum timeout over the
startup time/maximum timeout approach because it was easier to
implement. I still think it's ok, given that for
I'm just curious, why use Define with ! rather than creating a new
Undefine directive?
Dan
How about logging a dire warning during startup if insecure
renegotiation has been enabled?
Dan
Nice. Maybe change count to messages_skipped but that's just a
quibble.
I wonder where else this would be handy?
Dan
[Moving discussion from dev@ to d...@httpd.apache.org]
On Fri, Feb 5, 2010, at 06:57:58 AM, Jeff Trawick traw...@gmail.com wrote:
On Thu, Feb 4, 2010 at 9:48 PM, poir...@apache.org wrote:
+ pOnly environment variables defined before the server is started
+ can be used in expansions.
On Wed, Feb 3, 2010, at 03:22:21 AM, Stefan Fritsch s...@sfritsch.de wrote:
ap_log_error_wrapper.diff:
On C99 compilers, avoid argument setup and function call overhead if
the log message will be discarded anyway. Also allow to disable higher
loglevels at compile time by defining
Do we have any formal conventions (i.e. written down) on what kinds of
changes require entries in CHANGES and what doesn't, and what
information we include in CHANGES and svn log entries?
The most logical place for something like that seems to be near the
bottom of
Thanks Jeff. Some thoughts and questions for all:
* I'd think that all security fixes should be mentioned in CHANGES, with
CVE number, regardless of other considerations. Otherwise people
worry.
* Should minor changes in the wording of a message be mentioned in
CHANGES? I'd guess not,
1 - 100 of 185 matches
Mail list logo
