Re: mod_deflate and vary accept-encoding
On 13 Aug 2010, at 8:25 PM, Bryan McQuade wrote: In looking at the source for mod_deflate: http://www.google.com/codesearch/p?hl=en#lfs-jRjrQ3s/trunk/modules/ filters/mod_deflate.cl=524 It appears to insert Vary Accept-Encoding header into every candidate response by default, which is what you would expect. But the instructions here: http://httpd.apache.org/docs/2.0/mod/mod_deflate.html suggest adding a line to manually add Vary Accept-Encoding to responses: # Make sure proxies don't deliver the wrong content Header append Vary User-Agent env=!dont-vary Is this Header append Vary User-Agent env=!dont-vary necessary or does mod_deflate now add the Vary Accept-Encoding header by default? One extra thing on varying on the useragent string - we (very large UK based media website) recently sampled about a week's worth of User- Agent strings, and came up with roughly 1 million unique strings, which in the process renders caching meaningless. Ideally people shouldn't be varying on useragent, and we shouldn't be suggesting people to do so in any documentation if we can avoid it. Regards, Graham --
Bug report for Apache httpd-1.3 [2010/08/15]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | |10744|New|Nor|2002-07-12|suexec might fail to open log file| |10747|New|Maj|2002-07-12|ftp SIZE command and 'smart' ftp servers results i| |10760|New|Maj|2002-07-12|empty ftp directory listings from cached ftp direc| |14518|Opn|Reg|2002-11-13|QUERY_STRING parts not incorporated by mod_rewrite| |16013|Opn|Nor|2003-01-13|Fooling mod_autoindex + IndexIgnore | |16631|Inf|Min|2003-01-31|.htaccess errors logged outside the virtual host l| |17318|Inf|Cri|2003-02-23|Abend on deleting a temporary cache file if proxy | |19279|Inf|Min|2003-04-24|Invalid chmod options in solaris build| |21637|Inf|Nor|2003-07-16|Timeout causes a status code of 200 to be logged | |21777|Inf|Min|2003-07-21|mod_mime_magic doesn't handle little gif files| |21975|Opn|Nor|2003-07-29|mod_rewrite RewriteMap from external program gets | |22618|New|Maj|2003-08-21|MultiViews invalidates PATH_TRANSLATED if cgi-wrap| |25057|Inf|Maj|2003-11-27|Empty PUT access control in .htaccess overrides co| |26126|New|Nor|2004-01-14|mod_include hangs with request body | |26152|Ass|Nor|2004-01-15|Apache 1.3.29 and below directory traversal vulner| |26790|New|Maj|2004-02-09|error deleting old cache file | |29257|Opn|Nor|2004-05-27|Problem with apache-1.3.31 and mod_frontpage (dso,| |29498|New|Maj|2004-06-10|non-anonymous ftp broken in mod_proxy | |29538|Ass|Enh|2004-06-12|No facility used in ErrorLog to syslog| |30207|New|Nor|2004-07-20|Piped logs don't close read end of pipe | |30877|New|Nor|2004-08-26|htpasswd clears passwd file on Sun when /var/tmp i| |30909|New|Cri|2004-08-28|sporadic segfault resulting in broken connections | |31975|New|Nor|2004-10-29|httpd-1.3.33: buffer overflow in htpasswd if calle| |32078|New|Enh|2004-11-05|clean up some compiler warnings | |32539|New|Trv|2004-12-06|[PATCH] configure --enable-shared= brocken on SuSE| |32974|Inf|Maj|2005-01-06|Client IP not set | |33086|New|Nor|2005-01-13|unconsistency betwen 404 displayed path and server| |33495|Inf|Cri|2005-02-10|Apache crashes with WSADuplicateSocket failed for| |33772|New|Nor|2005-02-28|inconsistency in manual and error reporting by sue| |33875|New|Enh|2005-03-07|Apache processes consuming CPU| |34108|New|Nor|2005-03-21|mod_negotiation changes mtime to mtime of Document| |34114|New|Nor|2005-03-21|Apache could interleave log entries when writing t| |34404|Inf|Blk|2005-04-11|RewriteMap prg can not handle fpout | |34571|Inf|Maj|2005-04-22|Apache 1.3.33 stops logging vhost| |34573|Inf|Maj|2005-04-22|.htaccess not working / mod_auth_mysql| |35424|New|Nor|2005-06-20|httpd disconnect in Timeout on CGI| |35439|New|Nor|2005-06-21|Problem with remove /../ in util.c and mod_rewri| |35547|Inf|Maj|2005-06-29|Problems with libapreq 1.2 and Apache::Cookie | |3|New|Nor|2005-06-30|Can't find DBM on Debian Sarge| |36375|Opn|Nor|2005-08-26|Cannot include http_config.h from C++ file| |37166|New|Nor|2005-10-19|Under certain conditions, mod_cgi delivers an empt| |37252|New|Reg|2005-10-26|gen_test_char reject NLS string | |38989|New|Nor|2006-03-15|restart + piped logs stalls httpd for 24 minutes (| |39104|New|Enh|2006-03-25|[FR] fix build with -Wl,--as-needed | |39287|New|Nor|2006-04-12|Incorrect If-Modified-Since validation (due to syn| |39937|New|Nor|2006-06-30|Garbage output if README.html is gzipped or compre| |40224|Ver|Nor|2006-08-10|System time crashes Apache @year 2038 (win32 only?| |41279|New|Nor|2007-01-02|Apache 1.3.37 htpasswd is vulnerable to buffer ove| |42355|New|Maj|2007-05-08|Apache 1.3 permits non-rfc HTTP error code = 600 | |43626|New|Maj|2007-10-15|r-path_info returning invalid value | |44768|New|Blk|2008-04-07|Server suddenly reverted to showing test page only|
