Joshua Slive wrote:
[ This really should be on infrastructure; oh well.]
Perhaps I should have mentioned off the top that I envision setting 30+
day expiry times on all .gz/.zip/.msi/.jar/etc files under dist/. These
files should never change without being renamed.
Ok, it must be 24 hours.
On Tue, Dec 06, 2005 at 08:16:07PM -0500, Joshua Slive wrote:
> Perhaps I should have mentioned off the top that I envision setting 30+
> day expiry times on all .gz/.zip/.msi/.jar/etc files under dist/. These
> files should never change without being renamed.
This is a double-edged sword, see
Justin Erenkrantz wrote:
> --On December 6, 2005 11:04:13 AM -0700 Brad Nicholes
> <[EMAIL PROTECTED]> wrote:
>
>> Good, then I am +1 on the authz providers only returning AUTHZ_GRANTED
>> or AUTHZ_DENIED. I don't see a need for anything else.
>
>
> FWIW, I do see a case for returning 'uh-oh,
[ This really should be on infrastructure; oh well.]
Perhaps I should have mentioned off the top that I envision setting 30+
day expiry times on all .gz/.zip/.msi/.jar/etc files under dist/. These
files should never change without being renamed.
Colm MacCarthaigh wrote:
* It's vastl
--On December 7, 2005 2:00:19 AM +0100 Ruediger Pluem <[EMAIL PROTECTED]>
wrote:
The patches to mod_proxy_http we identified here on list do indeed work
and are in as r354628.
Sorry for stepping in that late into the discussion, but wouldn't it be
better to fix that after the return from prox
On 12/07/2005 01:32 AM, Justin Erenkrantz wrote:
[..cut..]
>
> The patches to mod_proxy_http we identified here on list do indeed work
> and are in as r354628.
Sorry for stepping in that late into the discussion, but wouldn't it be better
to fix that after the return from proxy_run_scheme_ha
--On December 6, 2005 3:57:37 PM -0500 Brian Akins <[EMAIL PROTECTED]>
wrote:
Can we vote on it as is? It fixes the problem, we can make it "pretty"
later. Of course, if someone has a better solution right now...
I just reproduced the problem with the following setup:
1) On 8080, httpd trun
Nils Larsch wrote:
afaik the included ec algorithms are not tainted by patents but as some
countries have braindead patent laws you can never be sure ...
Obviously neither the openssl nor apache httpd projects take responsibility
for deep patent searches, and should we discover we have offende
As far as I'm concerned, the MySQL driver is only tested against
MySQL 4.1 - with pretty much a default build - and on Linux and
FreeBSD platforms. In principle that shouldn't make any difference,
but in practice I don't know.
Indeed it works all fine when it is build with 4.1.5 libs.
Also no
On 12/07/2005 12:10 AM, Jim Jagielski wrote:
[..cut..]
>>
>>>
>>>Well, there's an issue with the proxy balancer that needs
>>>to be addressed as well 1st, imo.
>>
>>Could you please give my memory a small hint what this issue is?
>>
>
>
> Keepalives and multiple workers
>
Sorry, that I don'
Ruediger Pluem wrote:
>
>
>
> On 12/06/2005 10:53 PM, Jim Jagielski wrote:
>
> [..cut..]
> >
> >
> > Well, there's an issue with the proxy balancer that needs
> > to be addressed as well 1st, imo.
>
> Could you please give my memory a small hint what this issue is?
>
Keepalives and multiple
Quoting Colm MacCarthaigh <[EMAIL PROTECTED]>:
* It defeats a huge part of the point of having a mirroring
system in the first place. Mirroring isn't just a way of
decreasing bandwidth usage on the primary, it's also a means
of building content resilience. Wh
On 12/06/2005 10:53 PM, Jim Jagielski wrote:
[..cut..]
>
>
> Well, there's an issue with the proxy balancer that needs
> to be addressed as well 1st, imo.
Could you please give my memory a small hint what this issue is?
Regards
Rüdiger
Filed bug: http://issues.apache.org/bugzilla/show_bug.cgi?id=37814
Made a couple of suggestions
1) use #if's to determine if it's windows and pass in the appropriate
sizelimit to ldap_search_ext_s on windows
2) use ldap_search_s instead of ldap_search_ext_s. It doesn't look like
util_ldap.c is
On Tuesday 06 December 2005 19:35, Steffen wrote:
> I build on Win32 apr-utl/dbd with apr_dbd_mysql.c with Mysql 5.0.16 libs.
