t) for use with authorization and downstream REMOTE_USER
processing.
Paul J. Reder
On 09/08/2009 11:09 AM, Graham Leggett wrote:
Udo Rader wrote:
Maybe a more concrete sample can help clarify what I am talking about,
here's my approximate setup:
SSLVerifyClient require
SSLRequireSSL
On 08/20/2009 12:00 AM, William A. Rowe, Jr. wrote:
Hardening Enterprise Apache Installations Against Attacks by Sander Temme
Heh... Couldn't you just buy Sander a beer and ask him nicely not to attack
your Apache installation?
Sorry... I couldn't resist.
--
Pau
this return 414 when it gets APR_ENAMETOOLONG or is it valid to return
403?
--
Paul J. Reder
---
"The strength of the Constitution lies entirely in the determination of each
citizen to defend it. Only if every single citizen feels duty b
OVERRIDE, but if it was designed to be explicit then the user would
have specific control over each authbit along the way.
Paul J. Reder
Brad Nicholes wrote:
On 4/4/2008 at 11:37 AM, in message <[EMAIL PROTECTED]>, Chris
Darroch <[EMAIL PROTECTED]> wrote:
William A. Rowe, Jr. wrote:
, logically, it should be directory scoped.
I'm committing the doc now (directory scoped, to match the code I committed)
and I'll look at making sure the processing addresses that (via merge, etc).
Graham Leggett wrote:
Paul J. Reder wrote:
Now that you ask that question it makes me re
es be directory scoped or server scoped?" The rest
of the util_ldap directives are all server scoped. Is there any compelling
reason
that the referral directives would need to be alterable on a
directory-by-directory
(or htaccess) basis or should it be turned on/off a
st->compare_cache_size);
+ "[%" APR_PID_T_FMT "] ldap cache: Setting operation cache
size"
+ " to %ld entries.", getpid(), st->compare_cache_size);
return NULL;
}
@@ -2086,8 +2169,8 @@
st->connectionTimeout = atol(ttl);
ap_lo
rocessedFlag = 1;
What's the purpose of this?
Regards
Rüdiger
--
Paul J. Reder
---
"The strength of the Constitution lies entirely in the determination of each
citizen to defend it. Only if every single citizen feels duty bound
cache, node);
return NULL;
}
So IMHO the condition in the new if condition never becomes true and thus the
new code
would be the same as the old one.
Regards
Rüdiger
--
Paul J. Reder
---
"The strength of the
Okay, there is a 2.2.x branch version of the nested groups patch at
http://people.apache.org/~rederpj/NestedGroups_2.2.xBranch.diff
Nick Kew wrote:
On Sat, 28 Jul 2007 10:58:27 -0400
"Paul J. Reder" <[EMAIL PROTECTED]> wrote:
I'm quite certain that it applies since I
wrote:
Author: rederpj
Date: Fri Jul 27 14:22:36 2007
New Revision: 560386
URL: http://svn.apache.org/viewvc?view=rev&rev=560386
Log:
Add backport request for nested groups patch.
In view of the substantial authnz reworking in /trunk/,
are you sure this patch is compatible with 2.2?
--
Paul
I didn't commit it to 2.2.x. I committed it to trunk and submitted it for
backport.
Did I miss something?
Paul J. Reder
Ruediger Pluem wrote:
-1.
Please revert. You did not have enough votes for backport. You need to have
three votes for a backport and you only had your own one.
2.2.x i
h results for better performance, and reports
subgroup status in ldap-status.
I'll wait until Monday to commit this to trunk and submit for backport voting.
--
Paul J. Reder
---
"The strength of the Constitution lies entirely in the de
more
palatable.
Either way, the code is pretty much the same except for which files contain
which code.
In evaluating/verifying these patches you would look at either:
SplitRebind_Apache.diff + SplitRebind_apr-util.diff
-- OR --
AllApacheRebind.diff
--
Paul J.
ths included
and uses the cache_conditional logic for the top level code-path choice
(thus avoiding the whole filter adding issue).
Paul J. Reder
Bill Stoddard wrote:
Graham Leggett wrote:
Bill Stoddard wrote:
Stale objects are discarded and fetched from the origin server.