ab: HTTP/1.1
Hi folks, In stumbling over this: http://dpaste.de/NFVw/ I put together a quick patch. Good night -- Igor Galić Tel: +43 (0) 664 886 22 883 Mail: i.ga...@brainsware.org URL: http://brainsware.org/ Index: ab.c === --- ab.c (revision 985779) +++ ab.c (working copy) @@ -1643,17 +1643,17 @@ /* setup request */ if (!send_body) { snprintf_res = apr_snprintf(request, sizeof(_request), -%s %s HTTP/1.0\r\n +%s %s HTTP/1.1\r\n %s %s %s %s \r\n, method_str[method], (isproxy) ? fullurl : path, -keepalive ? Connection: Keep-Alive\r\n : , +keepalive ? Connection: Keep-Alive\r\n : Connection: close\r\n, cookie, auth, hdrs); } else { snprintf_res = apr_snprintf(request, sizeof(_request), -%s %s HTTP/1.0\r\n +%s %s HTTP/1.1\r\n %s %s %s Content-length: % APR_SIZE_T_FMT \r\n Content-type: %s\r\n @@ -1661,7 +1661,7 @@ \r\n, method_str[method], (isproxy) ? fullurl : path, -keepalive ? Connection: Keep-Alive\r\n : , +keepalive ? Connection: Keep-Alive\r\n : Connection: close\r\n, cookie, auth, postlen, (content_type[0]) ? content_type : text/plain, hdrs);
Re: [PATCH] tproxy2 patch to the apache 2.2.15
hello paul~ sorry for my late reply. - Original Message - From: Paul Fee p...@talk21.com To: dev@httpd.apache.org Sent: Friday, August 13, 2010 9:18 PM Subject: Re: [PATCH] tproxy2 patch to the apache 2.2.15 JeHo Park wrote: snip yes, i see, so i also made tproxy4 apache patch to the version httpd 2.2.9 and tested it in debian linux box successfully!. the software version i tested looks below -- kernel: vanilla 2.6.31 [tproxy4 included as default ] apache: 2.2.9 [tproxy4 patch applied] iptables: 1.4.3 ebtables: 2.0.8 -- i tested the tproxy4 apache successfully in the debian lenny. but i met some strange things that was .. the same tproxy4 software did not operated correctly in the CentOS the main Environment me and our team developed in is not the debian but the CentOS so i had to give up the tproxy4. this is why i made the tproxy2 apache patch... in the kernel 2.6.18 CentOS kernel :-( Can you share your tproxy4 based patches. I think they're more interesting as they'll work across more distributions in the future. here is my tproxy4 patch actually speaking, i modified and fixed a patch file which i downloaded from the google svn. http://211.174.184.69/apache-tproxy4 RHEL6 beta has tproxy4 support, as will CentOS6 in time. Your tproxy4 work will become usable when your main environment upgrades. good news :-) thanks Here's a post showing tproxy history, it recommends against tproxy2: https://lists.balabit.hu/pipermail/tproxy/2008-November/000994.html Bazsi suggests starting with tproxy4 for 2.6.17 and propagate that forward to a 2.6.18 kernel. The tproxy4 API looks easier to use than tproxy2. forex- Unfortunately I didn't find the tproxy4 for 2.6.17 kernel patch. really ? great! i didn't know that ! Hopefully you can locate the tproxy4 for 2.6.17 patch as that would allow Apache to work consistently in both your environment and with 2.6.28+ kernels. but it seems wondering whether Bazsi do backport the tproxy4 kernel patch to the kernel 2.6.17 or 2.6.18 anyway recently, i applied my tproxy2 patch - exactly speaking, i modified or inserted some little bit codes to the existing patch --- to a commercial sites and then i found ..maybe .. tproxy2 is not real transparency.. because i had to insert some route infomations to the box for packet routing problems. However most important is to have future proof Apache changes that will be compatible with distros other than just CentOS5/RHEL5, for example RHEL6. Although you're tied to CentOS5 now, I think Apache trunk would benefit more from tproxy4 patches. The tproxy2 work has a limited future. i see what you mean ~ Incidentally, how are you managing the iptables rules? Is it assumed that these will be setup before Apache httpd is started? Or do you think Apache should own the rules, creating them at startup and removing them on shutdown. yes, i see, both tproxy2 and tproxy4 need some L2 bridge, L3 or route rules by the iptables and etc so i always insert the rules before or after starting apache httpd. and i hope Apache don't own the rules. i call the deletion of the rules from the box as software bypass :-) i think it is not needed the Apache httpd own the rules .. for more easy debugging and other usages .. Handling the iptables rules within Apache would present difficulties. For example if Apache died/crashed, the rules could be left lingering. Perhaps yes it is really disaster it's best not to pollute Apache with operation system networking setup, especially non-portable settings that are unique to Linux. i understand what you said Thanks, Paul Thanks JeHo Park