CGIs and HEAD requests
Hi! Is it possible for a CGI to handle HEAD requests? Mozilla uses HEAD for it's 'save link target' feature, which 'breaks' my web app - annoyingly every file (suggested to be downloaded) gets a .html extension as Apches 1.3 sends the default mime type. Is there a way to solve this problem in 1.3 or 2.0? If not should/could be done something about it? Masi
Re: [PATCH] A bug in table adjust function that causes a core dump (fwd)
On Thu, Jan 09, 2003 at 11:49:39AM -0500, Cliff Woolley wrote: Can anyone comment on this? shmht in 2.0 is quite unstable, there are several bugs in the table code like the one below (and some more nasty, like an off-by-one overflow) most of which are fixed in later versions of mod_ssl 2.8. Additionally the conversion of _shmht.c to the RMM API wasn't completed - it breaks as the apr_rmm_*alloc functions return zero when the segment is full. In my testing, shmht still wasn't stable under moderate SSL load even with all the above fixed. I just removed it from our httpd package - shmcb is really the session cache of choice and there's little reason to use shmht these days. --Cliff -- Forwarded message -- Date: Thu, 09 Jan 2003 13:48:59 +0100 From: Bernd Steinert [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: [PATCH] A bug in table adjust function that causes a core dump On Thursday, 5 December 2002, Cliff Wooley replied: On Thu, 5 Dec 2002, Bernd Steinert wrote: on November 11 Kirill Shirkov reported a bug in the table_adjust function that causes core dumps. He described how the core dumps can be reproduced. Some colleague of mine confirmed this behaviour. I must have missed the patch... can someone repost it for me (and CC: me and Ralf on it), and put [PATCH] at the beginning of the subject line of the message. Thanks a lot Cliff for the immediatereply. (unfortunaltely I missed it before going on holidays.) Here is what Kirill Shirkov wrote on Friday, November 11, 2002 --- his fix is at the end: Hi folks, I have found a bug in table_adjust function, and I haven't seen any reports about this error in the mailing list. Also, this error is not fixed in the current version of mod_ssl (2.8.12). THE BUG - ssl_util_table.c file, line 1755: buckets = (table_entry_t **) table_p-ta_calloc(buck_n, sizeof(table_entry_t *)); if (table_p-ta_buckets == NULL) return TABLE_ERROR_ALLOC; buckets variable is not checked here and this causes a coredump when the table size is big and there is no memory for reallocating the buckets. Below is a stack dump from Solaris 8 running Apache 1.3.26 + mod_ssl 2.8.10 + OpenSSL 0.9.6g: ... --- called from signal handler with signal 11 (SIGSEGV) --- 00089b60 table_adjust (0, fe0a09cc, fe09ea84, 0, 3e9, fe08cdd8) + d0 00081cac ssl_scache_shmht_expire (1, 20, fe0e436c, 4, 31, fe08e438) + 130 00081a24 ssl_scache_shmht_store (94, 18aef0, 20, bb8200, bb81b8, 1ad4e0) + 11c 0007b7e0 ssl_callback_NewSessionCacheEntry (bb8200, 3dc42bfb, 7b784, 1ad4e0, bb81b8, ba65e0) + 5c fe64c584 ssl_update_cache (a1c458, 2, 21c1, 1ad4e0, 1, a1c458) + a8 fe63ef14 ssl3_accept (a1c458, 2100, 21c0, 3004, 90, 0) + 8c8 fe64d520 SSL_accept (a1c458, fe63e64c, 1, ba1088, 10, ba109a) + 24 fe648d94 ssl23_get_client_hello (2a, 70, 2, ffbef100, 1, a1c458) + 7cc fe648528 ssl23_accept (a1c458, fe648388, 1a1f70, 0, 6f757400, 6f757400) + 1a0 fe64d520 SSL_accept (a1c458, 79d30, 12c, 0, 16fab0, 17cee0) + 24 00079730 ssl_hook_NewConnection (908cc0, 178000, 1781d0, ffbef2cc, 16fa34, 806478) + 2b4 0004c4a0 new_connection (163b1c, 45415049, 908cc0, ffbef344, ffbef344, 3) + 114 0004d470 child_main (173400, 173400, 173400, ff36b228, ff365958, ff35efb8) + 634 ... HOW TO REPRODUCE -- I was able to reproduce the error in the following way: 1. Set SSLSessionCacheTimeout to 20 minutes 2. Set SSLSessionCache size to 1024000 (or a value that is close to your EAPI_MM_CORE_MAXSIZE). 3. Set ExtendedStatus to On 4. Start the server and run a script like the following one: #!/usr/local/bin/bash i=0 while expr $i \ 400 /dev/null; do echo $i i=`expr $i + 1` for j in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15; do curl -I https://your.host/ done sleep 1 done BTW, you may interrupt the script when the current sessions parameter at the bottom of the server status page (https://your.host/server-status) have stopped growing. 5. Wait 25 minutes from the time you have started the script and reload the server status page or access the server over SSL. Most likely you will see a core dump. THE FIX If we change the if statement like this:.. if (table_p-ta_buckets == NULL || buckets == NULL) return TABLE_ERROR_ALLOC; ...the server doesn't dump core in the test. Another solution to this problem is to decrease shared memory size in the config file. Best regards, Kirill Shirokov, St. Petersburg, Russia. --- Dr. Bernd Steinert kippdata GmbH Tel.: 0228 - 9 85 49 0 Bornheimer Str. 33a Fax: 0228 - 9 85 49 50 D-53111 Bonn eMail: [EMAIL PROTECTED]
