Re: ApacheCon Austin, httpd track
On 3 Dec 2014, at 16:00, Rich Bowen wrote: > > If this content can be put into a half-day three-talk series, where each talk > stands alone or works in concert, that would be ideal. Do you think that we > can put together like that? Any chance we could even persuade one of the > OpenSSL folks to come for that? Anyone have any contacts there? A day on SSL/TLS could and perhaps should cover both OpenSSL and GnuTLS. -- Tim Bannister – is...@c8h10n4o2.org.uk
Re: ApacheCon Austin, httpd track
On 12/02/2014 03:51 PM, wr...@rowe-clan.net wrote: Rich raises a great point - you could probably even propose a full half day training, and spend a bit of time on configuring different ASF projects (e.g. httpd, Tomcat) while aiming squarely at the state of SSL cryptography itself. I'm certain that class would get some nice registration numbers. FYI, we're planning to drop training/tutorial kind of sessions for this event. They have consistently been a huge logistical nightmare, and we always end up canceling (optimistically) 3/4 of them due to poor attendance numbers. They're a huge hassle for the people that have to plan the content and then not give the talk. They're a huge hassle to have to notify people that the tutorial they signed up for has been canceled. And they're a hassle trying to get the space for a talk that may or may not happen. If this content can be put into a half-day three-talk series, where each talk stands alone or works in concert, that would be ideal. Do you think that we can put together like that? Any chance we could even persuade one of the OpenSSL folks to come for that? Anyone have any contacts there? --Rich -- Rich Bowen - rbo...@rcbowen.com - @rbowen http://apachecon.com/ - @apachecon
Re: ApacheCon Austin, httpd track
On 12/02/2014 04:14 PM, Jim Riggs wrote: On 11/30/2014 11:08 AM, Jeff Trawick wrote: * deploying Python web apps under uWSGI behind mod_proxy_fcgi/scgi (some material here: http://emptyhammock.com/projects/info/pyweb/index.html) On 1 Dec 2014, at 19:15, Daniel Ruggeri wrote: Similarly, I'm always up for giving my proxy talk if it's welcome (after the first day since I can't make it until Tues). If we think proxy is a big topic, we ought to arrange for a general overview like my proxy talk followed by more specific deep dives such as what Jeff mentions here and a session on new sexiness like WebSockets. Picking up on what Jeff and Daniel are saying, I think some focus on the powerful things mod_proxy_* can do would be really useful. One particular thought that has been in the back of my head for some time is a "Begone libphp5.so!" talk. For better or worse, PHP is still around and will be for some time, but it is time to get it out of the web server and treat it like the application/backend it is for both security and resource-usage reasons. mod_proxy_fcgi + php-fpm is a really elegant, simple solution to make this happen, but I have found a lot of devs and admins who just aren't even aware of this configuration possibility. (I have explained it to several people at ApacheCon NAs over the past couple of years.) I've actually been using a backported mod_proxy_fcgi in 2.2 for just this purpose for a few years in production. That's certainly a talk I would be willing to give if there is interest. P.S. mod_proxy_balancer -> mod_proxy_fcgi -> php-fpm is really fun and interesting too! ;-) Awesome. I'll put you down for a php-fpm talk. :-) So, the next step, now that we have a pretty good track roughed in, is that people actually start submitting the talk abstracts to go along with it. It would be great if this didn't get left to the last minute, so that we can actually start doing some track publicity sooner rather than later. Thanks for the great discussion, folks! --Rich -- Rich Bowen - rbo...@rcbowen.com - @rbowen http://apachecon.com/ - @apachecon
Re: svn commit: r1640495 - /httpd/httpd/trunk/modules/proxy/mod_proxy_fcgi.c
On 12/01/2014 02:15 PM, Yann Ylavic wrote: On Wed, Nov 19, 2014 at 8:19 AM, wrote: Author: jkaluza Date: Wed Nov 19 07:19:13 2014 New Revision: 1640495 URL: http://svn.apache.org/r1640495 Log: * mod_proxy_fcgi: Ignore body data from backend for 304 responses. PR 57198. Modified: httpd/httpd/trunk/modules/proxy/mod_proxy_fcgi.c [] --- httpd/httpd/trunk/modules/proxy/mod_proxy_fcgi.c (original) +++ httpd/httpd/trunk/modules/proxy/mod_proxy_fcgi.c Wed Nov 19 07:19:13 2014 @@ -369,7 +369,7 @@ static apr_status_t dispatch(proxy_conn_ const char **err) { apr_bucket_brigade *ib, *ob; -int seen_end_of_headers = 0, done = 0; +int seen_end_of_headers = 0, done = 0, ignore_body = 0; apr_status_t rv = APR_SUCCESS; int script_error_status = HTTP_OK; conn_rec *c = r->connection; @@ -579,9 +579,16 @@ recv_again: APR_BRIGADE_INSERT_TAIL(ob, tmp_b); r->status = status; ap_pass_brigade(r->output_filters, ob); -ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01070) - "Error parsing script headers"); -rv = APR_EINVAL; +if (status == HTTP_NOT_MODIFIED) { +/* The 