So we're missing all the c
OG_NOTICE, 0, s,
"CoreDumpDirectory not set; core dumps may not be written
for"
" child process crashes");
}
}
}
}
--
Paul J. Reder
---
"The strength of the Consti
ng.
Thanks,
--
Paul J. Reder
---
"The strength of the Constitution lies entirely in the determination of each
citizen to defend it. Only if every single citizen feels duty bound to do
his share in this defense are the constitutional rights sec
ert on tags and weakness... from what
I do know this looks good, but some doc for the function might be useful to
help folks know when they might be legally able to weaken a tag.
Paul J. Reder
Geoffrey Young wrote:
hi all
this is something I've been meaning to do for a while. as mod_include
d is thus a somewhat
seperate issue. (related, but seperate) I didn't mean my declaration to commit
as an end to discussing your issue.
--Geoff
--
Paul J. Reder
---
"The strength of the Constitution lies entirely in the determination
s other modules (such as mod_cache)
which would need to be updated to work properly. Moving the meets_condition
code may make the 304 related aspects of my patch irrelevant, but I suspect
it will still need to be there for other errors.
anyway, as usual, thanks for listening.
--Geoff
--
Paul J. Rede
tions.
I have to finish a piece of high priority work up today and tomorrow
and then, hopefully, I can get back to this.
Paul J. Reder
CASTELLE Thomas wrote:
Hello everyone,
I reported a few months ago a problem concerning mod_cache not sending a
"If-Modified-Since" when the cache is
nyone else?
This, or something like it, is needed to address the RFC violation of
not returning an Expires header in 304 responses. It may also be helpful
in solving other issues related to mod_headers or other filters that should
do some processing
lso be able to be worked around, but concerns
me enough to ask for other ideas.
--
Paul J. Reder
---
"The strength of the Constitution lies entirely in the determination of each
citizen to defend it. Only if every single citizen
) {
set_expiration_fields(r, expiry, t);
}
}
Ah, would you mind to use the other patch provided in the PR? IMHO the other
one addresses more the problem than the symptom.
nd
--
Paul J. Reder
---
"The str
fs));
/*
* a 'proper' LRU function would just be
* mobj->priority = mobj->total_refs;
*/
return -1*mobj->priority;
}
Thoughts?
--Cliff
--
Paul J. Reder
---
"The strength of the Co
g your Patch" at
http://httpd.apache.org/dev/patches.html. But there is also a new
section that discusses what level of code can be used for creating the
patch.
Comments?
Thanks,
Jeff
--
Paul J. Reder
---
"The strength of the
ince the code is all formatted in !"one true way" I'd have to vote to
keep it that way. IMHO, an exception for multiline conditionals would
just confuse things.
Now if we want to talk about reformatting *all* the code to the
"one true
, nor does
the message say which file this is referring to. Anyone know?
Regards,
Graham
--
--
Paul J. Reder
---
"The strength of the Constitution lies entirely in the determination of each
citizen to defend it. Only if every single ci
. The rest of the fixes will follow pretty close behind
and all will be submitted for backporting votes immediately.
--
Paul J. Reder
---
"The strength of the Constitution lies entirely in the determination of each
citizen to defend it. O
Well I would if I could, but it seems that /tmp is full and
cvs activity is failing for me.
Jeff Trawick wrote:
Paul J. Reder wrote:
Specifically, my thinking was that *I* wasn't the one who had
initially done the work and felt felt I shouldn't take credit
for anything other than
ff Trawick wrote:
[EMAIL PROTECTED] wrote:
rederpj 2003/07/15 14:03:10
Modified:.CHANGES
...
This should be simply
*) Eliminate creation of a temporary table in ap_get_mime_headers_core()
[Joe Schaefer <[EMAIL PROTECTED]>]
In the CVS commit message, put "Brian Pane,
+
+case 'p':
+case 'P':
+if (!strncasecmp(uri, "roxy:", 5)) { /* proxy: */
+return 6;
}
break;
}
uhmm. Why that? I bet that breaks some things, since prox
set" outside of the "pass" context.
I'm trying to prevent potential future confusion. Does that
make sense?
Paul J. Reder
André Malo wrote:
* Paul J. Reder wrote:
With the other changes, the way I read the patch was as:
if (ctx->state == PRE_HEAD) {
if (!empty) {
set" outside of the "pass" context.
I'm trying to prevent potential future confusion. Does that
make sense?
