Bug report for Apache httpd-2 [2017/01/08]

+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned

Re: clang-analyzer?

Several times a year, we get offers or full dumps of programmatic static code analysis. We have, for decades, rejected it all, and invited reporters to bring specific analysis of actually problematic cases back to the list (or security@, as applicable.) If anyone is interested, we consistently

Re: httpd-2.2.x and C89... ;-(

G/A and apologies for the delay...I'm not on the net 24/7... Yes, a 'clean' and 2.2.x build goes to completion without issue. Norm On 8/01/2017 12:29 AM, Yann Ylavic wrote: On Sat, Jan 7, 2017 at 1:35 AM, William A Rowe Jr wrote: Great catch, thanks Norm. That too is part

clang-analyzer?

Howdy, I ran clang-analyzer against the HTTPD master branch, and it found 126 issues. Many of these are benign, but I was curious if the community has any thoughts on this? With another project, I’ve found that keep static code analysis to zero issues can really help finding new, serious

Re: how make backend applications aware about tls-offloading

> On Jan 7, 2017, at 3:25 PM, Reindl Harald wrote: > > > > Am 07.01.2017 um 22:53 schrieb Yann Ylavic: >> On Sat, Jan 7, 2017 at 9:30 AM, Reindl Harald wrote: >>> >>> something like below where "X-TLS-Offloading" is only evaluated from >>>

Re: how make backend applications aware about tls-offloading

On Sun, Jan 8, 2017 at 12:39 AM, Reindl Harald wrote: > > Am 08.01.2017 um 00:31 schrieb Yann Ylavic: >> >> On Sun, Jan 8, 2017 at 12:22 AM, Reindl Harald >> wrote: >>> >>> >>> ok, so we need to continue the code below and set the option in every

Re: how make backend applications aware about tls-offloading

Am 08.01.2017 um 00:31 schrieb Yann Ylavic: On Sun, Jan 8, 2017 at 12:22 AM, Reindl Harald wrote: ok, so we need to continue the code below and set the option in every tls-offloaded application - intention of this thread was maybe get this transparent which seems not

Re: how make backend applications aware about tls-offloading

On Sun, Jan 8, 2017 at 12:22 AM, Reindl Harald wrote: > > ok, so we need to continue the code below and set the option in every > tls-offloaded application - intention of this thread was maybe get this > transparent which seems not to be possible It is "technically"

Re: how make backend applications aware about tls-offloading

Am 07.01.2017 um 23:53 schrieb Yann Ylavic: On Sat, Jan 7, 2017 at 11:25 PM, Reindl Harald wrote: Am 07.01.2017 um 22:53 schrieb Yann Ylavic: Wouldn't something like this work? RewriteRule on RewriteCond %{ENV:remoteip-proxy-ip-list} . RewriteCond

Re: how make backend applications aware about tls-offloading

On Sat, Jan 7, 2017 at 11:25 PM, Reindl Harald wrote: > > Am 07.01.2017 um 22:53 schrieb Yann Ylavic: >> >> Wouldn't something like this work? >> >> RewriteRule on >> RewriteCond %{ENV:remoteip-proxy-ip-list} . >> RewriteCond %{HTTP:X-TLS-Offloading} ^true$ >> RewriteRule

Re: how make backend applications aware about tls-offloading

Am 07.01.2017 um 22:53 schrieb Yann Ylavic: On Sat, Jan 7, 2017 at 9:30 AM, Reindl Harald wrote: something like below where "X-TLS-Offloading" is only evaluated from "RemoteIPInternalProxy" pyhsical addressess RemoteIPHeader X-Forwarded-For RemoteTLSHeader

Re: how make backend applications aware about tls-offloading

On Sat, Jan 7, 2017 at 9:30 AM, Reindl Harald wrote: > > something like below where "X-TLS-Offloading" is only evaluated from > "RemoteIPInternalProxy" pyhsical addressess > > RemoteIPHeader X-Forwarded-For > RemoteTLSHeaderX-TLS-Offloading >

Re: how make backend applications aware about tls-offloading

Am 07.01.2017 um 17:04 schrieb Jered Floyd: Does the "sslheaders" experimental plugin meet your needs? https://docs.trafficserver.apache.org/en/latest/admin-guide/plugins/sslheaders.en.html not really beause it's not transparent to the application and so i can continue fake the $_SERVER

Re: how make backend applications aware about tls-offloading

On Sat, Jan 7, 2017 at 2:30 AM, Reindl Harald wrote: > * Apache Trafficserver in front > * ATS configured for TLS-offloading > * connection to backend-httpd on the LAN unencrypted > * mod_remoteip correctly configured on backend httpd > > is there any way to make the

Re: httpd-2.2.x and C89... ;-(

On Sat, Jan 7, 2017 at 1:35 AM, William A Rowe Jr wrote: > Great catch, thanks Norm. That too is part of the r1753592 backport > proposal, hoping someone is willing to look at these proposals. Now backported to 2.2.x (r175), along with other accepted "SNI" patches. Norm,

Re: httpd-2.2.x and C89... ;-(

NormW in gmane.comp.apache.devel (Sat, 7 Jan 2017 11:31:32 +1100): > D:\Projects\svn\httpd-2.2.x>svn diff > Index: modules/proxy/mod_proxy.c > === > --- modules/proxy/mod_proxy.c (revision 1777591) > +++ modules/proxy/mod_proxy.c

how make backend applications aware about tls-offloading

* Apache Trafficserver in front * ATS configured for TLS-offloading * connection to backend-httpd on the LAN unencrypted * mod_remoteip correctly configured on backend httpd is there any way to make the backend php application aware that in fact $_SERVER['HTTPS'] and $_SERVER['REQUEST_SCHEME']