Re: [patch] include/util_filter.h
On Fri, Jan 10, 2003 at 12:41:38PM +1100, Stas Bekman wrote: Jeff Trawick wrote: ... As has been mentioned many times before on this list, if a patch isn't committed or commented on, you have to remind us. There are as many whys for this requirement as there are httpd committers trying to juggle multiple responsibilities. Consider us reminded, but not chastised. Many of us have been playing hookey through the holidays and have all manner of todos to catch up with. It's understandable. But it doesn't help to make other people want to contribute. Volunteers only have so much time to contribute. I don't think it is fair to get upset at people because they aren't providing you with enough of their time. The only reason I persist is because I work on mod_perl and mod_perl relies on httpd things, so I *need* things to be fixed (e.g. because we autogenerated docs from httpd header files in this particular case). We know, but there is still the question of available time. It would certainly be nice to do everything we can to help another ASF project, but it does seem rather obvious that the current set of maintainers just can't keep up with the load requested of us from our users (not to mention the stuff that various people want to see complete and to work on). Others who submit things they have noticed wrong, but don't really require a fix, move on, when their posts/patches are ignored, so the efforts are just getting lost. Quite unfortunate, but that is life. What more do you expect? People have limited bandwidth, and can only see and track so much. And that is also focused on what is interesting to me. That is simply the way it works. Yes, it would be good to see every single patch, and to track every single one, but the developers are simply busy busy busy. You are talking about httpd committers having multiple responsibilities, but I think you really mean multiple itches to scratch. Don't even start. You have no idea what kinds of responsibilities people have, so it is totally unfair of you to imply something else. Jeff says he has a bunch of other responsibilities. Great. He does. Don't try and tell him or us that he doesn't, unless you happen to stand in his shoes, too. The real truth is that Jeff works for IBM and part of his job responsibility is to work on Apache. Great for us. But his efforts are going to be extremely bound to the commercial needs of IBM. Certainly, there is a personal component over and above IBM's needs, but then you're really moving into personal interests. And you can't claim that time for yourself; that's Jeff's time. Perhaps the httpd project could benefit from having a pumpkin, similar That isn't part of our culture. I don't think it would work here. The httpd group doesn't have any notion of central authority, so a pumpkin isn't going to receive the kind of mandate that Perl pumpkins get. And there isn't a Larry here to bestow the pumpkin title on anybody. Central authorities definitely help with moving projects forward, but you can't simply swoop in and impose such a thing. ... If that was the case, things (especially simple ones like my patch) won't fall between chairs, leading to more inspiration from users to help. It could, but it also (obviously) requires somebody to track the incoming patches, analyze them, assess their cost/benefit, and then to apply them. The time that people have and are making available to httpd doesn't seem to be satisfying your notion of timeliness. What do you suggest? That people are required to put in more time to get to your patch? Where is that time coming from? People are a limited resource. When you stop to consider their desires and what they choose to work on, then the amount of time available to any particular endeavor is going to be limited. Cheers, -g -- Greg Stein, http://www.lyra.org/
