Doesn't
+else {
+/* default - only act if starts-with "text/" or contains "xml" */
+wanted = !strncmp(ctype, "text/", 5) || strstr(ctype, "xml");
+}
suffer from the same problem as the original code ? So if the user did not
give any "xml2Types" the default behaviour will h
> And it's also important to keep Apache httpd-x64 code current with the new
> Windows Server + Visual Studio versions, since that's the most cases I
know
> of around.
Let's not hijack the 2.4.8 T&R thread for yet another round of this topic.
On Fri, Feb 7, 2014 at 1:18 PM, Eric Covener wrote:
is inspected before the session is decoded?
>
>
> On Fri, Jan 24, 2014 at 5:11 AM, Graham Leggett wrote:
>
>> On 16 Jan 2014, at 5:15 PM, Thomas Eckert
>> wrote:
>>
>> > I've had this deployed for some time now and it works just fine. Did
>> this ju
o something good :-)
On Mon, Jan 27, 2014 at 9:29 AM, Graham Leggett wrote:
> On 27 Jan 2014, at 9:58 AM, Thomas Eckert
> wrote:
>
> > When doing this please keep in mind there is a huge amount of users out
> there who are not developers and who will struggle with something
When doing this please keep in mind there is a huge amount of users out
there who are not developers and who will struggle with something like
> [^/]+)>
> Alias /var/lib/%{env:MATCH_BAR}/baz
> …stuff...
>
As long as they are reusing the same code under the hood, I don't think
there is anythi
gress
on this front. Thanks !
On Wed, Jan 22, 2014 at 4:42 PM, Graham Leggett wrote:
> On 22 Jan 2014, at 5:36 PM, Thomas Eckert
> wrote:
>
> Some time ago I put up HTTP to HTTPS redirects in place which now needed
> an update so they would not only work for constant host names
Some time ago I put up HTTP to HTTPS redirects in place which now needed an
update so they would not only work for constant host names but use the
'Host' header information as target host.
So a simple
Redirect permanent / https://example.org/
wasn't enough. I wanted to avoid using mod_rewrite (no
d about the mod_xml2enc
though. Seeing how it inserts itself into the output filter chain, above
mod_proxy_html patch might actually result in xml2enc attaching itself
*behind* deflate - which is bad. I haven't figured out how to work around
this yet. Any suggestions on how to do this ?
I've had this deployed for some time now and it works just fine. Did this
just fall asleep or is further explanation desired ?
On Fri, Dec 13, 2013 at 9:10 AM, Thomas Eckert
wrote:
> Must have made some mistake when testing it yesterday because it works
> like a charm. Suggesting
> IIRC the OP wants to decompress such contents and run them
> through mod_proxy_html. I don't think that works with any sane
> setup: running non-HTML content-types through proxy_html
> will always be an at-your-own-risk hack.
What I want is a (preferrably as simple as possible) method of config
on" even if the
backend did not choose to do so.
On Thu, Dec 19, 2013 at 4:01 AM, Nick Kew wrote:
>
> On 18 Dec 2013, at 14:47, Thomas Eckert wrote:
>
> > No, yes and I tried but couldn't get it to work. Following your advice I
> went along the lines of
>
> Yes
headers at this point, I found r->headers_in to contain the client
request whereas r->headers_out was empty. Doesn't this tell me I'm doing
all of this too early ?
On Tue, Dec 17, 2013 at 12:47 PM, Nick Kew wrote:
>
> On 17 Dec 2013, at 10:32, Thomas Eckert wrote:
>
&g
I've been over this with Nick before: mod_proxy_html uses mod_xml2enc to do
the detection magic but mod_xml2enc fails to detect compressed content
correctly. Hence a simple "ProxyHTMLEnable" fails when content compression
is in place.
