+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned
Several times a year, we get offers or full dumps of programmatic static
code analysis.
We have, for decades, rejected it all, and invited reporters to bring
specific analysis of actually problematic cases back to the list (or
security@, as applicable.)
If anyone is interested, we consistently
G/A and apologies for the delay...I'm not on the net 24/7...
Yes, a 'clean' and 2.2.x build goes to completion without issue.
Norm
On 8/01/2017 12:29 AM, Yann Ylavic wrote:
On Sat, Jan 7, 2017 at 1:35 AM, William A Rowe Jr wrote:
Great catch, thanks Norm. That too is part
Howdy,
I ran clang-analyzer against the HTTPD master branch, and it found 126 issues.
Many of these are benign, but I was curious if the community has any thoughts
on this? With another project, I’ve found that keep static code analysis to
zero issues can really help finding new, serious
> On Jan 7, 2017, at 3:25 PM, Reindl Harald wrote:
>
>
>
> Am 07.01.2017 um 22:53 schrieb Yann Ylavic:
>> On Sat, Jan 7, 2017 at 9:30 AM, Reindl Harald wrote:
>>>
>>> something like below where "X-TLS-Offloading" is only evaluated from
>>>
On Sun, Jan 8, 2017 at 12:39 AM, Reindl Harald wrote:
>
> Am 08.01.2017 um 00:31 schrieb Yann Ylavic:
>>
>> On Sun, Jan 8, 2017 at 12:22 AM, Reindl Harald
>> wrote:
>>>
>>>
>>> ok, so we need to continue the code below and set the option in every
Am 08.01.2017 um 00:31 schrieb Yann Ylavic:
On Sun, Jan 8, 2017 at 12:22 AM, Reindl Harald wrote:
ok, so we need to continue the code below and set the option in every
tls-offloaded application - intention of this thread was maybe get this
transparent which seems not
On Sun, Jan 8, 2017 at 12:22 AM, Reindl Harald wrote:
>
> ok, so we need to continue the code below and set the option in every
> tls-offloaded application - intention of this thread was maybe get this
> transparent which seems not to be possible
It is "technically"
Am 07.01.2017 um 23:53 schrieb Yann Ylavic:
On Sat, Jan 7, 2017 at 11:25 PM, Reindl Harald wrote:
Am 07.01.2017 um 22:53 schrieb Yann Ylavic:
Wouldn't something like this work?
RewriteRule on
RewriteCond %{ENV:remoteip-proxy-ip-list} .
RewriteCond
On Sat, Jan 7, 2017 at 11:25 PM, Reindl Harald wrote:
>
> Am 07.01.2017 um 22:53 schrieb Yann Ylavic:
>>
>> Wouldn't something like this work?
>>
>> RewriteRule on
>> RewriteCond %{ENV:remoteip-proxy-ip-list} .
>> RewriteCond %{HTTP:X-TLS-Offloading} ^true$
>> RewriteRule
Am 07.01.2017 um 22:53 schrieb Yann Ylavic:
On Sat, Jan 7, 2017 at 9:30 AM, Reindl Harald wrote:
something like below where "X-TLS-Offloading" is only evaluated from
"RemoteIPInternalProxy" pyhsical addressess
RemoteIPHeader X-Forwarded-For
RemoteTLSHeader
On Sat, Jan 7, 2017 at 9:30 AM, Reindl Harald wrote:
>
> something like below where "X-TLS-Offloading" is only evaluated from
> "RemoteIPInternalProxy" pyhsical addressess
>
> RemoteIPHeader X-Forwarded-For
> RemoteTLSHeaderX-TLS-Offloading
>
Am 07.01.2017 um 17:04 schrieb Jered Floyd:
Does the "sslheaders" experimental plugin meet your needs?
https://docs.trafficserver.apache.org/en/latest/admin-guide/plugins/sslheaders.en.html
not really beause it's not transparent to the application and so i can
continue fake the $_SERVER
On Sat, Jan 7, 2017 at 2:30 AM, Reindl Harald wrote:
> * Apache Trafficserver in front
> * ATS configured for TLS-offloading
> * connection to backend-httpd on the LAN unencrypted
> * mod_remoteip correctly configured on backend httpd
>
> is there any way to make the
On Sat, Jan 7, 2017 at 1:35 AM, William A Rowe Jr wrote:
> Great catch, thanks Norm. That too is part of the r1753592 backport
> proposal, hoping someone is willing to look at these proposals.
Now backported to 2.2.x (r175), along with other accepted "SNI" patches.
Norm,
NormW in gmane.comp.apache.devel (Sat, 7 Jan 2017 11:31:32 +1100):
> D:\Projects\svn\httpd-2.2.x>svn diff
> Index: modules/proxy/mod_proxy.c
> ===
> --- modules/proxy/mod_proxy.c (revision 1777591)
> +++ modules/proxy/mod_proxy.c
* Apache Trafficserver in front
* ATS configured for TLS-offloading
* connection to backend-httpd on the LAN unencrypted
* mod_remoteip correctly configured on backend httpd
is there any way to make the backend php application aware that in fact
$_SERVER['HTTPS'] and $_SERVER['REQUEST_SCHEME']
17 matches
Mail list logo