15:55, Nick Gearls a
écrit :
Hello,
It would sometimes be very handy to be able to define a
variable (like -D on command-line or "Define xxx" in the
config) inside a module.
This would, for insta
Hello,
It would sometimes be very handy to be able to define a variable
(like -D on command-line or "Define xxx" in the config) inside a
module.
This would, for instance, allow to have a config file based on a
define from the module, knowing if the
Hello,
I'm using the Redhat 8 distribution (httpd 2.4.46) and I have a
segmentation fault in mod_proxy_http.c.
How can I work on this? Can I open a bug on bugzilla for a Redhat build?
It does not happen for all requests, just some (and it's reproducible).
Is it possible to deduce the problem
Couldn't we add, in the documentation:
- a list of headers that cannot be added by mod_headers
- a list of headers that are stripped by mod_proxy (and mod_proxy_*)
I'm facing a practical case where it's a nightmare to find a correct
solution, even with (very contradicting) information found
Hello,
I encounter a problem with the order of processing of output filters.
Maybe I'm missing some background but there's something very weird.
I'll show the example with mod_substitute but I imagine it's similar for
other modules (although I'm not sure).
Case 1:
Subst "s/x/1x/qn"
This can be done using mod_macro without any additional code
On 04-08-2017 11:26, Stefan Eissing wrote:
I talked about some kind of SSL Policy definition in httpd's configuration
in the past and am now about to get serious about it. Here is what I wan to
do:
Recap: the general idea is
1. Give
Patch uploaded: https://bz.apache.org/bugzilla/show_bug.cgi?id=61132
On 30-05-2017 09:00, Nick Gearls wrote:
Hi Ruediger,
I understood that.
My main question was "Which code do I include and release version and
which one do I keep only for a debug build?"
I have no problem to have
s too much
things.
I'll prepare a patch to have everything included at run-time, we'll see
the feedback.
Thanks for your time
On 24-05-2017 16:17, Ruediger Pluem wrote:
On 05/24/2017 03:56 PM, Nick Gearls wrote:
I added some debugging features in mod_substitute, damned useful when trying to
tr
I added some debugging features in mod_substitute, damned useful when
trying to troubleshoot things.
I'll propose a patch but I'd like your advise about when to log debug info:
I added the following info:
1. line to be parsed, type or search (regex/string), replace string
2. in case of
compatibility...
On Thu, 6 Oct 2016 10:06:22, Eric Covener <cove...@gmail.com> wrote
On Thu, Oct 6, 2016 at 3:04 AM, Nick Gearls <nickgea...@gmail.com> wrote:
>> I don't think mod_macro should emit a warning for its own basic
>> configuration
>
> That's what it currently do
: Unexpected Warnings from Macro Use in 2.4
Date: Wed, 5 Oct 2016 09:57:31 -0400
From: Eric Covener <cove...@gmail.com>
To: Apache HTTP Server Development List <dev@httpd.apache.org>,
nickgea...@gmail.com
On Wed, Oct 5, 2016 at 8:48 AM, Nick Gearls <nickgea...@gmail.com&
BOOL - fixed :-(
Forwarded Message
Subject:Re: mod_macro: Control on bad nesting
Date: Wed, 5 Oct 2016 09:54:43 -0400
From: Jim Jagielski <j...@jagunet.com>
To: dev@httpd.apache.org, nickgea...@gmail.com
'bool' ??
On Oct 5, 2016, at 8:50 AM, Nick
The proposed patch
(https://bz.apache.org/bugzilla/attachment.cgi?id=34012=diff) is
fully back-ward compatible and can save a lot of useless warnings in the
log.
Anyway to get somebody review it?
Thanks
On 06-07-2016 09:20, Nick Gearls wrote:
There's a patch (see
https://bz.apache.org
Nobody is interested in avoiding problems with this sanity check?