To work around this without dropping support for content compre
Why offer an option to a directive which makes it behave differently AND
have an explicit directive for that exact behaviour ? I see no gain from
this but a lot of potential harm in terms of user confusion. Better be
explicit and unambiguous -> 2)
On Mon, Dec 16, 2013 at 6:37 AM, Christophe JAILL
ure the expiry and maxage are set, if present */
On Thu, Dec 12, 2013 at 10:11 PM, Tom Evans wrote:
> On Thu, Dec 12, 2013 at 7:30 PM, Graham Leggett wrote:
> > On 12 Dec 2013, at 16:57, Thomas Eckert
> wrote:
> >
> >> The patch does not help but I think it got me on t
et(zz->uuid);
+*z = zz;
+
return rv;
}
}
but that didn't do the trick. Going to take another look at it tomorrow.
On Thu, Dec 12, 2013 at 12:25 AM, Graham Leggett wrote:
> On 09 Dec 2013, at 10:50 AM, Thomas Eckert
> wrote:
>
&g
nformation from without the
patch, I would like to know.
On Sun, Dec 8, 2013 at 12:33 PM, Micha Lenk wrote:
> Hi Thomas,
>
> Am 03.12.2013 18:04, schrieb Thomas Eckert:
> > Now suppose the following
> >
> > [...]
> > 32 user fills in and submits form
> > 3
So it should work out of the box. I figured as much but was unsure whether
I hit a bug or forgot a configuration directive. Will look into it once I
have the time :-/
On Sun, Dec 8, 2013 at 2:42 PM, Graham Leggett wrote:
> On 04 Dec 2013, at 11:53 AM, Thomas Eckert
> wrote:
>
patch. I hope I'll get around for it sometime until January.
Until then I'll just see this as declined.
On Thu, Dec 5, 2013 at 5:26 PM, Yann Ylavic wrote:
> On Thu, Dec 5, 2013 at 5:04 PM, Thomas Eckert > wrote:
>
>> > It also seems that it adds more cycles to
ann.
> >
> >
> > On Thu, Dec 5, 2013 at 1:51 PM, Jan Kaluža wrote:
> > Hi,
> >
> > should this be fixed in trunk already? I see some commits in proxy code
> based on your ideas Yann, but I'm not sure if they address this particular
> problem too.
> &g
llexport)
>
> #else
>
> #define PROXY_DECLARE(type)__declspec(dllimport) type __stdcall
>
> #define PROXY_DECLARE_NONSTD(type) __declspec(dllimport) type
>
> #define PROXY_DECLARE_DATA __declspec(dllimport)
>
> #endif
>
>
>
> Rega
27; the login form's action.
On Mon, Nov 25, 2013 at 6:55 PM, Graham Leggett wrote:
> On 25 Nov 2013, at 7:30 PM, Thomas Eckert
> wrote:
>
> > > If I have misunderstood, and you simply want all the old cookies
> > > ignored and/or removed, then just list the ne
th the login form even though the user
just submitted the correclty filled-in form. Instead, the custom provider
should go on using the credentials it was given.
In the custom provider, is there a way to know about the difference with
currently existing means ?
On Tue, Dec 3, 2013 at 4:45 PM, Graham
n 03 Dec 2013, at 1:27 PM, Thomas Eckert
> wrote:
>
> > I have been having problems with mod_auth_form on returning DENIED from
> my custom auth provider. This provider has it's own module-local session
> cache, where stuff like accessible paths, credentials and the like are
I have been having problems with mod_auth_form on returning DENIED from my
custom auth provider. This provider has it's own module-local session
cache, where stuff like accessible paths, credentials and the like are
stored to avoid having to query an external (and expensive) authentication
daemon.
Trying to add a hook to mod_auth_form via
diff --git a/include/mod_auth.h b/include/mod_auth.h
index 9b9561e..74e2dc6 100644
--- a/include/mod_auth.h
+++ b/include/mod_auth.h
@@ -134,6 +134,8 @@ APR_DECLARE_OPTIONAL_FN(void, ap_authn_cache_store,
(request_rec*, const char*
>
>
> ProxyPassReverse /path https://mybackend.local:443/path
>
> ProxyPassReverse /path https://mybackend.local/path
>
>
>
> Or
>
> ProxyPassReverse / https://mybackend.local:443/
>
> ProxyPassReverse / https://mybackend.local/
>
> Regard
correct.