Paul J. Reder
André Malo wrote:
* Paul J. Reder wrote:
With the other changes, the way I read the patch was as:
if (ctx->state == PRE_HEAD) {
if (!empty) {
ternal condition... */
...
}
else {/* Entire brigade is middle chunk of SSI tag... */
...
}
My contention is simply that the reset should be coupled with
the pass, inside the if. Did I miss something in the patch?
Paul J. Reder
André Malo wrote:
*
If it exceeds BYTE_COUNT_THRESHOLD then
we forward the initial part of the brigade. This is to keep from
buffering up huge chunks of data.
I concur with the rest of the patch (from a visual perspective,
I haven't tested it).
Paul J. Reder
Cliff Woolley wrote:
yOn Wed, 9 Jul 2003, Ron Park wrote:
Thi
committed soon.
Thanks for the kickstart on this.
Paul J. Reder
CASTELLE Thomas wrote:
Thanks for looking into this Paul !
Concerning the second question, I totally agree with you. I tested it
and it works. It is obviously more logical...
I hope you will be able to integrate this patch in the n
g mod_disk_cache. So I used
the Etag and Last-Modified informations we can find in the
r->headers_out and r->err_headers_out. I don't know if it's correct, but
it seems to work now...
>
Thanks for looking to these patch and eventually integrate it in the
next Apache release !
Thanks
have a good reason why we can't remove these
lines and allow mod_cache to serve default welcome pages?
/* DECLINE urls ending in / ??? EGP: why? */
if (url[urllen-1] == '/') {
return DECLINED;
}
Allan
--
Paul J. Reder
-
the things I will be looking at over the
next several months, no promises on schedule though. Other things take
higher priority for me at the moment.
Currently the CacheSize directive does nothing for the disk cache so
it will be as efficient as you or I (or someone else) make it. :)
Paul J. Reder
l do when I get
back from Monticello late tonight.
(Can you put the corefile and matching binary somewhere that I can get to
it, if it's for some OS I happen to have access to? Might save me a bit
of time, which I'm short on at the moment.)
--Cl
nter (arg 3)
Oooh, yowtch... good call. I wasn't even looking at that part.
--Cliff
--
Paul J. Reder
---
"The strength of the Constitution lies entirely in the determination of each
citizen to defend it. Only if every sin
ll get the page foo.html.
I can spend more time tracking this if you want, but it won't be
till this afternoon.
--
Paul J. Reder
---
"The strength of the Constitution lies entirely in the determination of each
citizen to defend it.
le
to close out PRs)
--
Paul J. Reder
---
"The strength of the Constitution lies entirely in the determination of each
citizen to defend it. Only if every single citizen feels duty bound to do
his share in this defense are the constit
ld need to participate in a similar
exorcism of opinions... I assumed all committers were "worthy".
--
Paul J. Reder
---
"The strength of the Constitution lies entirely in the determination of each
citizen to defend it. Only
Content-Description:
Attached file: mod_cache.c.diff
Content-Type:
text/plain
Content-Encoding:
Base64
--
Paul J. Reder
---
"The strength of the Constitution lies entirely in the determination of each
citizen to defend it. Only if eve
e proof of concept with a clear direction.
Our first GA would have resulted in creation of 2.2-stable and 2.3-dev.
Anyway, the long and short of it is, I like the parallel streams, I like the
rules setup in the ROADMAP, I like odd=dev and even=stable, and I like officially
recognizing the wild, u
was seeing.
Thanks.
Brian Pane wrote:
> On Sat, 2002-10-12 at 20:26, Paul J. Reder wrote:
>
>>Okay, this takes care of item 4 from the list below. Thanks Brian, saves
>>me from having to do the commit. :)
>>
>>What about the other 3? Should they be fixed by t
ink the change from apr_time_t (apr_int64_t under
the covers) to apr_int64_t is going to remove the need for 1-3.
On Fri, 2002-10-11 at 16:04, Paul J. Reder wrote:
> I have run into a problem where the cache code randomly decides that a
> cached entry is stale or that the last modified d
apr_atoi64().
Please see the attached patch.
With no objections (and a litle help from someone who has APR commit
authority) I would like to commit this this weekend.
