Re: blocking vs non-blocking apr_bucket_read()
On Sat, 12 Jan 2008 19:18:10 -0500 Christina Fu [EMAIL PROTECTED] wrote: Hi, I am writing a connection level input and output filter. I have confusions about whether to use APR_NONBLOCK_READ or APR_BLOCK_READ when calling apr_bucket_read() function. Could someone advise the guidelines of using blocking vs non-blocking bucket read? There's nothing specific to Apache. Blocking reads are easier to work with, but preclude certain forms of optimisation. I have seen situations when I use APR_NONBLOCK_READ to read a heap bucket, it returns status of APR_SUCCESS but length is zero. Sounds unlikely, unless the bucket had length zero. It should only make a difference on streaming bucket types. Is this case, what shall I do with this bucket? shall I read it again with blocking? or pass it and process the next bucket? If you've nothing better to do, then yes. A filter function can also return to its caller if you don't want blocking. -- Nick Kew Application Development with Apache - the Apache Modules Book http://www.apachetutor.org/
Re: [Apache Module] Request External Redirection
On Mon, Jan 14, 2008 at 03:50:25PM +0100, karim Bendadda wrote: Thanks for your answer! But I don't understand the second way to implement it?? it can respond with a Location: header and a status of 302.?? On 1/14/08, Joe Lewis [EMAIL PROTECTED] wrote: karim Bendadda wrote: I'm writing a module (MyModule_mod.c) wich has an *HTTP request* as input . I want to add an information to the request (an integer) and redirect it to an *external *server ...Did you know any method for doing this? There are two paths. The server can PROXY to the external server (e.g. grab the result from the external server and then relay that to the client) or it can respond with a Location: header and a status of 302. Figure out which you wanted to do, and if you struggle to implement it, let us know. In your handler, you would do something like this to implement the latter: /* set a Location: header and 302 redirect. */ /* assemble the url by appending the filename to a baseurl */ uri = apr_pstrcat(r-pool, baseurl, filename, NULL); apr_table_setn(r-headers_out, Location, uri); return HTTP_MOVED_TEMPORARILY; Peter -- WARNING: This bug is visible to non-employees. Please be respectful! SUSE LINUX Products GmbH Research Development pgpm6ZSxphXgE.pgp Description: PGP signature
Re: [Apache Module] Request External Redirection
Dr. Peter Poeml wrote: On Mon, Jan 14, 2008 at 03:50:25PM +0100, karim Bendadda wrote: Thanks for your answer! But I don't understand the second way to implement it?? it can respond with a Location: header and a status of 302.?? On 1/14/08, Joe Lewis [EMAIL PROTECTED] wrote: karim Bendadda wrote: I'm writing a module (MyModule_mod.c) wich has an *HTTP request* as input . I want to add an information to the request (an integer) and redirect it to an *external *server ...Did you know any method for doing this? There are two paths. The server can PROXY to the external server (e.g. grab the result from the external server and then relay that to the client) or it can respond with a Location: header and a status of 302. Figure out which you wanted to do, and if you struggle to implement it, let us know. In your handler, you would do something like this to implement the latter: /* set a Location: header and 302 redirect. */ /* assemble the url by appending the filename to a baseurl */ uri = apr_pstrcat(r-pool, baseurl, filename, NULL); apr_table_setn(r-headers_out, Location, uri); return HTTP_MOVED_TEMPORARILY; Peter Exactly! What it does is forces the web client to go to the external server and request the resource/URI rather than the web server getting it for the web client. It's a standard in the HTTP protocols that 302 response codes work in a specific fashion. Joe -- Joseph Lewis http://sharktooth.org/ Divide the fire, and you will sooner put it out. - Publius Syrus
Re: [Apache Module] Request External Redirection
Thank you for your help! How can I call the Redirect directive into the module??, In fact in the module I have a function that make an LDAP connection I want to do something like that: request_rec* my_request; //The request with new information if(my_function(user_is_defined_in_ldap)==true) Redirect my_request new_Url else Do_nothing On 1/14/08, Dr. Peter Poeml [EMAIL PROTECTED] wrote: On Mon, Jan 14, 2008 at 03:50:25PM +0100, karim Bendadda wrote: Thanks for your answer! But I don't understand the second way to implement it?? it can respond with a Location: header and a status of 302.?? On 1/14/08, Joe Lewis [EMAIL PROTECTED] wrote: karim Bendadda wrote: I'm writing a module (MyModule_mod.c) wich has an *HTTP request* as input . I want to add an information to the request (an integer) and redirect it to an *external *server ...Did you know any method for doing this? There are two paths. The server can PROXY to the external server (e.g . grab the result from the external server and then relay that to the client) or it can respond with a Location: header and a status of 302. Figure out which you wanted to do, and if you struggle to implement it, let us know. In your handler, you would do something like this to implement the latter: /* set a Location: header and 302 redirect. */ /* assemble the url by appending the filename to a baseurl */ uri = apr_pstrcat(r-pool, baseurl, filename, NULL); apr_table_setn(r-headers_out, Location, uri); return HTTP_MOVED_TEMPORARILY; Peter -- WARNING: This bug is visible to non-employees. Please be respectful! SUSE LINUX Products GmbH Research Development -- Karim
Re: [Apache Module] Request External Redirection