Trivial to review, only a warning - but that could save hours to users
On 06-07-2016 09:25, Nick Gearls wrote:
There's a patch (see
https://bz.apache.org/bugzilla/show_bug.cgi?id=58304) adding a warning
in case of syntax clash
There's a patch (see
https://bz.apache.org/bugzilla/show_bug.cgi?id=58304) adding a warning
in case of syntax clash with 'Define'
On 2/18/2015 6:12 AM, Tom Browder wrote:
> I have been using mod_macro for some time and always get the following
> types of messages on startup (using 2.4.12 now,
There's a patch (see
https://bz.apache.org/bugzilla/show_bug.cgi?id=59660) containing both
options (global directive + flag) for both warnings (nesting & empty
arguments)
Good point.
A global option is not a good option as it would disable this very
useful check for all macros.
What about "
Good point.
A global option is not a good option as it would disable this very
useful check for all macros.
What about " wrote:
What syntax would be the best one? maybe a (one character) /option after the
Macro keyword?
Ex: "" (and later "
Kinda ugly and probably breaks the core from
mod_macro checks that nesting is complete inside a macro.
This looks a good default, however there are some cases where we want
this and it generates a warning for nothing.
Ex:
ServerName @name
...
I'd like to add an option to suppress this warning when we need it.
dev@httpd.apache.org
On Tue, Feb 24, 2015 at 7:15 AM, Tom Browder tom.brow...@gmail.com wrote:
On Feb 24, 2015 6:52 AM, Nick Gearls nickgea...@gmail.com wrote:
Define mysite www.mycompany.com
Macro NewSite $mysite
Servername${mysite}
ErrorLog /var/log/httpd/${mysite}_error.log
/Macro
Use
Hi all,
Can anybody have a look at this trivial bug waiting for months?
The bug is obvious and the fix is a one line change.
Thanks a lot
:52, Tom Browder wrote:
On Feb 23, 2015 6:38 AM, Nick Gearls nickgea...@gmail.com wrote:
You could define, by mistake, the same with Define Macro, then, what will
happen ...
Can you be more specific, please?
You could define, by mistake, the as wi Define Macro, then, what will
happen ...
On 20-02-2015 15:09, Tom Browder wrote:
On Thu, Feb 19, 2015 at 2:08 PM, Tim Bannister is...@c8h10n4o2.org.uk wrote:
On 19 Feb 2015, at 13:02, Nick Gearls nickgea...@gmail.com wrote:
Wrong answer: mod_macro
“${macro:var}” is a good option
+1
On 19-02-2015 21:08, Tim Bannister wrote:
On 19 Feb 2015, at 13:02, Nick Gearls nickgea...@gmail.com wrote:
Wrong answer: mod_macro uses the syntax $var but also ${var}, which is mandatory if you
want the variable to be a part of a string, like in ${var}abc
Wrong answer: mod_macro uses the syntax $var but also ${var}, which is
mandatory if you want the variable to be a part of a string, like in
${var}abc.
The syntax really clashes with the Define directive, so it should be
changed.
Another unused character could be used, like §
On 18-02-2015
Why not using the standard regex syntax:
LocationMatch ~ ^/(?MYPREFIXfoo|bar)/baz/(?MYFILE.*)
On 26-12-2013 08:43, Graham Leggett wrote:
Hi all,
It seems it is currently not possible to make reference to backreferences in
regexes:
LocationMatch ~ ^/(foo|bar)/baz
Something ${1}
Maybe it's time to remove all redundant code in mod_ssl and use all
features of OpenSSL; PKCS#11 will then be automatically supported and
the maintenance of mod_ssl will be simplified a lot.
On 26-11-2013 18:55, Kaspar Brand wrote:
On 26.11.2013 16:44, Graham Leggett wrote:
Hi all,
I am
On 23-04-2013 19:40, Vincent Deffontaines wrote:
Last point, who knows, maybe using interpolation together with
mod_macro/mod_rewrite will be the next great thing that we didn't think
of, and this config will even let super clever admins invent it for
us;)
especially mod_define
Consistency would be a major enhancement. the best solution would be to
have it enabled without any change to current modules implementation.