Re: Tagged the tree
Just discovered a critical error in Apache for NetWare that prevents Apache from being run in protected address space. I have committed the fix in os/netware/util_nw.c in the httpd-2.0 branch. Can this fix be added to the tag? Brad Nicholes Senior Software Engineer Novell, Inc., the leading provider of Net business solutions http://www.novell.com [EMAIL PROTECTED] Monday, January 06, 2003 7:18:20 PM Hi, I tagged the tree with STRIKER_2_0_44_PRE2. The tag consists of APACHE_2_0_BRANCH and apr/apr-util HEAD. If you feel that something should not be in here, please let me know ASAP. Please test this for the upcoming days. It would be really nice to finally be able to get this particular release out. Hopefully by the weekend... Thanks, Sander
RE: CGIs and HEAD requests
I just tested HEAD with a CGI and its behaviour is the same from 1.3.2X and 2.0.43 Notice the ETag: line which I have the CGI emit. This is proof that the cgi is being run. apache2.0.43: [root@linux11 htdocs]# telnet linux11 80 Connected to linux11. Escape character is '^]'. HEAD /a.cgi HTTP/1.0 HTTP/1.1 200 OK Date: Fri, 10 Jan 2003 15:43:57 GMT Server: Apache/2.0.43 (Unix) ETag: 1042213437 Connection: close Content-Type: text/html; charset=ISO-8859-1 apache1.3.X: Ibmx- /wic/web/dietz telnet ibmx 80 Connected to ibmx. Escape character is '^]'. HEAD /dietz/a.cgi HTTP/1.0 HTTP/1.1 200 OK Date: Fri, 10 Jan 2003 15:41:11 GMT Server: Apache/1.3.22 (Unix) mod_ssl/2.8.5 OpenSSL/0.9.6c ETag: 1042213272 Connection: close Content-Type: text/html -Original Message- From: Martin Kutschker [SMTP:[EMAIL PROTECTED]] Sent: Friday, January 10, 2003 3:01 AM To: [EMAIL PROTECTED] Subject: CGIs and HEAD requests Hi! Is it possible for a CGI to handle HEAD requests? Mozilla uses HEAD for it's 'save link target' feature, which 'breaks' my web app - annoyingly every file (suggested to be downloaded) gets a .html extension as Apches 1.3 sends the default mime type. Is there a way to solve this problem in 1.3 or 2.0? If not should/could be done something about it? Masi
RE: Tagged the tree
From: Brad Nicholes [mailto:[EMAIL PROTECTED]] Sent: Friday, January 10, 2003 4:48 PM Just discovered a critical error in Apache for NetWare that prevents Apache from being run in protected address space. I have committed the fix in os/netware/util_nw.c in the httpd-2.0 branch. Can this fix be added to the tag? Sure. Guys, don't worry, I'm keeping track of this thread ;). I'll have some time tonight to tag _PRE3, which we should consider to become .44. Sander
Re: EOS bucket in RESOURCE filters
Stas Bekman wrote: Is it possible that the RESOURCE filters don't get the EOS bucket? anything is possible in software ;-) but that would be pretty broken IMO. I don't recall seeing cases recently where we don't send EOS down the complete output filter chain. I'm working on filter examples which use context to maintain status/keep remainder data between filter invocations for the same request. For some reason I don't get the EOS bucket, so I don't know how to flush the data stored in the filter context. I do see EOS in CONNECTION filters. I've tried to look at the existing modules for an example, but I didn't find any RESOURCE filters that use the context. mod_includes's filter has tons of variables in its ctx and uses them frequently. I sometimes wonder if this contributes to the number of bugs we've seen in it. It certainly should be a RESOURCE filter. The OLD_WRITE filter also stashes stuff in its ctx IIRC, and should be a RESOURCE filter. Greg
using module
Hi to everybody. I'm developing a module that modify the html content. I have no server at home, so i work on my linux workstation. Can I use a module that modify the file requested from a client on my PC (it's not a server). I mean, I can SetHandler on a location and I can see the module, but if I want that the module interacts with the file the clinet has asked, how I can do it? I hope to be clear, Fabio __ Mio Yahoo!: personalizza Yahoo! come piace a te http://it.yahoo.com/mail_it/foot/?http://it.my.yahoo.com/
core.c not handling APR_ENOTIMPL from apr_sendfile
Without this I believe Win98/ME are broken
on HEAD and APACHE_2_0_BRANCH. OK to commit?