Thanks,
--
Paul J. Reder
---
"The strength of the Constitution lies
It looks to me like you and I are on the same path. I'm currently
fixing a problem related to freshness computations, but I'm also
looking in to why it seems to fetch files more than it needs to.
I'll let you know if I find anything. Please keep me posted.
Thanks,
Paul J. R
re and concat each brigade in cache->saved_brigade.
>> When the first brigade is cached, the r->headers_out are all
>> available, but when the others brigade are going throught the
>> mod_cache, there is no more r->headers_out.
>
>
>
> I
s site vulnerability was announced yesterday, we are
>>trying to announce the GA release 7 hours from now.
>>
>>
> I don't see this as a huge problem, to be honest. I think it's probably more
> important to get a .43 release ou
William A. Rowe, Jr. wrote:
> At 03:27 PM 10/1/2002, Paul J. Reder wrote:
>
>
>>Ryan Bloom wrote:
>>
>>
>>>On Tue, 1 Oct 2002, Paul J. Reder wrote:
>>>
>>>
>>>>I've been working on the caching code and ran across a cor
Ryan Bloom wrote:
> On Tue, 1 Oct 2002, Paul J. Reder wrote:
>
>
>>I've been working on the caching code and ran across a core dump...
>>
>>A particular file contains an SSI call to a cgi. The cgi causes a pipe
>>bucket to pass down the chain. cache_in_
e any amount of
time to complete, I would assume that the cache code should decide not
to cache any response with a pipe bucket, correct?
--
Paul J. Reder
---
"The strength of the Constitution lies entirely in the determination of each
Matthieu,
Could you possibly provide your changes as an attached diff instead of
the entire file. Your version of the file has changed the spacing of most
of the file so I can't easily determine what you changed.
Thanks,
Paul J. Reder
Matthieu Estrade wrote:
> Hi again,
>
> Ju
it possible to think that the cache_filter could be placed when
> mod_proxy finished to pass the "last" brigade,
> reading all the brigade and cache it ?
>
> regards,
>
> Matthieu
>
> Paul J. Reder wrote:
>
>> Actually, the problem is in the fact that
bout the proxy...
>>> Do you think it's possible to force the cache filter, be runned after
>>> all the proxy filters ?
>>
>>
>>
>> The cache filter is supposed to run after all the filters for maximum
>> caching advantage.
>>
>> Regards,
&g
cheMaxObjectSize 69
>>>
>>>
>>>
>>>Thanks,
>>>
>>>Jean-Jacques
>>>
>>>
>>>>>>[EMAIL PROTECTED] 09/10/02 02:25PM >>>
>>>>>>
>>>On Mon, Sep 09, 2002 at 02:41:33PM -0600, Bra
Ian Holsman wrote:
> On Thu, 12 Sep 2002 03:47:58 -0700, Paul J. Reder wrote:
>
>
>>Yes, I believe it should check r->args. I don't think you are stupid,
>>severely or otherwise... ;)
>>
> it should not make a difference really
> if r->args is
But I'm also factoring the hostname into key creation, which
also might be NULL. So even if the args issue could be ignored, the
hostname can't (or at least the possibility of 1 out of 2 NULL
can't be ignored).
Pier Fumagalli wrote:
> "Paul J. Reder" <[EMAIL PR
(p,r->uri, "?", r->args, NULL);
> } else {
> *key = apr_pstrdup(p,r->uri);
> }
>
> But I might be severely stupid...
>
> Pier
>
>
>
>
--
Paul J. Reder
---
"The stren
Kris,
I am in the process of adding virtual host info into the key
generation too. I'll include your work with mine if that's okay.
Paul J. Reder
Kris Verbeeck wrote:
> Hi,
>
> Some of our QA people discovered a problem when performing request
> with a query string
thread then
>reads the metadata bucket and deletes (or
>clears and recycles) the referenced pool after
>sending the response. This would mean, however,
>that the request pool couldn't be a subpool of
>the connection pool. The writer thread would have
>to b
et it
working as quickly as possible.
--
Paul J. Reder
---
"The strength of the Constitution lies entirely in the determination of each
citizen to defend it. Only if every single citizen feels duty bound to do
his share in this defense are
he headers. (Need to read through the code again).
>
> Btw, the Age: header inserted by mod_cache seems to be in
> microseconds or something like that (instead of seconds).