> And also build mod_auth_dbd and mod_dbd.
>
> The server starts fine with the directive DBDriver mysql and mod_auth_dbd
> enabled.
> Most pages are fine authenticated again
Looking at 0.9.8(a) for the official httpd 2.2.0 binary distribution,
this includes these (major) new features;
Addition of BIGNUM functions for fields GF(2^m) and NIST
curves, to support the Elliptic Crypto functions.
Major work on Elliptic Crypto; ECDH and ECDSA added, including
the us
On Tue, Dec 06, 2005 at 04:16:17PM -0500, Joshua Slive wrote:
> This is really an infrastructure topic, not an httpd-dev one, but I'd
> like the caching experts to look over this to make sure this simple
> configuration looks reasonable.
I think this is a terrible, terrible, terrible idea in g
William A. Rowe, Jr. wrote:
>
> Justin Erenkrantz wrote:
> >
> > We aren't ready to do 2.2.1 just yet
>
> Sure we are, if someone steps up to RM a new release, and it gets the votes
> to go out the door.
>
Well, there's an issue with the proxy balancer that needs
to be addressed as well 1st, i
Joshua Slive wrote:
This is really an infrastructure topic, not an httpd-dev one, but I'd
like the caching experts to look over this to make sure this simple
configuration looks reasonable. (The main issue being, it is almost
impossible to get a mirror to change its configuration after they'v
Justin Erenkrantz wrote:
We aren't ready to do 2.2.1 just yet
Sure we are, if someone steps up to RM a new release, and it gets the votes
to go out the door.
Bill
--On December 6, 2005 3:57:37 PM -0500 Brian Akins <[EMAIL PROTECTED]>
wrote:
Can we vote on it as is? It fixes the problem, we can make it "pretty"
later. Of course, if someone has a better solution right now...
We aren't ready to do 2.2.1 just yet, so there's no need to particularly
rush
This is really an infrastructure topic, not an httpd-dev one, but I'd
like the caching experts to look over this to make sure this simple
configuration looks reasonable. (The main issue being, it is almost
impossible to get a mirror to change its configuration after they've
been accepted into
On 12/06/2005 07:55 PM, Brian Akins wrote:
> Can we have mod_cache (and its providers) log why it didn't serve an
> object from cache in debug?
> First entry I see when requesting an object I know is cached is:
>
> [Tue Dec 06 13:53:55 2005] [debug] mod_cache.c(129): Adding CACHE_SAVE
> filter f
Roy T. Fielding wrote:
Sorry, reverse proxy is not a proxy -- it is a gateway.
Sure it is. but that's semantics and any further discussion of that
would be futile.
You are right that it won't make a difference in the gateway case,
though from a software design perspective, pipe-and-filter
Jim Jagielski wrote:
As Roy indicates, we may need to tweak this to return a 503
depending on the actual state of the proxied connection/response,
but this is still looking v good.
Can we vote on it as is? It fixes the problem, we can make it "pretty"
later. Of course, if someone has a bet
On Dec 6, 2005, at 12:45 PM, Brian Akins wrote:
That would work, I suppose, but wouldn't the client get the same
impression "proxy is broken"? I generally only deal with "reverse
proxies," so if origin is broken, whole site is broken...
Sorry, reverse proxy is not a proxy -- it is a gateway
Brian Akins wrote:
>
> Colm MacCarthaigh wrote:
>
> > I'm already testing, with some pretty big edge cases, sounds
> > good.
> >
>
> Also looks good from my side. I'll do some more testing. We, as you
> can imagine, get tons of "edge cases."
>
I likely can't approach some of the edge cases
Roy T. Fielding wrote:
That would depend on the current state of the proxy's response to
the client, since it may have not even sent the status code on the
wire. If not, then marking the connection as aborted will just make
it look like the proxy is broken, so we should send a 503 error
message
On Dec 6, 2005, at 9:38 AM, Justin Erenkrantz wrote:
On Tue, Dec 06, 2005 at 12:22:18PM -0500, Brian Akins wrote:
There *might* be a breakage if the server aborted it's half of the
connection partway through the response. I don't have the time
to fully
look at the code, but there might be a
Colm MacCarthaigh wrote:
I'm already testing, with some pretty big edge cases, sounds
good.
Also looks good from my side. I'll do some more testing. We, as you
can imagine, get tons of "edge cases."