Allan
Index: core.c
===
RCS file: /home/cvs/httpd-2.0/server/core.c,v
retrieving revision 1.225.2.1
diff -u -d -b -r1.225.2.1 core.c
--- core.c 9 Jan 2003 16:27:25 - 1.225.2.1
+++ core.c 10 Jan 2003 17:46:16 -
@@ -3972,6 +3972,11 @@
sent */
flags); /* apr_sendfile flags*/
+if (APR_ENOTIMPL == rv) {
+rv = emulate_sendfile(net, fd, hdtr, foffset, flen,
+ bytes_sent);
+}
+
if (logio_add_bytes_out bytes_sent 0)
logio_add_bytes_out(c, bytes_sent);
}
Index: core.c
===
RCS file: /home/cvs/httpd-2.0/server/core.c,v
retrieving revision 1.225.2.1
diff -u -d -b -r1.225.2.1 core.c
--- core.c 9 Jan 2003 16:27:25 - 1.225.2.1
+++ core.c 10 Jan 2003 17:46:16 -
@@ -3972,6 +3972,11 @@
sent */
flags); /* apr_sendfile flags*/
+if (APR_ENOTIMPL == rv) {
+rv = emulate_sendfile(net, fd, hdtr, foffset, flen,
+ bytes_sent);
+}
+
if (logio_add_bytes_out bytes_sent 0)
logio_add_bytes_out(c, bytes_sent);
}
Re: Fwd: Re: Error
not acked. -- #ken P-)} Ken Coar, Sanagendamgagwedweinini http://Golux.Com/coar/ Author, developer, opinionist http://Apache-Server.Com/ Millennium hand and shrimp! ---BeginMessage--- - Start Forwarded Message - Subject: Re: Error Now, if you absolutely MUST contact a real person, please send a message to [EMAIL PROTECTED]. -- Ken Coar, Director Apache Software Foundation Dear Sirs, This link is not useful since the MD5 file's checksum is not correct for the *.MSI installable package it belongs to: http://www.apache.org/dist/httpd/binaries/win32/apache_2.0.43-win32-x86-no_ssl.msi.md5 Can you fix this ASAP? Yours sincerely Gaute T. - End Forwarded Message - ---End Message---
Re: core.c not handling APR_ENOTIMPL from apr_sendfile
Allen,
The test above the block of code... (apr _file_flags_get(fd) APR_SENDFILE_ENABLED)
should be false... If you look at
the code in Win32's apr_file_open() you will notice the case
ELSE_WIN_OS_IS_ANSI causes us to reset the ENABLED bit.
I'm much more concerned why that flag isn't reset on Win32
than hacking in the quick-fix below.
Bill
At 01:09 PM 1/10/2003, you wrote:
Without this I believe Win98/ME are broken
on HEAD and APACHE_2_0_BRANCH. OK to commit?
Allan
Index: core.c
===
RCS file: /home/cvs/httpd-2.0/server/core.c,v
retrieving revision 1.225.2.1
diff -u -d -b -r1.225.2.1 core.c
--- core.c 9 Jan 2003 16:27:25 - 1.225.2.1
+++ core.c 10 Jan 2003 17:46:16 -
@@ -3972,6 +3972,11 @@
sent */
flags); /* apr_sendfile flags*/
+if (APR_ENOTIMPL == rv) {
+rv = emulate_sendfile(net, fd, hdtr, foffset, flen,
+ bytes_sent);
+}
+
if (logio_add_bytes_out bytes_sent 0)
logio_add_bytes_out(c, bytes_sent);
}
Index: core.c
===
RCS file: /home/cvs/httpd-2.0/server/core.c,v
retrieving revision 1.225.2.1
diff -u -d -b -r1.225.2.1 core.c
--- core.c 9 Jan 2003 16:27:25 - 1.225.2.1
+++ core.c 10 Jan 2003 17:46:16 -
@@ -3972,6 +3972,11 @@
sent */
flags); /* apr_sendfile flags*/
+if (APR_ENOTIMPL == rv) {
+rv = emulate_sendfile(net, fd, hdtr, foffset, flen,
+ bytes_sent);
+}
+
if (logio_add_bytes_out bytes_sent 0)
logio_add_bytes_out(c, bytes_sent);
}
Re: Tagged the tree
Sander Striker wrote: I'll have some time tonight to tag _PRE3, which we should consider to become .44. I don't know how/what you are planning to tag, but I'd sure like to see my server/core.c patch in there to fix the fd leaks on keepalive connections. Last time I looked, it was the latest rev on either the 2.0 branch or HEAD. Thanks in advance, Greg
Re: cvs commit: httpd-2.0 CHANGES configure.in
Justin Erenkrantz wrote: --On Thursday, January 09, 2003 16:51:54 -0500 Greg Ames [EMAIL PROTECTED] wrote: * apr-util's make dies with Makefile:23: /tmp/inst_apr/bin/build/rules.mk: No such file or directory make: *** No rule to make target `/tmp/inst_apr/bin/build/rules.mk'. Stop. hmmm, looks like apr-util's ./configure --help is telling a fib when it says --with-apr can point to apr's install directory. It can't, but seems to work OK if you point it at apr's source tree. It can. My guess is that you have a symlink somewhere. sure, I have symlinks somewhere, but not in the path to /tmp/inst_apr (previous try) or /tmp/apr_inst (latest attempt), which are the paths I specified for --prefix when I configured apr. apr-config can get confused in certain circumstances when there is a symlink so that the prefix that was originally passed to apr-config is invalid. maybe it gets confused in other circumstances too. But I know how to work around this one so it's not high impact to me. gawk: /home/gregames/apache/httpd-2.0.44.pre1.no_apr/build/make_exports.awk:138 : (FILENAME=/home/gregames/apache/httpd-2.0.44.pre1.no_apr/os/unix/unixd.h FNR=141) fatal: cannot open file `/home/gregames/apache/httpd-2.0.44.pre1.no_apr/srclib/apr/include/*.h' for reading (No such file or directory) My apr install directory is /tmp/inst_apr, so it does have the characters apr in its name. APR_INCLUDEDIR=`$apr_config --includes | sed 's|^.