304 response MUST NOT contain + * a message-body, ignore it. */ +ignore_body = 1; +} +else { +ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01070) +"Error parsing script headers"); +rv = APR_EINVAL; +} break; } There seems to be another case below this point where we "Send the part of the body that we read while reading the headers" (as the comment says), with no !ignore_body check. I agree with this part and I will fix it in my next commit. Also, the backend may use a "Status: 304 Not Modified" header, which would not result in ap_scan_script_header_err_brigade_ex() returning that status but setting it to r->status. In this case, it's up to backend to not send the body and if it sends some body together with 304 status, we don't have to care about that, right? I can implement also check for r->status and set ignore_body=1, but I thought it's not needed on httpd side. So, more generally, shouldn't we check both ap_scan_script_header_err_brigade_ex()'s returned status AND r->status against 304 to ignore the body (ie. bypass ap_pass_brigade() for anything but EOS)? Regards, Yann. Regards, Jan Kaluza
Re: svn commit: r1642154 - in /httpd/httpd/trunk: docs/manual/expr.xml include/ap_expr.h server/util_expr_eval.c server/util_expr_parse.y
Thanks for reviewing that commit. I've fixed both issues in r1643094. Regards, Jan Kaluza On 12/02/2014 09:55 PM, Ruediger Pluem wrote: On 11/27/2014 02:46 PM, jkal...@apache.org wrote: Author: jkaluza Date: Thu Nov 27 13:46:11 2014 New Revision: 1642154 URL: http://svn.apache.org/r1642154 Log: * ap_exr: Add replace(string, from, to) function. Modified: httpd/httpd/trunk/docs/manual/expr.xml httpd/httpd/trunk/include/ap_expr.h httpd/httpd/trunk/server/util_expr_eval.c httpd/httpd/trunk/server/util_expr_parse.y Modified: httpd/httpd/trunk/server/util_expr_eval.c URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/util_expr_eval.c?rev=1642154&r1=1642153&r2=1642154&view=diff == --- httpd/httpd/trunk/server/util_expr_eval.c (original) +++ httpd/httpd/trunk/server/util_expr_eval.c Thu Nov 27 13:46:11 2014 @@ -183,13 +186,29 @@ static const char *ap_expr_eval_string_f const ap_expr_t *info, const ap_expr_t *arg) { -ap_expr_string_func_t *func = (ap_expr_string_func_t *)info->node_arg1; const void *data = info->node_arg2; AP_DEBUG_ASSERT(info->node_op == op_StringFuncInfo); -AP_DEBUG_ASSERT(func != NULL); +AP_DEBUG_ASSERT(info->node_arg1 != NULL); AP_DEBUG_ASSERT(data != NULL); -return (*func)(ctx, data, ap_expr_eval_word(ctx, arg)); +if (arg->node_op == op_ListElement) { +/* Evaluate the list elements and store them in apr_array_header. */ +ap_expr_string_list_func_t *func = (ap_expr_string_list_func_t *)info->node_arg1; +apr_array_header_t *args = apr_array_make(ctx->p, 1, sizeof(char *)); Shouldn't we use at least 2 instead of 1? I guess we expect at least 2 elements. +do { +const ap_expr_t *val = arg->node_arg1; +const char **new = apr_array_push(args); +*new = ap_expr_eval_word(ctx, val); + +arg = arg->node_arg2; +} while (arg != NULL); + +return (*func)(ctx, data, args); +} +else { +ap_expr_string_func_t *func = (ap_expr_string_func_t *)info->node_arg1; +return (*func)(ctx, data, ap_expr_eval_word(ctx, arg)); +} } static int intstrcmp(const char *s1, const char *s2) @@ -1071,6 +1110,59 @@ static const char *ldap_func(ap_expr_eva } #endif +static int replace_func_parse_arg(ap_expr_lookup_parms *parms) +{ +const char *original = parms->arg; +const apr_strmatch_pattern *pattern; + +if (!parms->arg) { +*parms->err = apr_psprintf(parms->ptemp, "replace() function needs " + "exactly 3 arguments"); +return !OK; +} +pattern = apr_strmatch_precompile(parms->pool, original, 0); +*parms->data = pattern; +return OK; +} + +static const char *replace_func(ap_expr_eval_ctx_t *ctx, const void *data, + const apr_array_header_t *args) +{ +char *buff, *original, *replacement; +struct ap_varbuf vb; +apr_size_t repl_len; +const char *repl; +apr_size_t bytes; +apr_size_t len; +const apr_strmatch_pattern *pattern = data; +if (args->nelts != 3) { +*ctx->err = apr_psprintf(ctx->p, "replace() function needs " + "exactly 3 arguments"); +return ""; +} + +buff = APR_ARRAY_IDX(args, 2, char *); +original = APR_ARRAY_IDX(args, 1, char *); +replacement = APR_ARRAY_IDX(args, 0, char *); +repl_len = strlen(replacement); +bytes = strlen(buff); + +ap_varbuf_init(ctx->p, &vb, 0); +vb.strlen = 0; + +while ((repl = apr_strmatch(pattern, buff, bytes))) { +len = (apr_size_t) (repl - buff); +ap_varbuf_strmemcat(&vb, buff, len); +ap_varbuf_strmemcat(&vb, replacement, repl_len); + +len += repl_len; This goes wrong if replacement string and original string are of different size. IMHO you need to add strlen(original) to len above. +bytes -= len; +buff += len; +} + +return ap_varbuf_pdup(ctx->p, &vb, NULL, 0, buff, bytes, &len); +} + #define MAX_FILE_SIZE 10*1024*1024 static const char *file_func(ap_expr_eval_ctx_t *ctx, const void *data, char *arg) @@ -1657,6 +1749,7 @@ static const struct expr_provider_single Regards Rüdiger