On 27.11.2011 12:14, Stefan Fritsch wrote:
Yes, that would be a good idea and I agree with Daniel that we should
use a distinct prefix or format. We currently have around 2700 calls
to *_log_?error in trunk, so a 4-digit number should be ok. Together
with for example AH as prefix for Apache
On 29.11.2011 23:30, William A. Rowe Jr. wrote:
But my point remains, that we allocate each module a block of some 50
codes, such that mod_aaa gets AHM-0049 and mod_aab gets 50-99, etc.
How will 3rd-party modules be getting their blocks?
-mi
On 27.12.2011 02:12, Ruediger Pluem wrote:
You can still run httpd 2.3 with APR-UTIL 1.3.x, but you will miss some
features then.
Will the features be missing from Apache itself? If so, is there a list
of what's not available in the httpd?
We are using the 2.2.x branch and I prefer
On 27.12.2011 08:24, Ruediger Pluem wrote:
Some modules in 2.3 require the apr-util crypto API. These
won't work with older apr-util versions.
Oh, Ok -- so a module may just not be built, if apr(-util) is too old at
compile time. But if it is available, it is fully-featured, right? In
other
If the SSL-certificate is the same for all named vhosts configured for the given
IP-address/port-number combination, why can not the vhosts have different
DocumentRoots and other settings?
Thank you. Yours,
-mi
On 16.04.2012 11:40, Tom Evans wrote:
They can. Excerpt from my httpd.conf:
Your excerpt does not show different DocumentRoots -- nor any other settings...
Could you show more contents? What is the Apache version you are using? In all
my attempts, Apache a) issues a pointless warning about
On 16.04.2012 11:55, Eric Covener wrote:
Got a pointer to your configuration?
Well, the real one I was designing now uses a work-around (single vhost with
mod_rewrite examining the Host-header and picking the proper subdirectore). Here
is a mock one, that I'd rather be using -- instead of
On 16.04.2012 12:24, Plüm, Rüdiger, Vodafone Group wrote:
Without a NameVirtualHost directive this cannot work as you intend.
Add NameVirtualHost *:433
I see... I thought, I'm already giving Apache all the information it needs,
though (with ServerAlias directives)... But if spelling-out the
On 20.04.2012 09:46, Rich Bowen wrote:
My comment on this is that humorous comments can be good, and they can be
intimidating and confusing - particularly for people who don't get the joke,
and in particular for those whose first language is not English or other
related languages or whose
On 28.04.2012 09:05, Joe Schaefer wrote:
libapreq2 (which is the stuff currently sitting in trunk/server)
depends entirely on libapr and libaprutil- there are no httpd-specific
parts involved in it.
To me this suggests, it may be generally useful and thus should have a
life of its own --
From reading the module's documentation
http://httpd.apache.org/docs/2.4/mod/mod_dbd.html, it seems, a single vhost
can only use one DB-server (and only with one set of credentials): only a single
DBDriver and DBDParams is possible, for example.
Also, the syntax of mod_rewrite's dbd/fastdbd
On 22.08.2012 07:24, Nick Kew wrote:
The implementation needs object persistence, of the kind we have
in the per-server configuration but not per-directory. That was the
original design constraint.
I'd say, my complaint was a little misunderstood. It is not, that I wish
to see separate
Perhaps, this discussion should be happening on theticket
https://issues.apache.org/bugzilla/show_bug.cgi?id=53666 itself? Oh, well :)
Comments inline:
On 22.08.2012 10:47, Nick Kew wrote:
I think I've pointed a few people at the ODBC driver as an alternative.
Do you have a strong reason to
On 22.08.2012 12:55, Jeff Trawick wrote:
and/or...@apr.apache.org
You are right. Unfortunately, that list (like this one), requires one to
subscribe before posting. I deeply resent such requirements and try to avoid
such lists, when at all possible :-(
Yours,
-mi
Hello!
From my (limited) investigation, it would appear, that in order to
invoke a vanilla CGI script, httpd is created and goes through all of
the modules' initialization and then, immediately, clean-up functions...
Is that right? Some of these callbacks are fairly heavy and, in most
On 05.12.2012 02:01, Nick Kew wrote:
Back to that maybe answer, I don't know how well mod_rivet or websh
are written, and whether they might impose a gratuitous overhead.
Perhaps you could raise your concerns with their developers?