karim Bendadda wrote: Thank you for your help! How can I call the Redirect directive into the module??, In fact in the module I have a function that make an LDAP connection I want to do something like that: request_rec* my_request; //The request with new information if(my_function(user_is_defined_in_ldap)==true) Redirect my_request new_Url else Do_nothing Do_nothing should be return DECLINED in the handler. Redirect my_request new_URL should be almost verbatim the code that the Doc (Peter Poeml) included. Let me just snip down through to his example to make it a little more obvious. In your handler, you would do something like this to implement the latter: /* set a Location: header and 302 redirect. */ /* assemble the url by appending the filename to a baseurl */ uri = apr_pstrcat(r-pool, baseurl, filename, NULL); apr_table_setn(r-headers_out, Location, uri); return HTTP_MOVED_TEMPORARILY; And there is the how to. Recall, though, that this kind of thing shouldn't be in an input filter, but a handler. (It may, in theory, be workable in a filter, but a filter is supposed to alter input not handle requests, and a handler is supposed to give the response of the 302 or data or decline to handle it.) Joe -- Joseph Lewis http://sharktooth.org/ Divide the fire, and you will sooner put it out. - Publius Syrus
Re: [Apache Module] Request External Redirection
karim Bendadda wrote: I did that , I have a redirection to the new url but it seems that it's just a redirection , the HTTP request doesn't get in the new URl: there is my code: The only two options again are to proxy to the external server, or redirect the client to the external server. If you don't want a redirection at the web browser, you will have to proxy the request. I do not know about setting up a hook into mod_proxy to have a request proxied - it's something I've never done, but there should be many people who have done it. Anyone with any short examples? Joe -- Joseph Lewis http://sharktooth.org/ Divide the fire, and you will sooner put it out. - Publius Syrus
Re: [Apache Module] Request External Redirection
How can I see if my module really redirect the request?? (by the ap_log_error for example) Thank you very much for your precisous help! On 1/14/08, Joe Lewis [EMAIL PROTECTED] wrote: karim Bendadda wrote: I did that , I have a redirection to the new url but it seems that it's just a redirection , the HTTP request doesn't get in the new URl: there is my code: The only two options again are to proxy to the external server, or redirect the client to the external server. If you don't want a redirection at the web browser, you will have to proxy the request. I do not know about setting up a hook into mod_proxy to have a request proxied - it's something I've never done, but there should be many people who have done it. Anyone with any short examples? Joe -- Joseph Lewis http://sharktooth.org/ Divide the fire, and you will sooner put it out. - Publius Syrus -- Karim
Re: [Apache Module] Request External Redirection
karim Bendadda wrote: How can I see if my module really redirect the request?? (by the ap_log_error for example) Thank you very much for your precisous help! You should see the URL change in the browser to the new location. -- Joseph Lewis http://sharktooth.org/ Divide the fire, and you will sooner put it out. - Publius Syrus
Re: svn commit: r606190 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_init.c modules/ssl/ssl_engine_kernel.c modules/ssl/ssl_toolkit_compat.h
Thanks for the detailed response and sorry for the slow follow-up, Kaspar. I'll just deal with the main issue for the time being: On Wed, Jan 02, 2008 at 05:36:22PM +0100, Kaspar Brand wrote: Has a configuration with an SSLVerifyClient specified in the named vhost been tested? Yes, and one specific configuration actually made me tweak the code in the servername callback further: when modifying the SSL connection, OpenSSL's SSL_set_SSL_CTX() will only adjust the server cert from the context, but not additional settings like verify_mode and the verify callback. These are relevant when SSLVerifyClient is configured at the *per-server* context (i.e. at the vhost level), and the previous version of the patch failed to enforce such a configuration, at least in cases where SSLVerifyClient for the first (=default) VirtualHost was different than for any subsequent VirtualHosts. This still seems like a big issue to me. There are other settings in the SSL_CTX which are relevant to the initial handshake - and indeed, later renegotiations - notably the CA used for client cert verification, and the list of CA cert names which is sent to the client (to allow selection of a pertinent client cert). If I understand correctly, the current code is relying on ssl_hook_Access to perform a *second* handshake which will ensure that the named vhost's access control configuration is enforced, if necessary? This seems like a hack - it should be done in the initial handshake, since it theoretically can - and requiring a second handshake invokes the spectre of PR 12355 and associated problems. I don't think it's even a sufficient hack: ssl_hook_Access will not check for situations where per-vhost settings have changed from the initial handshake (since without SNI, this cannot occur). e.g. for a config where the initial vhost has a different SSLCACertificate* to the named vhost, and 'SSLVerifyClient require' in both; ssl_hook_Access will do nothing. (It may seem pedantic to bring up pathological config examples like this, but silently failing to implement the configured access control, however crazy, is certainly a security issue.) joe
Re: [VOTE] Apache HTTP Server 1.3.41, 2.0.63 and 2.2.8
On Jan 13, 2008, at 11:54 PM, Roy T. Fielding wrote: On Jan 11, 2008, at 6:09 AM, Jim Jagielski wrote: I am calling for a release VOTE on the above releases of Apache HTTP Server (1.3.41, 2.0.63 and 2.2.8). +1 2.2.8 (Darwin 8.11.0; powerpc-apple-darwin8-gcc-4.0.1) +1 2.0.63 (with a few warning messages) -1 1.3.41 (compiles, but default layout on Darwin doesn't respect prefix) Hrm... Roy, is this a regression from 1.3.39?