--
Brian Akins
Lead Systems Engineer
CNN Internet Technologies
On Tue, Dec 06, 2005 at 03:26:00PM -0500, Jim Jagielski wrote:
> Yes, please test. I'll also test here locally against stock
> mod_cache (and pulling a cable between the test proxy and
> origin server :) ). Then we fold into trunk, then immediately
> propose to backport to httpd-2.2.
I'm already t
Justin Erenkrantz wrote:
Test first, then if it works, we'll proceed with committing it to trunk
and then merging for 2.2.1. =) -- justin
Of course...
I'll have to work at a test case, because the buckets get passed before
I can abort. So c->aborted is happening after EOS has been sent, I
Brian Akins wrote:
>
> Jim Jagielski wrote:
>
> >>So we need my patch and your patch, right? I'm a little "medicated"
> >>today...
> >>
> >
> >
> > Yes, both.
> >
>
> Can we vote on this? I guess we do it for HEAD then for 2.2.1 (or
> something like that)?
>
> Just want to make sure this
--On December 6, 2005 3:10:44 PM -0500 Brian Akins <[EMAIL PROTECTED]>
wrote:
Just want to make sure this will make into "stock" code. In the
meantime, I'll do a local patch and test.
Test first, then if it works, we'll proceed with committing it to trunk and
then merging for 2.2.1. =) --
Jim Jagielski wrote:
So we need my patch and your patch, right? I'm a little "medicated"
today...
Yes, both.
Can we vote on this? I guess we do it for HEAD then for 2.2.1 (or
something like that)?
Just want to make sure this will make into "stock" code. In the
meantime, I'll do a
Brian Akins wrote:
>
> Justin Erenkrantz wrote:
>
> >
> > I do think we need to fix mod_proxy_http to return an error.
>
>
> So we need my patch and your patch, right? I'm a little "medicated"
> today...
>
Yes, both.
--
--On December 6, 2005 3:01:28 PM -0500 Brian Akins <[EMAIL PROTECTED]>
wrote:
So we need my patch and your patch, right? I'm a little "medicated"
today...
I think so, yes. -- justin
Justin Erenkrantz wrote:
I do think we need to fix mod_proxy_http to return an error.
So we need my patch and your patch, right? I'm a little "medicated"
today...
--
Brian Akins
Lead Systems Engineer
CNN Internet Technologies
Justin Erenkrantz wrote:
>
> --On December 6, 2005 2:02:02 PM -0500 Brian Akins <[EMAIL PROTECTED]>
> wrote:
>
> > So, do we just need to set r->connection->aborted = 1 and core will take
> > care of it? If so, a patch should be trivial.
>
> I think that's a side effect of being aborted. I th
--On December 6, 2005 2:19:58 PM -0500 Brian Akins <[EMAIL PROTECTED]>
wrote:
Brian Akins wrote:
Justin Erenkrantz wrote:
After a bit more of thinking, the right thing to do would be to have
mod_proxy force a dropped connection to the client.
So, do we just need to set r->connection->abo
I build on Win32 apr-utl/dbd with apr_dbd_mysql.c with Mysql 5.0.16 libs.
And also build mod_auth_dbd and mod_dbd.
The server starts fine with the directive DBDriver mysql and mod_auth_dbd
enabled.
Most pages are fine authenticated against a Mysql database.
But sometimes I get httpd.exe crashe
Brian Akins wrote:
Justin Erenkrantz wrote:
After a bit more of thinking, the right thing to do would be to have
mod_proxy force a dropped connection to the client.
So, do we just need to set r->connection->aborted = 1 and core will take
care of it? If so, a patch should be trivial.
Hi,
a few weeks ago I noticed that 'modules/aaa/mod_authnz_ldap.c' could be
cleaned up a little. Now here is the patch.
Regards,
CJ
Index: modules/aaa/mod_authnz_ldap.c
===
--- modules/aaa/mod_authnz_ldap.c (révision 354496)
+++
Brian Akins wrote:
Justin Erenkrantz wrote:
I think that's a side effect of being aborted. I think we need to
first abort the connection and then set that field. =) -- justin
:) That's what I figured, just greping on "aborted" isn't showing
anything obvious...
Apparently that's how
Justin Erenkrantz wrote:
I think that's a side effect of being aborted. I think we need to first
abort the connection and then set that field. =) -- justin
:) That's what I figured, just greping on "aborted" isn't showing
anything obvious...