>
>
>
> BTW: ProxyPassReverse does not change anything to your balancer setup.
>
>
>
> Regards
>
>
>
> Rüdiger
>
>
>
> *Von:* Thomas Eckert
> [mailto:thomas.r.w.eck...@gmail.com]
>
> *Gesendet:* Mittwoch, 27. November 2013 11:54
> *An:* d
assReverse / http://backend:8080/
>
>
>
> There the port matters.
>
>
>
> Fix for your issue:
>
>
>
> ProxyPassReverse / https://mybackend.local
>
> ProxyPassReverse / https://mybackend.local:443
>
>
>
> Regards
>
>
>
> Rüd
, Plüm, Rüdiger, Vodafone Group <
ruediger.pl...@vodafone.com> wrote:
> IMHO this should be fixed in the configuration with an additional
> mapping that has the port in. In many cases the port matters.
>
>
>
> Regards
>
>
>
> Rüdiger
>
>
>
> *From:* T
I've been debugging some problems with incorrectly reverse mapped Location
headers and found some backend servers (e.g. OWA for Exchange 2013) to give
headers like
Location: https://myserver:443/path/file?query
which I think are perfectly fine. mod proxy fails to do the trick because
e
wrote:
> On Mon, Nov 25, 2013 at 1:34 PM, Thomas Eckert
> wrote:
> > Thanks but I'm no sure if that's what I am looking for. I want to get
> rid of
> > the old sessions (with the old key) and replace them with new ones (with
> the
> > new key).
&
?
On Mon, Nov 25, 2013 at 1:48 PM, Graham Leggett wrote:
> On 25 Nov 2013, at 2:43 PM, Thomas Eckert
> wrote:
>
> Switching mailing list from users to dev becazse to me this does not
> appear to be a configuration problem. Anyone care to give a hint ?
>
>
> and redirecting the
Switching mailing list from users to dev becazse to me this does not appear
to be a configuration problem. Anyone care to give a hint ?
-- Forwarded message --
From: Thomas Eckert
Date: Mon, Nov 18, 2013 at 9:36 AM
Subject: Re: unsetting encrypted cookies when encryption key
essing
> that constitutes an API change for proxy...
>
> On Nov 8, 2013, at 5:17 AM, Thomas Eckert
> wrote:
>
> > I'm looking at an issue with this log message
> >
> > AH00526: Syntax error on line 6 of myconfig.conf: BalancerMember
> worker hostname
I'm looking at an issue with this log message
AH00526: Syntax error on line 6 of myconfig.conf: BalancerMember worker
hostname (---dd-eee-ff.us-east-1.elb.amazonaws.com)
too long
with the root cause being (modules/proxy/mod_proxy.h)
#define PROXY_WORKER_MAX_HOSTNAME_S
Thanks for the patch, so far it's looking good. I'll get back to you once I
have more information.
On Wed, Nov 6, 2013 at 4:09 PM, Jim Jagielski wrote:
> try this:
>
>
>
> On Nov 6, 2013, at 9:59 AM, Thomas Eckert
> wrote:
>
> > It is not mentioned specif
s should only stick around if we want to
> persist state across restarts.
>
> On Nov 6, 2013, at 8:39 AM, Thomas Eckert
> wrote:
>
> > As of late I'm seeing a lot of
> >
> > AH01179: balancer slotmem_create failed
> >
> > error messages which prev
As of late I'm seeing a lot of
AH01179: balancer slotmem_create failed
error messages which prevent apache2 from starting. I do have
DefaultRuntimeDir /var/run/apache2
set. For some reasons there appear to be "left-over" .shm files in the
DefaultRunTimeDir between stop-starts/restarts which
(active_thread_count >= ap_daemons_limit * threads_per_child)
>
> which is only worried about if:
>
> (idle_thread_count < min_spare_threads)
>
> On Oct 18, 2013, at 10:22 AM, Thomas Eckert
> wrote:
>
> > Hey folks,
> >
> > there's been quite a
Hey folks,
there's been quite a few issues with the "scoreboard is full, not at
MaxRequestWorkers" error log message. From what I've found all of them
involved some sort of heavy traffic. I've been wondering about the root
cause for this but now I have a reverse proxy showing this message right
af
Sorry for the delayed reply. At the moment I don't have time to look at the
patch proposal in detail, sorry about that too. I'll get back to it soon, I
hope.