Re: [VOTE] Apache HTTP Server 1.3.41, 2.0.63 and 2.2.8
[+1] Apache HTTP Server 2.2.8 on SINIX-i386 -- [EMAIL PROTECTED]| Fujitsu Siemens http://www.fujitsu-siemens.com/imprint.html | 81730 Munich, Germany
Re: [Apache Module] Request External Redirection
Sorry but I'm a beginer on developping Apache modules...Thank you for your patience... I dont't understand this: /* set a Location: header and 302 redirect. */ Does'it mean to make this??: Location /my_module Redirect /my_module http://10.112.3.20/test /Location Then I tried this: static int my_module_handler (request_rec *r){ /* assemble the url by appending the filename to a baseurl */ uri = apr_pstrcat(r-pool, http://10.112.3.20/test;, my_module, NULL);/**/ apr_table_setn(r-headers_out, my_module, uri); return HTTP_MOVED_TEMPORARILY; } Am I wrrong?? Is that means my request is redirected to http://10.112.3.20/test?? On 1/14/08, Joe Lewis [EMAIL PROTECTED] wrote: karim Bendadda wrote: Thank you for your help! How can I call the Redirect directive into the module??, In fact in the module I have a function that make an LDAP connection I want to do something like that: request_rec* my_request; //The request with new information if(my_function(user_is_defined_in_ldap)==true) Redirect my_request new_Url else Do_nothing Do_nothing should be return DECLINED in the handler. Redirect my_request new_URL should be almost verbatim the code that the Doc (Peter Poeml) included. Let me just snip down through to his example to make it a little more obvious. In your handler, you would do something like this to implement the latter: /* set a Location: header and 302 redirect. */ /* assemble the url by appending the filename to a baseurl */ uri = apr_pstrcat(r-pool, baseurl, filename, NULL); apr_table_setn(r-headers_out, Location, uri); return HTTP_MOVED_TEMPORARILY; And there is the how to. Recall, though, that this kind of thing shouldn't be in an input filter, but a handler. (It may, in theory, be workable in a filter, but a filter is supposed to alter input not handle requests, and a handler is supposed to give the response of the 302 or data or decline to handle it.) Joe -- Joseph Lewis http://sharktooth.org/ Divide the fire, and you will sooner put it out. - Publius Syrus -- Karim
Re: [Apache Module] Request External Redirection
karim Bendadda wrote: Sorry but I'm a beginer on developping Apache modules...Thank you for your patience... I dont't understand this: /* set a Location: header and 302 redirect. */ Does'it mean to make this??: No, that is just a C comment. Location /my_module Redirect /my_module http://10.112.3.20/test /Location This is a pre-build hard coded redirection module that does something very similar to : static int my_module_handler (request_rec *r){ /* assemble the url by appending the filename to a baseurl */ uri = apr_pstrcat(r-pool, http://10.112.3.20/test;, my_module, NULL);/**/ apr_table_setn(r-headers_out, my_module, uri); return HTTP_MOVED_TEMPORARILY; } However, you have two things that are wrong in your code. The resulting uri would be http://10.112.3.20/testmy_module; because the apr_pstrcat() function tacks the two strings together. If you already know the full URL, you can skip the uri= line and set the headers_out. Which brings up the other issue. The apr_table_setn must be setting a Location header in order to meet the redirection standard. Yours is setting my_module. Replace my_module with Location, and then whatever is in the uri parameter is going to the web browser as the location header, and it should contact the new server/resource. Joe -- Joseph Lewis http://sharktooth.org/ Divide the fire, and you will sooner put it out. - Publius Syrus
Re: [VOTE] Apache HTTP Server 1.3.41, 2.0.63 and 2.2.8
On Jan 11, 2008, at 9:09 AM, Jim Jagielski wrote: I am calling for a release VOTE on the above releases of Apache HTTP Server (1.3.41, 2.0.63 and 2.2.8). Pre-release tarballs of Apache HTTP Server 1.3.41, 2.0.63 and 2.2.8 are available for download and test at: http://httpd.apache.org/dev/dist/ Their availability does not constitute an official release. Voting will close in 72 hours (~9am, eastern, on Monday Jan. 14th) I am keeping voting open, simply because we don't have a lot of votes currently... PMC members especially, please download, test and vote.