>
>
> - ask
>
>
--
Paul J. Reder
---
sen wrote:
>
>>
>>"CacheOn on" sounds pretty silly. Wouldn't it be better if it was
>>"CacheOn yes" or just "Cache on"? :-)
>>
>>
>> - ask
>>
>>--
>>ask bjoern hansen, http://www.askbjoernhansen.com/ !try; d
Will do.
Ask Bjoern Hansen wrote:
> On Tue, 27 Aug 2002, Paul J. Reder wrote:
>
>
>>Are you using the most recent head build of 2.0? There was a
>>fix applied recently to the header handling for mod_disk_cache.
>>
>>I am currently doing some work on the cachi
Are you using the most recent head build of 2.0? There was a
fix applied recently to the header handling for mod_disk_cache.
I am currently doing some work on the caching code, so I'll
look into this. Please let me know if you are on the latest
code.
Thanks,
Paul J. Reder
Ask Bjoern H
sen wrote:
>
>> "CacheOn on" sounds pretty silly. Wouldn't it be better if it was
>> "CacheOn yes" or just "Cache on"? :-)
>
>
> Or another question: What does CacheOn do that CacheEnable doe
By the way, this was submitted by me and reviewed by Jeff Trawick.
Paul J. Reder wrote:
> I am both embedding and attaching the APR fix since my e-mail editor
> seems to munge patches...
>
> This is to fix the command arg parsing for mod_ext_filter to provide
> the normal qu
/mod_ext_filter.c
apr/strings/apr_cpystrn.c
I will commit the CHANGES and mod_ext_filter.c changes. If someone in
APR would commit the apr_cpystrn changes I would appreciate it.
Thanks,
--
Paul J. Reder
---
"The strength of the Constitution
e from apr itself.
>>
>
> We already have it, and it is exported from APR. Look in
> strings/apr_cpystrn.c for apr_tokenize_to_argv.
>
> Ryan
>
>
>>Bill
>>
>>At 03:31 PM 8/19/2002, Paul J. Reder wrote:
>>
>>>After fixing the parse_cmd
in/awk
'{print
NR\":
\"
$N}'
The question I have is, shouldn't this break down into either
/bin/awk
'{print NR\": \" $N}'
or
have desk checked it and the concept looks fine.
At this point I would recommend finishing your testing and submit
all of your work (in parts if too big) and I or someone else will
commit it for you.
Thanks.
Paul J. Reder
Eric Prud'hommeaux wrote:
> On Thu, Aug 01, 2002 at 07:55:32PM
therwise I can
just do a more detailed look at your code with comments and commit
your patch for you.
Let me know.
By the way, how tested is your code?
Thanks,
Paul J. Reder
Eric Prud'hommeaux wrote:
> On Thu, Aug 01, 2002 at 08:52:49AM -0400, Bill Stoddard wrote:
>
>>mod_mem_
...as in stick a fork in it, its 'DONE". ;)
Rasmus Lerdorf wrote:
>>As it happens, DONE is defined to be -2. :-)
>>
>
> Ok, I will use that, but 'DONE' doesn't really give the impression of
> being a fatal error return va
ys. I just thought there was no sense fixing each of the
symptoms if there is a bigger problem, but Ryan pointed out that it
only *looked* the same. So, never mind...
Greg Ames wrote:
> "Paul J. Reder" wrote:
>
>>This looks exactly like the problem that Allan and I ran into
needs to be setup or tagged differently so that the
error doesn't go back through all the same code that generated the
error condition in the first place. Just a clueless guess on my part.
Paul J. Reder
Greg Ames wrote:
> Colm MacCárthaigh wrote:
>
>
>>also; anyone looking
f this document.
> Of particular note is that 1.3.26 addresses and fixes the issues noted
> in CAN-2002-0392 (mitre.org) [CERT VU#944335] regarding a vulnerability
> in the handling of chunked transfer encoding. We would like to thank
> Mark Litchfield of ngssoftware.com fo
n32 due to the addition of ap_strtol.c, so those will
> require attention. T&R's coming soon!!
>
> Thanks,
> Cliff
>
>
>
--
Paul J. Reder
---
"The strength of the Constitution lies entirely in the determina
cursion problem with HTTP-on-the-HTTPS port.