> Pre-fetching 16K (or waiting for input filters to provide these) is not
always a fast operation, and the case where the backend closes its
Yann, although I do expect it to solve the issue discussed here, I don't
think simply flushing everything instantly is the right way to go. For
example, how do the proposed changes work with modules which scan the
request body like mod_security ? A lot of scanning/parsing can only be done
in a sen
u = apr_pstrdup(r->pool, &url[l2]);
} else {
u = apr_pstrcat(r->pool, ent[i].fake, &url[l2],
NULL);
I'm using ProxyPassReverse in a rather limited fashion. Do you see
situations where the above fails ?
On Wed, Sep 25, 2013 at 12:31 PM, Nick
I'm facing the problem that I have to use ProxyPassReverse inside a
container, which is not really supported as documented in
the last paragrpah at
http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassreverse
I find the 'workaround' mentioned in the docs quite useless:
"The same occur
> One could do an 'OPTIONS *' request. But I am not sure if that is any
better than proxy-initial-not-pooled in terms of performance.
I don't see why an OPTIONS request should not encounter problems where a
GET request will. After all, the problem is on the transport layer, not on
the application
t; +1 for the theory, but I'm not sure if it's feasible or not.
>
> On Aug 2, 2013, at 5:28 AM, Thomas Eckert
> wrote:
>
> > So I've been seeing lots of "proxy: error reading status line from
> remote server" by mod_proxy lately. Usually this is cau
So I've been seeing lots of "proxy: error reading status line from remote
server" by mod_proxy lately. Usually this is caused by the race condition
between checking the connection state and the backend closing the
connection due to the keep-alive timeout. As Covener pointed out to me in
IRC, using
In a reverse proxy scenario, I want to do the following
1) read incoming request A and keep it on hold
2) set up connection to backend for (new) request B
3) send request B and read response over that backend connection
4) "bind" that backend connection to request A so that mod_proxy will use
that
Looking at the code for creating sub requests (ap_sub_req_lookup_* and
ap_sub_req_method_uri) I get the impression sub requests always have to
remain "inside" the path of their original request's URI. That is, the path
specified as the new URI for the before mentioned function calls is
appended to
n't mean the problem isn't the same for you.
True but one is still better then none ;-)
Cheers,
Thomas
On Fri, May 24, 2013 at 11:12 AM, Graham Leggett wrote:
> On 24 May 2013, at 11:03 AM, Thomas Eckert
> wrote:
>
> > How did you investigate into this ? I'l
14:31, Thomas Eckert wrote:
>
> >
>
> Thanks.
>
> Looks a lot like the patch I hacked up but have yet to test or commit :)
>
> --
> Nick Kew
>
w to
configure itself.
Cheers,
Thomas
On Wed, May 29, 2013 at 8:20 PM, Nick Kew wrote:
>
> On 29 May 2013, at 14:28, Thomas Eckert wrote:
>
> > I saw the following
> >
> > /* only act if starts-with "text/" or contains "xml" */
> > if
You do not need to expose pools to users through your API to make their
usage thread safe. Identify the spots which can trigger pool access and
wrap some thread safety mechanism around them, e.g. mutexes. APR does
supply you with good means to get your code thread safe - just use it ;-)
Look up
Downloading a .docx file through a HTML rewriting reverse-proxy suddenly
increased file size by 5 kB. So looking at
modules/filters/mod_xml2enc :: static apr_status_t
xml2enc_ffunc(ap_filter_t* f, apr_bucket_brigade* bb)
I saw the following
/* only act if starts-with "text/" or contains "x
talking apache 2.2.22 here and updating it is - unfortunately - also
out of question :-/
On Fri, May 24, 2013 at 10:46 AM, Graham Leggett wrote:
> On 24 May 2013, at 10:38 AM, Thomas Eckert
> wrote:
>
> > Why would the per_dir_config be NULL here ? I don't think that should
&
I'm trying to investigate some core dumps in mod_security and currently
face this
(gdb) bt
#0 0xf6efc232 in create_tx_context (r=0x1eac8ed0) at mod_security2.c:325
#1 0xf6efc606 in hook_error_log (file=0x80a51bd "http_filters.c",
line=493, level=3, status=104, s=0x18144178, r=0x1eac8ed0, mp=0x0,
> Just wondering if we also have a problem with the pool
> as well... if base doesn't have a proxy, we don't have
> the subpool.