It certainly may be a module-specific thing, but it seemed to
On 05.12.2012 04:43, Graham Leggett wrote:
In my case, for example, the CGI-invocation belongs to a completely different
vhost than mod_rivet and websh…
Are the configurations for these expensive modules defined server wide? This
could be an issue where other configuration is leaking into
Suppose I have the following construct:
...
RewriteCond${mymap:%1|NOT_FOUND}!=NOT_FOUND
# Store the lookup-result in environment variable target:
RewriteRule--[DP,E=target:${mymap:%1|NOT_FOUND}]
Note, that the key for lookup in map mymap is the same. How many
On 02.01.2013 08:28, Eric Covener wrote:
If mod_rewrite or your own custom module just changes the URI in place
after the configuration has been determined, it doesn't change the
per-request configuration.
mod_proxy in 2.2 doesn't properly use per-request configuration, and
crawls through every
On 02.01.2013 15:27, Eric Covener wrote:
Are global balancer-definitions supposed to be usable by rewriterules inside
vhosts?Thanks! Yours,
I would have thought so, is it a 2.2/2.4 difference for you?
I would not know -- because one of our RewriteMaps is using a database (Sybase,
in fact), we
Sorry -- I meant to send the below just to Jim, but messed-up the headers in
Thunderbird -- and it ended up looking, as if Jim wrote it :(
On 04.01.2013 14:06, j...@jagunet.com wrote:
On 04.01.2013 13:48, Jim Jagielski wrote:
Have people had a chance to test, review and try the balancer
On 05.01.2013 10:30, Jim Jagielski wrote:
I haven't created the patch yet... it seems backwards
to generate a backport patchset unless what is currently
in trunk is OK.
I can drop in a patch into our 2.4.3 build relatively easily. Building
(and testing) from trunk is a more serious undertaking.
Hello!
What is the official way for a module to check, whether another module (known by
name) is loaded and, if so, whether its hooks (cleanup in particular) will be
invoked before or after those of the inquirer?
I don't need to affect the order -- I just need to figure out, what it is...
On 05.02.2013 16:37, Nick Kew wrote:
But in general, querying another module, or knowing anything about
its cleanups, would be a violation of modularity. If it's legitimate
for a module to expose its inner workings, it can do so by exporting
an API.
Why the questions? Are you writing two
On 05.02.2013 17:14, Graham Dumpleton wrote:
In the next version of mod_wsgi though I am dropping support for coexistence.
I want to flag that fact with a big error message and refuse to start up if
both loaded.
I'm not sure, how Python-users will react, but, as a Tcl-user, I'd hate to be
On 05.02.2013 17:33, Nick Kew wrote:
Are you sure? My recollection of Tcl is of creating an interpreter
when I want to use it, and destroying it after use. Many could run
concurrently with a threaded MPM.
You are right. However, calling Tcl_Finalize -- which is what mod_rivet is doing
--
On 05.02.2013 17:30, Mikhail T. wrote:
On 05.02.2013 17:20, Jeff Trawick wrote:
module *modp;
for (modp = ap_top_module; modp; modp = modp-next) {
foo(modp-name);
}
Cool! I thought of relying on the fact, that server_rec's module_config is a
an array of module-pointers, but the above seems
On 05.02.2013 18:01, William A. Rowe Jr. wrote:
What if both attempt to register an identical apr_optional_fn for
tcl_destroy. That way you will never have both optional functions
called.
My plan was for each of the modules to skip the destruction, if the OTHER module
is registered to run
On 05.02.2013 18:25, Graham Dumpleton wrote:
If in the Apache parent process, you would still have to call Tcl_Finalize()
at some point wouldn't you to ensure that all memory is reclaimed?
I don't think so. If only because after calling Tcl_Finalize(), any other calls
into libtcl are undefined
On 05.02.2013 19:05, Graham Dumpleton wrote:
So the section of documentation you quote appears to support what I am saying
that Tcl_Finalize() still needs to be called. After the module is loaded and
initialised again, then Tcl_Init(), or whatever is used to create it again,
would be called to
From PHP I need to be able to set and read the session cookies created by
mod_session_crypto.
Suppose, I know the SessionCryptoCipher (aes256, the default) and the
SessionCryptoPassphrase, how can I decrypt the session-cookie? Its value is
available to PHP as _REQUEST['session']...
I have
On 08.07.2013 19:11, Daniel Lescohier wrote:
https://httpd.apache.org/docs/2.4/mod/mod_session.html#sessionprivacy
The session will be automatically decrypted on load, and encrypted on save by
Apache, the underlying application using the session need have no knowledge
that encryption is
08.07.2013 19:35, Graham Leggett wrote:
Like Daniel said, you don't need to know.