>
> Reported by: Paul J. Reder
> Submitted by: Ryan Bloom
>
> Revision ChangesPath
> 1.76 +7 -0 httpd-2.0/modules/ssl/ssl_engine_kernel.c
&g
Bad news. I just finished running
cvs update -dP httpd-2.0;cd httpd-2.0;make distclean;buildconf;config.nice;make;make
install
and tested it. The same thing still happens with the config I referenced earlier.
Any other ideas?
Paul J. Reder wrote:
> Hmmm, I missed them. I'm upda
t spinning.
>>
>
> Please update your tree. There were changes to how Apache handles
> calling ap_die and ap_discard_request_body() on Friday evening.
>
> Ryan
>
>
>
>
--
Paul J. Reder
---
"The
var files and the config to my test
> server, request a page.
>
> All three scenarios work for me on Linux. There is a problem in the 3rd
> case, which looks to be from a non-terminated string (bad, but not a
> buffer overflow, we just fo
ssl_io_filter_input after it notices ssl_connect fails in ssl_hook_process_connection).
Thanks for any pointers here.
--
Paul J. Reder
---
"The strength of the Constitution lies entirely in the determination of each
citizen to defend
gt;> improve on this.
>
>
> So -win32-build-src isn't terribly ambigious, or should we name it
> -win32-make-src, or simply -win32-src?
>
> Bill
>
>
>
--
Paul J. Reder
---
"The strength of the Con
i = pipe_get_passwd_cb(buf, bufsize, "", FALSE);
}
--
Paul J. Reder
---
"The strength of the Constitution lies entirely in the determination of each
citizen to defend it. Only if every single citizen feels
/* We let each thread update its own scoreboard entry. This is
> * done because it lets us deal with tid better.
> */
> rv = apr_thread_create(&threads[i], thread_attr,
>worker_thread, my_info, pchild);
&
.
And for an apples to apples comparisson, here is the status at the
1 hour mark (above). Requests per second has remained close to 100
the whole time. An extra 2 GB of data was sent, about 20,000 extra
req
starve even though there are a
small (but growing) number of new threads.
This patch allows the server to maintain a higher level of responsiveness
during the ramp up time.
Paul J. Reder
Jeff Trawick wrote:
> "Bill Stoddard" <[EMAIL PROTECTED]> writes:
>
> (I would have q
results may not hold up in the
long run...
Paul J. Reder
Aaron Bannert wrote:
> On Thu, Apr 25, 2002 at 11:30:54AM -0400, Bill Stoddard wrote:
>
>>Would someone care to see if this fixes the worker MPM performance problem reported
>>earlier on the list (request-per-second dro
t is only bogus if the content is changed, as it is with
>>>SSI requests. If the C-L filter can't verify the C-L, it should be
>>>removing it from the request. If it doesn't, that is the bug.
>>>
>>Isn't the filter that ch
Paul J. Reder
---
"The strength of the Constitution lies entirely in the determination of each
citizen to defend it. Only if every single citizen feels duty bound to do
his share in this defense are the constitutional rights secure.&
problem, not mod_include this time. :) I'm still tracking a different core
dump in mod_include. Hopefully I'll have it fixed soon.
Paul J. Reder
Doug MacEachern wrote:
> not sure if this is related to the bucket list change or mod_includes
> changes or what, but i just checked i
Nevermind. Should have read the rest of my mail before commenting. I see
that it has already been fixed. Sorry for the noise.
Paul J. Reder wrote:
> This is *not* equivalent code. In the deleted line the increment happens
> *after* the check. In the replacement line of code the inc
This is *not* equivalent code. In the deleted line the increment happens
*after* the check. In the replacement line of code the increment happens
during the check. This patch is wrong and should be backed out.
Paul J. Reder
[EMAIL PROTECTED] wrote:
> bnicholes02/03/28 16:39
That patch seems to solve at least one of the problems that I am seeing,
but I have at least one other problem and a core dump inside
send_parsed_content. I'm currently stepping though, trying to find the
source of the core dump.
I'll let you know what I find.
Paul J. Reder
Brian
at the latest.
Paul J. Reder
Paul J. Reder wrote:
> Okay, I have recreated at least two problems in include processing, one
> of which results in a core dump. I am in process of tracking them down.
> It might be tomorrow before I have a patch.
>
> Paul J. Reder
>
>
1 - 100 of 115 matches
Mail list logo