Looks like it. At least I don't see a reason why Nick's reasoning would
apply to the mutex but not to the pool.
> BTW, wondering if instead of leaking proxy_mutex we
>
> BTW: I ask myself why we need a global mutex to protect a pool. Wouldn't
a thread mutex be sufficient?
I figured accessing a pool inside a module config is something that needs
to be protected across process boundaries, hence the global lock. Are
module configs not globally unique in the sense t
status or some other way as long as it's there.
On Wed, May 8, 2013 at 1:18 AM, Daniel Ruggeri wrote:
> On 5/7/2013 2:00 PM, Jim Jagielski wrote:
> > Agreed... An "all or nothing" setting will likely create more
> > trouble than not.
> >
> > On May 7, 20
Attached patch contains a directive to improve the error marking of
workers. Basically, some errors will cause a worker to be marked as "in
error" while others don't. I can't see a reason for this so I added a
directive to have all errors mark the error correctly - especially useful
for automated s
> However, looking at your patch, having to lock the mutex for
> ap_proxy_get_worker() looks wrong. I think it should be passed r->pool
> instead of conf->pool.
I checked how ap_proxy_get_worker() is used in other places and also what
is done with the pool inside and you are right. It really shoul
kes managing that pool a lot eaiser in the
future. It's really only 2 lines that have to be edited.
On Sat, May 4, 2013 at 8:20 PM, Micha Lenk wrote:
> Hi Stefan,
>
> Am 03.05.2013 14:09, schrieb Stefan Fritsch:
> > On Thursday 02 May 2013, Thomas Eckert wrote:
> >> &
e client
_incorrectly_ if the client reached the reverse proxy through
"other_name.local". With the second patch we can just omit the last
argument to the directive (which really is redundant anyway) and have
mod_proxy insert the correct value by itself.
On Mon, Apr 22, 2013 at 10:33 AM,
Lately, I've been seeing httpd/mod_proxy seg faulting in reverse proxy
setups, frequency increasing.
#0 apr_palloc (pool=0x8b52518, in_size=16) at memory/unix/apr_pools.c:684
#1 0xf756fc10 in apr_pool_cleanup_register (p=0x8b52518, data=0x8b52528,
plain_cleanup_fn=0xf756edb0 ,
child_cleanup_
Any news here ? I would like this to get included since it fixes what I
think is a real lack of usability - see my previous example as to the 'why'
and 'how'.
On Thu, Apr 4, 2013 at 11:34 AM, Thomas Eckert
wrote:
> Suppose you have several balancers defined, each with
stname of the client requests. I found no way to do that
with the existing code but I also feel like having missed something in
regards to using %{HTTP_HOST} - maybe some behind-the-scenes-magic I am
unaware of?
On Thu, Apr 4, 2013 at 10:43 AM, Nick Kew wrote:
>
> On 3 Apr 2013, at 0
To make the directive more useful I suggest the attached patches.
The first one will make the directive use balancer ids to look up matching
worker names instead of just dumping the balancer name into the cookie -
which is obviously never useful at all.
The second one will default an empty second
I'm trying to make ProxyPassReverseCookieDomain understand two things it
apparently does not understand at the moment: accept 1) balancer names and
2) variables as arguments. For the first problem I was able to come up with
a patch based on the code for the ProxyPassReverse directive (see below).
69 matches
Mail list logo