--
Brian Akins
Lead Systems Engineer
CNN In
--On December 6, 2005 2:02:02 PM -0500 Brian Akins <[EMAIL PROTECTED]>
wrote:
So, do we just need to set r->connection->aborted = 1 and core will take
care of it? If so, a patch should be trivial.
I think that's a side effect of being aborted. I think we need to first
abort the connection
Justin Erenkrantz wrote:
After a bit more of thinking, the right thing to do would be to have
mod_proxy force a dropped connection to the client.
So, do we just need to set r->connection->aborted = 1 and core will take
care of it? If so, a patch should be trivial.
--
Brian Akins
Lead Sy
Can we have mod_cache (and its providers) log why it didn't serve an
object from cache in debug?
First entry I see when requesting an object I know is cached is:
[Tue Dec 06 13:53:55 2005] [debug] mod_cache.c(129): Adding CACHE_SAVE
filter for /cnn/1.gif
no reason why we chose not to serve fr
--On December 6, 2005 11:04:13 AM -0700 Brad Nicholes
<[EMAIL PROTECTED]> wrote:
Good, then I am +1 on the authz providers only returning AUTHZ_GRANTED
or AUTHZ_DENIED. I don't see a need for anything else.
FWIW, I do see a case for returning 'uh-oh, an error occurred'.
I'm good with mod_a
Roy T. Fielding wrote:
But the only way we know we will send the same T-E and C-L values is to
determine the C-L as a result of piping the results through the output
filters to the network stack. Your patch suggests we should ignore that
potential issue.
That is completely irrelevant to for
>>> On 12/6/2005 at 12:04:47 am, in message
<[EMAIL PROTECTED]>, [EMAIL PROTECTED]
wrote:
> On Mon, Dec 05, 2005 at 02:17:09PM -0700, Brad Nicholes wrote:
>> Ignoring SATISFY for now, we still want each provider to
be
>> called in the listed order and whether authorization is GRANTED or
>> DENIED
Justin Erenkrantz wrote:
On Tue, Dec 06, 2005 at 12:22:18PM -0500, Brian Akins wrote:
There *might* be a breakage if the server aborted it's half of the
connection partway through the response. I don't have the time to fully
look at the code, but there might be a code path that does so. -- ju
On Tue, Dec 06, 2005 at 12:22:18PM -0500, Brian Akins wrote:
> >There *might* be a breakage if the server aborted it's half of the
> >connection partway through the response. I don't have the time to fully
> >look at the code, but there might be a code path that does so. -- justin
>
> From what
Justin Erenkrantz wrote:
Our mod_cache will abort the response if the connection to the original
client is aborted for whatever reason. So, I'm doubtful the scenario you
describe would happen to our mod_cache. (See mod_disk_cache.c:1013.)
Cool. yep that would help me.
There *might* be a b
On Tue, Dec 06, 2005 at 12:10:44PM -0500, Brian Akins wrote:
> Since I do not use the "stock" mod_cache, I cannot really test it.
> However, I can try to get together a patch that changes r->status in
> these cases. Is that acceptable? Will this screw up proxy_balancer or
> is it out of the pi
Paul Querna wrote:
As a quick fix, could we not have proxy set r->status =
HTTP_BAD_GATEWAY or something and re-check in the cache before
finalizing the store?
Yes, and then remove the problem content and header file.
Since I do not use the "stock" mod_cache, I cannot really test it.
Ho
On Tue, Dec 06, 2005 at 12:07:32PM -0500, Brian Akins wrote:
> in mod_cache in store_body check r->status on every bucket? This may
> need to be in providers for now???
No. Changing the status after the first write will not matter. -- justin
On Tue, Dec 06, 2005 at 09:29:42AM -0500, Brian Akins wrote:
> I have a serious issue. It seems that if something happens during a
> proxy request after mod_http_proxy starts reading from the backend
> server, no error is reported. (IE, see what happens when ap_pass_brigade
> returns non succe
Brian Akins wrote:
As a quick fix, could we not have proxy set r->status = HTTP_BAD_GATEWAY
or something and re-check in the cache before finalizing the store?
pseudo code:
in proxy_http
if(some proxy error) {
error_log("error during transit. forcing status change");
r->statu
Brian Akins wrote:
Paul Querna wrote:
Related issue:
http://issues.apache.org/bugzilla/show_bug.cgi?id=15866
I don't think its breaking the RFC to not-cache partial pages.
