Hi!
What happened to the investigation of 2.4.x graceful restarts taking a
long time to complete? Arkadiusz Miskiewicz raised the issue on April
11/12 and there was some discussion, but I can se no real action taken
to fix it?
Anyhow, we're seeing what I believe is this issue on httpd
I'm getting the impression I did not state why these patches improve the
existing feature clearly enough, so I'll give it another shot.
1) The first patch addresses a scalability issue in mod_proxy. At present
an admin has to configure one ProxyPassReverseCookieDomain for every single
server he
thank you, this works exactly as expected with Apache 2.4 and
mod_remoteip / mod_security, how i tested is expplained at bottom
PLEASE revisit the mod_security 2.7.2 change
* Fixed mod_security displaying wrong ip address in error.log using apache 2.4
and mod_remoteip
this was obviously a wrong
Good. But is think we still need SecDefineRemoteAddr for Apache 2.2 without
rpaf right ?
On Mon, May 6, 2013 at 10:02 AM, Reindl Harald h.rei...@thelounge.netwrote:
thank you, this works exactly as expected with Apache 2.4 and
mod_remoteip / mod_security, how i tested is expplained at bottom
Based on Stefan's reply I replaced mod_proxy's config pool with a sub-pool
and wrapped a mutex around the pool usage. Basic testing went well but I
have to do some more thorough parallel testing.
One thing which had me confused was the balancers. In
ap_proxy_define_balancer() they are handed a
i do not think so
anybody which is running his webserver behind a load-balancer
without a solution like rpaf is obviously a fool because any
apache error/access-log is useless, any Allow/Deny does not
work as expected and last but not least REMOTE_ADDR in CGI
and PHP scripts is the address from
Yes.. but we cannot assume all users is doing it right :)
And to be honest i think many are not doing it.
Do you have a box without rpaf or you can disable it to test
SecDefineRemoteAddr ?
Also i will need this feature for nginx/iis module.
Thanks
On Mon, May 6, 2013 at 10:08 AM, Reindl
Am 06.05.2013 15:11, schrieb Breno Silva:
Yes.. but we cannot assume all users is doing it right :)
And to be honest i think many are not doing it.
in this case they also would not configure SecRemoteAddrDefine
Do you have a box without rpaf or you can disable it to test
* in this case they also would not configure SecRemoteAddrDefine
Why not ? If the proxy/load balancer is setting the X-Forwarded-For we
could extract the data using SecDefineRemoteAddr right ?
On Mon, May 6, 2013 at 10:17 AM, Reindl Harald h.rei...@thelounge.netwrote:
Am 06.05.2013 15:11,
Am 06.05.2013 15:20, schrieb Breno Silva:
* in this case they also would not configure SecRemoteAddrDefine
Why not ? If the proxy/load balancer is setting the X-Forwarded-For we could
extract the data using
SecDefineRemoteAddr right ?
but you do you expect people not care about the
On Sat, 4 May 2013, Micha Lenk wrote:
I am pretty sure that this is a thread-unsafe pool usage.
create_proxy_config() puts the global config pool into
(proxy_server_conf)-pool. It is later (during request processing)
used all over the place without further locking. This must be a sub-
On Mon, 6 May 2013, Thomas Eckert wrote:
Based on Stefan's reply I replaced mod_proxy's config pool with a sub-pool
and wrapped a mutex around the pool usage. Basic testing went well but I
have to do some more thorough parallel testing.
Nice.
One thing which had me confused was the
We use process supervision and don't have a use for pid files. We
are running multiple httpd instances, and have the config management
to create a writable configured place for each instance to put its
pid file.
This config management has some ongoing cost to maintain, and we would
find it nicer
13 matches
Mail list logo