This is unhelpful. Do you /know/ the answer? If you do, could you share
it? If you are trying to avoid committing to a particular method --
because you foresee it changing in the future -- well, that does not
seem
08.07.2013 23:44, Yehuda Katz написав(ла):
Ignoring the apache-specific configuration, it looks pretty standard
to me (although I did not spend too long looking at it, but I did
teach college-senior crypto last semester and it looks similar to a
project we assigned).
Would you be able to
08.07.2013 19:29, Graham Leggett wrote:
See also the section on integrating with external applications.
https://httpd.apache.org/docs/2.4/mod/mod_session.html#integration
Indeed, from this link (emphasis mine):
Standalone applications
Applications might choose to manipulate the
09.07.2013 08:31, Eric Covener написав(ла):
I am not surprised that separately documenting is not a priority for
anyone, given it's implemented in httpd for anyone to see.
Source code is not documentation, is it? In matters of encryption
especially the methods chosen should be documented better
On 09.07.2013 09:59, Daniel Lescohier wrote:
So, it doesn't look like it's an quick and easy thing to document or
re-implement.
Thanks for the pointers, Daniel. I managed to reimplement the decryption today:
http://aldan.algebra.com/~mi/mod_session_crypt.html
Once I figure out the
On 09.07.2013 00:43, Yehuda Katz wrote:
Unfortunately not this week. Send me a reminder email next week and I should
be able to look at it.
Although I was able to answer my own question last week — and have replicated
Apache's default AES256 en/decryption in PHP
Hello!
I realize, configurations questions aren't meant for this list, but I'm
beginning to suspect a bug...
Here is the configuration:
Location /
AuthTypeform
AuthFormProvidertiv
Session
30.07.2013 19:27, Tim Bannister ???(??):
The server might be working properly and it's just the documentation that has
fallen short.
As a minimum, testing the subsequent children of RequireAll after one of
them already responded with denied seems like a bug...
-mi
30.07.2013 19:18, I wrote:
authorization result of Require all granted: granted
authorization result of RequireAny: granted
authorization result of AuthMerging Any: granted
authorization result of Require all granted: granted
authorization result of RequireAny: granted
01.08.2013 22:47, Ben Reser ???(??):
LocationMatch ^(/php-fpm)?/tiv/
Require all granted
DirectoryIndex index.php
/LocationMatch
I'm guessing you're using AP_AUTH_INTERNAL_PER_CONF which should avoid
the 3rd call with the above
02.08.2013 20:17, Ben Reser написав(ла):
mod_autoindex automatically provides a directory listing of files
under a path. However, by default it doesn't display any paths that
you don't have access to, e.g. .htaccess. It does this by issuing
subrequests for those other paths so that authz can
03.08.2013 02:05, Ben Reser wrote:
You don't seriously expect the auth system to know all of those intricacies?
Let me take a step back here. What I found about my particular situation
is -- using your own term -- absurd:
1. The current behavior is not documented.
2. The current behavior is
03.08.2013 14:14, Eric Covener wrote:
I don't agree re: necessity. As Ben said, httpd only knows that /tiv
(where you tried to punch a hole) and the target of your Action
directive have different per-directory configurations, so
authorization is checked on the subrequest. It's erring on the
03.08.2013 15:19, Eric Covener ???(??):
I didn't interpret his response that way. Those are modules that will
create subrequests/internal redirects to new URIs that could have
separate authz applied to them from the original URI -- you can't
assume the server is any less interested in
02.10.2013 09:59, tguadagno ???(??):
hi, i am having the same issue, have you figured out a fix yet?
Nope... I rewrote the config replicating in multiple places the details,
that were neatly aliased in 2.2
-mi
On 21.02.2014 11:56, ? ?? wrote:
But mod_fastcgi doesn't compile with Apache 2.4.
This is entirely possible, actually -- and has been for a while. Pathes exist
and are maintained:
https://github.com/ByteInternet/libapache-mod-fastcgi
Yours,
-mi
On 21.02.2014 13:59, Anthony Pankov wrote:
Thank you for suggestion.
But this packet does not install from box in
FreeBSD. It does not install via apxs -cia also. Besides that
there is a patch for mod_fastcgi in FreeBSD ports that doesn't seem
trivial.
