Re: New ServerUID directive

Tue, 06 Feb 2018 03:18:07 -0800 

On 06/02/2018 11:54, Stefan Eissing wrote:



Am 06.02.2018 um 11:45 schrieb Helmut K. C. Tessarek <tessa...@evermeet.cx>:

On 2018-02-06 05:13, Yann Ylavic wrote:

Sorry for what is probably (my) bad english, "fixed" meant "the same
after restart (or stop/start)".

Right, but isn't the virtual host's server name/port config after the
restart the same as well? Why do you need a new separate unique identifier?

And should you ever change the port number and/or the virtual host's
server name, then this virtual host won't be the same after a restart
anyway.

Either I'm missing something here, but I still don't understand the
reason for a unique identifier, when you already have one.

You are missing that Yann exactly wants to do that.

Only as consideration for people who prefer otherwise, he considered to
introduce a ServerUID directive.

Now, he tried several times to get the discussion back to what a good
*automatic* id for the load balancer is,



Ah, for the fortunate that have so much traffic they need the 'lb'. And 
I imagine, for that 'automatic' is fine. Never had to use one though - 
so no idea how hard they are to configure/manage. However, I expect I 
would rather "not care" how the internals work for giving me a vhost 
ServerID. Why should I care - after a restart whether the value 
generated is the same or not.



That said - what could I do with a ServerID (forget the unique for the 
moment).



Again, my first thoughts are with regard to 'security' aka 'access 
control'. Could I use (or is there already something I am unaware of) a 
ServerID in <Directory> blocks, e.g., with <Require> - so that I can 
specify access control in terms of the <vhost> rather than as attributes 
of clients. Might all be nonsense - asin - this is just me brainstorming.



I guess my question is closer to: are there ways to manage 'access 
control' based on the server configuration and the physical resources 
(mainly thinking files). What is more manageable? What is easier to 
report on/with (to a non-httpd specialist). What is easier to audit/log, 
perhaps in separate logs?



  but everyone keeps discussing
directives...

*Waves Jedi Hand*: "Forget the directive..."

(* Michael blinks - what were we talking about? *)



Or at least one that can be used from a combination of several fields in
the server struct.

What am I missing?

--
regards Helmut K. C. Tessarek              KeyID 0x172380A011EF4944
Key fingerprint = 8A55 70C1 BD85 D34E ADBC 386C 1723 80A0 11EF 4944

/*
   Thou shalt not follow the NULL pointer for chaos and madness
   await thee at its end.
*/




























					Reply via email to