Re: [VOTE] Apache HTTP Server 1.3.41, 2.0.63 and 2.2.8
On Mon, 14 Jan 2008 11:58:53 -0500 Jim Jagielski [EMAIL PROTECTED] wrote: I am keeping voting open, simply because we don't have a lot of votes currently... PMC members especially, please download, test and vote. 2.2.8: Linux clear +1, MacOSX tentative +1 (tentative because my perl installation fails some tests due to failures in the perl, not in the server). 2.0.62: +1 on Linux. 2.0.63 not tested, but the changes are negligible, aren't they? -- Nick Kew Application Development with Apache - the Apache Modules Book http://www.apachetutor.org/
Re: [VOTE] Apache HTTP Server 1.3.41, 2.0.63 and 2.2.8
Nick Kew wrote: 2.0.62: +1 on Linux. 2.0.63 not tested, but the changes are negligible, aren't they? svn diff --notice-ancestry \ http://svn.apache.org/repos/asf/httpd/httpd/tags/2.0.62 \ http://svn.apache.org/repos/asf/httpd/httpd/tags/2.0.63 although diffing the tarballs is really what you want to do. Unfortunately, a +1 for .62 doesn't help :)
Re: [VOTE] Apache HTTP Server 1.3.41, 2.0.63 and 2.2.8
On Jan 14, 2008, at 8:57 AM, Jim Jagielski wrote: On Jan 13, 2008, at 11:54 PM, Roy T. Fielding wrote: On Jan 11, 2008, at 6:09 AM, Jim Jagielski wrote: I am calling for a release VOTE on the above releases of Apache HTTP Server (1.3.41, 2.0.63 and 2.2.8). +1 2.2.8 (Darwin 8.11.0; powerpc-apple-darwin8-gcc-4.0.1) +1 2.0.63 (with a few warning messages) -1 1.3.41 (compiles, but default layout on Darwin doesn't respect prefix) Hrm... Roy, is this a regression from 1.3.39? No, so never mind. +1 on 1.3.41 -- I was finally able to get it to work after adding --with-layout=Apache and manual configuration. The server seems to be working fine. I have not been able to get the perl test framework to run on 1.3. Roy
Re: [VOTE] Apache HTTP Server 1.3.41, 2.0.63 and 2.2.8
On Jan 14, 2008, at 3:20 PM, Roy T. Fielding wrote: -1 1.3.41 (compiles, but default layout on Darwin doesn't respect prefix) It never has. There's absolute paths in the layout file. Hrm... Roy, is this a regression from 1.3.39? No, so never mind. +1 on 1.3.41 -- I was finally able to get it to work after adding --with-layout=Apache and manual configuration. The server seems to be working fine. --with-layout=Apache does the trick for me. I have not been able to get the perl test framework to run on 1.3. Here's my saved config.status for Apache 1.3, invoked with --prefix for a particular compile: ./configure \ --with-layout=Apache \ --enable-module=so \ --enable-module=rewrite \ --enable-module=vhost_alias \ --enable-module=proxy \ --enable-module=info \ --enable-module=status \ $@ This runs the test suite as well as possible. No SSL, because it doesn't come with the server. No DAV for the same reason. A bunch of tests fail, but no regressions from one version to the other. . S. -- Sander Temme [EMAIL PROTECTED] PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [VOTE] Apache HTTP Server 1.3.41, 2.0.63 and 2.2.8
I am calling for a release VOTE on the above releases of Apache HTTP Server (1.3.41, 2.0.63 and 2.2.8). Pre-release tarballs of Apache HTTP Server 1.3.41, 2.0.63 +1 1.3.41 on NetWare (NOTICE and NetWare copyright were not updated; I've fixed these in SVN now). +1 2.0.63 on NetWare +1 2.2.8 on NetWare all build fine and work; tested the 2.x also with SVN 1.4.6 and PHP 5.2.5 and found no issues so far. Guenter.