Unless apa...@freebsd.org team
On 21.02.2014 04:08, Yann Ylavic wrote:
Similarly, a new SSLProxyCheckPeerCN canon option could be handled
so that admins needing ProxyPreserveHost on could still forward the
client's Host but check the backend's CN against ServerName.
It remains my humble opinion, that this behavior should be
On 07.03.2014 12:28, Yann Ylavic wrote:
Sorry, this was posted from gmail...
Is it written anywhere in the bylaws of this mailing list, that use of HTML is
something to apologize for? With all due sympathies to Reindl's medical
condition, why must we -- in the second decade of the 21st century --
Hello!
Some of our web-servers take a while to restart (because some custom
modules need to login to database backends, etc.) This makes it
undesirable for us to use the SIGUSR1 (for graceful restart) and we
currently log to stdin of an easier to restart command-line utility.
How hard would it
22.01.2010 14:03, Jeff Trawick написав(ла):
Currently there are ap_run_open_logs and worker_open_logs. Can my
hypothetical signal-handler simply go through the list of opened
descriptors, set them to new values and close the old?
You'd need to do that in every child process, without
22.01.2010 14:18, Graham Leggett написав(ла):
What you're probably after are piped logs:
http://httpd.apache.org/docs/2.2/logs.html#piped
If you pipe the log to something like cronolog, cronolog is able to
rotate logs for you without needing to restart httpd.
Thanks for the pointer, sir. We
22.01.2010 14:33, Jeff Trawick написав(ла):
the open_logs hook runs only in the parent
I see... And the children simply inherit it after forks? Thank you,
-mi
22.01.2010 14:50, Brian J. France написав(ла):
Funny you should bring this up, at work we have been look at out patches to apr
and httpd that we can give back to the up stream public source and one of those
patches is to apr to allow hupless log rotation in httpd 2.x.
The patch adds
22.01.2010 15:28, Akins, Brian ???(??):
Each process (not thread) has an open filehandle with mod_log_config,
correct?
Except for the ErrorLog... Perhaps, that handle is reachable from a
module somehow too?
-mi
22.01.2010 15:28, Akins, Brian ???(??):
Each process (not thread) has an open filehandle with mod_log_config,
correct?
Having almost finished the necessary changes to mod_log_config, I
realized, that there are/may be modules, that keep their own logging.
Being able to include those in
Hello!
I'm working on adding WebDAV access to the directories already
accessible via FTP. The layout is fairly simple: the /data/ftp tree
houses the home directories of FTP's (virtual) users. I wanted to give
the HTTP users the same experience they get via FTP -- they must login,
and then
Hello!
Various sources suggest, the hook can be called several times -- could
someone summarize those times for the record?
For example, it appears, that upon start-up the hook is called once to
check the syntax and then again -- for real. Mod-developers can check
by recording previous
04.06.2010 16:00, Nick Kew ???(??):
The answer is, yes you can and should use APR pools.
To translate this answer: no, there is no hook invoked, when a module
should clean-up... Thanks.
What about the rest of my question -- about the sequence of post_config
hook invocations?
-mi
Why does the apr_vformatter -- and thus all its callers (apr_psprintf,
logging-functions, etc.) reject the %p format (replacing it with words
``bogus %p'')?
The format is for outputting pointers and is supported by the
C-library's printf-family.
If this is a deliberate limitation, I'd like
08.06.2010 14:13, Mikhail T. ???(??):
Why does the apr_vformatter -- and thus all its callers (apr_psprintf,
logging-functions, etc.) reject the %p format (replacing it with words
``bogus %p'')?
The format is for outputting pointers and is supported by the
C-library's printf-family
Hello!
For whatever reasons, we are using cronolog with Apache. From one of our
httpd.conf files:
CustomLog ||cronolog -p 1day -H
/data/ti/servers/apache-/example/-prod/logs/access
/data/ti/servers/apache-/example/-prod/logs/access.%Y%m%d-%H%M combined
Note, the /absolute/ paths
24.09.2010 17:40, Eric Covener написав(ла):
work -- they aren't interpreted by anything and we simply get a /$DIR/logs
If it's set in the native environment when httpd is invoked, try ${DIR}
Awesome! That worked... Can you elaborate on why the plain $/var/ does
not work, but ${/var/} does?
Hello!
One of our scripts is using ncftpput to automatically upload a file. The script
invokes ncftpput with a -U flag to explicitly set the umask.
Though the file is successfully uploaded (with the default umask) there is with
a warning:
% ncftpput -U 0 localhost / /COPYRIGHT
Hello!
I'm trying to make some substitutions on the HTML-output generated by
mod_autoindex.