*-I\([[^ ]]*apr[[^ ]]*\).*$|\1|'` yikes! You have to get the above sed rule from httpd-2.0's configure.in to fire correctly. It's very fragile and very wrong, but it works in some predictable edge cases. I haven't had the time to figure out exactly what the edge case is other than that apr-0.9.2 seems to work. Perhaps it is something to do with apr being at the end of the directory name? well, /tmp/apr_inst didn't work either :-( The bottom line to me is that I have no huge concern with copying a couple of extra files at ./buildconf time. Even though I like the concept, it bothers me to say 2.0 stable supports a separate apr install. It just doesn't feel very stable to me when I can't get it to work after two days off-and-on, on Linux no less! Of course I want to be sure libtool 1.3 works in 2.0.44 no matter what. Greg
RE: Tagged the tree
From: Greg Ames [mailto:[EMAIL PROTECTED]] Sent: Friday, January 10, 2003 8:46 PM Sander Striker wrote: I'll have some time tonight to tag _PRE3, which we should consider to become .44. I don't know how/what you are planning to tag, but I'd sure like to see my server/core.c patch in there to fix the fd leaks on keepalive connections. Last time I looked, it was the latest rev on either the 2.0 branch or HEAD. Sure, no prob. However, my sincere apologies for this, my body prefers sleep over tagging right now (I got myself dragged into a hacking session on something else and look at the time...). I'll ask Karen to pardon me in the morning/afternoon tomorrow while I tag the tree... Sander
Re: Forward port Require file-owner/file-group; need review and help ;-)
* André Malo wrote: that functionality was not ported into 2.x yet. For summary look at the attachment, please ;-) I've created a module mod_authz_owner, which basically ports the functionality, but with some enhancements. Both requirements should work on every system where APR_HAS_USER. (or at least throw an appropriate error message - think of the differences between Win9x, WinNT, 2k etc.) hmm, I guess, you're all occupied. However, I think, I'll commit it within some days and we'll see further then? [fullquote without attachments follows:] The goal of the module is to do all the neccessary file system work to figure out username and groupname. Require file-owner is completely resolved within the module. file-group is only determined there and the groupname will be extracted from the stat call and stored within the r-notes. Done that, the module will decline, so that the group database modules (mod_authz_groupfile, mod_authz_dbm) can verify the groupname with their lists. Thus every group module that supports the file-group requirement must be hooked after mod_authz_owner. They have to recognize file-group and read the groupname from r-notes. (If there's no name stored, the modules ignore the file-group requirement). The backstopper module will do its work in worst case. However, there are some problems, that need help and further review: - is that note principle ok (in concept?) or is there a better way to communicate? - I defined slightly different semantics of AuthzOwnerAuthoritative. It acts as file-owner and file-group were defined in different modules. So if set to On, only one of them will be recognized and if it fails, a 401 response will happen. If Off, both may be recognized and the best match will be done. I'm not sure, whether this is good or bad, opinions are desired :) - the module doesn't work as one could expect if the file doesn't exist in the first request round (consider MutliViews) (the 1.3 version has the same problem). I played around with some subrequest techniques, but got no helpful result. Is there any magic to recognize the actual resulting filename? Or can we safely send OK if the file doesn't exist (instead of 401)? - generally - are there any style issues, I have violated? ;-) TIA, nd -- If God intended people to be naked, they would be born that way. -- Oscar Wilde