Yep. That's my issue:
This one doesn't have an easy solution. The problem is that mod_proxy
currently
has no way to
Brian Akins wrote:
>
> Jim Jagielski wrote:
>
> > Hmmm. I haven't taken a look yet, but is seems to me that
> > only complete responses should be cached, not partial, and
> > as such we need some better mechanism in place for that
> > "Not Cache-able", "Could be Cache-able" and "To-Be-Cached"
> >
Paul Querna wrote:
Related issue:
http://issues.apache.org/bugzilla/show_bug.cgi?id=15866
I don't think its breaking the RFC to not-cache partial pages.
Yep. That's my issue:
This one doesn't have an easy solution. The problem is that mod_proxy
currently
has no way to tell mod_cache if a
Brian Akins wrote:
From the best I can tell, the issue is in the proxy code. When a
response gets "truncated" for whatever reason, it doesn't pass an error
along, so the filters never know that "something bad" happened.
From mod_proxy_http.c
in the function ap_proxy_http_process_respons
Brian Akins wrote:
I have a serious issue. It seems that if something happens during a
proxy request after mod_http_proxy starts reading from the backend
server, no error is reported. (IE, see what happens when
ap_pass_brigade returns non success). The problem is that this
"partial page" ma
Jim Jagielski wrote:
Hmmm. I haven't taken a look yet, but is seems to me that
only complete responses should be cached, not partial, and
as such we need some better mechanism in place for that
"Not Cache-able", "Could be Cache-able" and "To-Be-Cached"
state tree.
From the best I can tell, th
On Dec 6, 2005, at 9:29 AM, Brian Akins wrote:
I have a serious issue. It seems that if something happens during
a proxy request after mod_http_proxy starts reading from the
backend server, no error is reported. (IE, see what happens when
ap_pass_brigade returns non success). The proble
Jim Jagielski wrote:
Big +1 here... while working on the proxy balancer stuff,
having better scoreboard interaction has been an obvious
aspect that could be better and more useful.
I also in some of my own modules I am always saying "I wish I could put
this in the scoreboard" but end up hav
David,As I've wrote before, I made a mistake in the documentation, asstopping Apache is not required, and having a running service has nothing to do with the test. I don't have the problem even with the service running. What test are failing on your system ?
Regards,Nicolas2005/12/6, David Fraser <
if it was possible, to add some statistics to the
mod_cache, to measure the size of the cache, how well
it is being used, as squid has its own
What I did in my "private fork" was to have stats and storage providers.
A cache stat provider provides only a single function:
apr_status_t (*upda
I have a serious issue. It seems that if something happens during a
proxy request after mod_http_proxy starts reading from the backend
server, no error is reported. (IE, see what happens when ap_pass_brigade
returns non success). The problem is that this "partial page" may be
cached because
Another minor point:
6 of the tests fail without the patch if the Apache service was running
before the tests started.
These all pass with the patch regardless of the status of the Apache
service.
David Fraser wrote:
Hi Nicolas
Of course, one way of fixing this up is ensuring we use a test
--- Paul Querna <[EMAIL PROTECTED]> wrote:
> My intention is for this to be a wide open
> brainstorming thread.
>
> I expect that we will be able to discuss several
> ideas in much more
> detail at the Hackathon next week, but I really want
> to get all ideas
> 'on the table'.
>
> I have a few
William A. Rowe, Jr. wrote:
Stephen Collyer wrote:
OK, I've found the problem and hacked a fix for it:
[deleted]
Did you run make install and point --with-ssl= at the install target,
rather than a source build?
I'm not sure what you mean here by a "source build", but if you're
interested
On Tue, Dec 06, 2005 at 08:08:17AM +, Joe Orton wrote:
> The access control checks here are actually more important for the
> optional-SSL-not-upgraded case rather than the HTTP-on-HTTPS-port error
> case. Your change makes the test equivalent to:
>
> if (sc->enabled == SSL_ENABLED_FALSE
On Mon, Dec 05, 2005 at 10:03:43PM +0100, Ruediger Pluem wrote:
> I just tried to fix PR37791. Although trunk is CTR I do not want to
> commit something completely stupid :-). So please a quick remote eye
> by some SSL guy. To me it does not seem to make sense to continue
> ssl_hook_Access if ss
75 matches
Mail list logo