However, things quietly do not work... Even the simplest directive:
Substitute s/Parent/Father/
seems ignored -- and the browser is showing Parent Directory instead of
Father Directory.
Is this
Hello!
After disabling SSLv3:
SSLOptions ALL -SSLv3
we noticed, that curl itself and libcurl-using programs (such as git) stopped
working on some of the (older) systems -- such as RHEL5 -- when invoked against
the https-URLs pointing at the reconfigured servers.
Invoking curl with the -1
On 29.10.2014 04:37, Yann Ylavic wrote:
Forgot to mention the OP reproducer, that is with SSLProtocol ALL
-SSLv3 (with or without the patch), both SSLv2Hello and SSLv3Hello
(version SSLv3) are refused by httpd.
But if ALL is replaced with ANY, then the (patched) server will be
willing to advise
On 18.07.2015 15:43, Kean Johnston wrote:
On 7/18/2015 9:25 PM, Phil Lello wrote:
- UNIX-domain sockets
I personally think this could be very useful.
Me too. In particular, it is fairly common these days for
Varnish-proxy to run on the same server as the actual Apache. Having the
two
On 25.11.2015 18:21, Bert Huijben wrote:
> That Turkish ‘I’ problem is the only case I know of where the
> collation actually changes behavior within the usual western alphabet
> of ASCII characters.
Argh, yes, I see now, what the problem would be... Thank you,
-mi
On 25.11.2015 12:42, William A Rowe Jr wrote:
> If the script switches setlocale to turkish, for example, our
> forced-lowercase content-type conversion
> will cause "IMAGE/GIF" to become "ımage/gıf", clearly not what the
> specs intended.
I'm sorry, could you elaborate on this? Would not
On 25.11.2015 13:16, William A Rowe Jr wrote:
>
> Two variables, LC_CTYPE and LC_COLLATE control this text processing
> behavior. The above is the correct lower case transliteration for
> Turkish. In German, the upper case correspondence of sharp-S ß is
> 'SS', but multi-char translation is not
On 25.11.2015 14:10, Mikhail T. wrote:
>>
>> Two variables, LC_CTYPE and LC_COLLATE control this text processing
>> behavior. The above is the correct lower case transliteration for
>> Turkish. In German, the upper case correspondence of sharp-S ß is
>> 'S
On 24.11.2015 13:04, Yann Ylavic wrote:
> int ap_casecmpstr_2(const char *s1, const char *s2)
> {
> size_t i;
> const unsigned char *ps1 = (const unsigned char *) s1;
> const unsigned char *ps2 = (const unsigned char *) s2;
>
> for (i = 0; ; ++i) {
> const int c1 = ps1[i];
On 24.11.2015 10:08, William A Rowe Jr wrote:
> As long as this function is promoted for fast ASCII-specific token
> recognition and has no other unexpected equalities, it serves a useful
> purpose.
Because of this, I'd suggest renaming it to something, that emphasizes
it being ASCII-only.
On 23.11.2015 23:14, William A Rowe Jr wrote:
> L1 cache and other direct effects of cpu internal optimization.
Just what I was thinking. Attached is the same program with one more
pair of functions added (and an easy way to add more "candidates" to the
main-driver). I changed the FOR-loop define
On 23.11.2015 19:05, Yann Ylavic wrote:
> Here is the correct (new) test, along with the diff wrt the original
> (Christophe's) test.c.
BTW, if the program measures its own time, should it not use getrusage()
instead of gettimeofday()?
-mi
On 23.11.2015 17:43, Yann Ylavic wrote:
> with attachment...
There is a mistake somewhere in the optimized version:
./o 1 1 aa1a 0
Optimized (nb=1, len=0)
time = 0.611311 : res = 0
The result should not be zero. Indeed, the string.h version is correct:
./o 0
On 23.11.2015 19:05, Yann Ylavic wrote:
> while (ucharmap[*ps1] == ucharmap[*ps2++]) {
> if (*ps1++ == '\0') {
> return (0);
> }
> }
> return (ucharmap[*ps1] - ucharmap[*--ps2]);
Is there really a gain in inc- and decrementing this way? Would not it
be
On 23.11.2015 19:43, Yann Ylavic wrote:
> No measured difference in my tests, I guess it depends on likelyhood to
> fail/succeed early in the string or not.
? I don't see, where it wins anything -- but I do see, where it loses a
little...
> That's expected (or at least no cared about in this test
81 matches
Mail list logo