Yes, it would be incompatible with the modules that implemented their
own parsing, but why not establish a new standard for httpd 3?
For 2.x, a trade-off
+1
On 03-01-2013 03:06, Eric Covener wrote:
I was preparing the IP clearance forms and noticed our original vote
thread was more of a discussion. I wanted to record a formal vote here
so I can link to it.
Pending IP clearance...
[+1] accept mod_macro as a standard module and responsibility
On 04-12-2012 18:04, fab...@apache.org wrote:
Without UndefMacro, it can lead to warnings on redefinitions that
could be considered noisy and could not be removed.
I agree
On 11-11-2012 18:16, Stefan Fritsch wrote:
On Sunday 11 November 2012, Rainer Jung wrote:
I would like to donate the code so that it could be integrated
with apache as a standard module.
+1
+1
+1
Hello,
I'd like to insert a request in the middle of another one.
Example:
request -- httpd(proxy mode) - web site
should become
request -- httpd(receive) -- external request -- httpd(send)
- web site
I obviously need to send my external request based on the
Hello,
It was requested to provide some ideas for the direction to go with httpd 3.
One of the main issues I'd like to be tackled is the lack of consistency
in the directives for linked functionalities.
For instance:
- Some modules have access to variables set with Setenv, but not those
set
Hello,
When dealing with config running on different platforms (ex:
Linux/Solaris/Windows, 32/64 bits), it is very difficult to write a
generic config because some dependencies are platform-specific.
Ex:
- LoadFile /lib64/libgcc_s.so.1
- LoadFile /lib/libgcc_s.so.1
Couldn't we add some
Directive execution order is performed in a very strange way in
mod_substitute.
Look at the following example:
Substitute s/aaa/global/inq
Location /test/
Substitute s/aaa/local/inq
/Location
If I have aaa in a page, I expect it to be replaced by global.
No luck, it is
by mod_sed? What is the logic there?
Thanks,
Nick
Original Message
Subject:Re: mod_substitute buggy execution order
Date: Mon, 19 Dec 2011 15:34:41 -0600
From: William A. Rowe Jr. wr...@rowe-clan.net
To: dev@httpd.apache.org
CC: Nick Gearls nickgea...@gmail.com
Isn't it safer to only accept explicit entries, like
SSLCipherSuite -ALL:RC4-SHA:AES128-SHA:TLSv1+HIGH:SSLv3+HIGH:-aNULL
SSLProtocol-ALL +SSLv3 +TLSv1
Nick
On 13/11/2011 11:47, Kaspar Brand wrote:
On 07.10.2011 07:10, William A. Rowe Jr. wrote:
Exactly... we should default to a server
I'm using this patch
(https://issues.apache.org/bugzilla/attachment.cgi?id=25643) in prod in
several huge environments for more than one year and it rocks.
Can we add this to trunk?
Thanks,
Nick
Unless I misunderstand something, I found a problem with ProxyPass
behaviour:
with the config below, I expect, when the back-end server does not
answer (status 502), to receive my custom HTML page.
But it doesn't - the exception (ProxyPass /local !) is ignored.
ErrorDocument 502
Hello,
It seems that some headers cannot be modified when mod_proxy sets them.
Ex: Content-Type - it is not possible to overwrite it with any of the
following directives:
AddType ...
ForceType ...
Header set ...
I suppose that mod_proxy runs later then mod_headers 5?).
Could this be
It's indeed prior to 2.2.12. I assume the problem is solved.
However, what about the proposition to indicate for every module (or
directive when needed) the phase it runs, to be able to determine
interactions? I guess this shouldn't be difficult when you know the
module. This could maybe even
Nick,
I understand the goal.
But what about indicating for each module the hook phase it is using
(first/middle/last).
Probably only one entry for most modules.
One entry fort some directives for complex ones.
Would this be so complex to read? I agree it would probably be ignored
by most
there doesn't seem to be any immediate demand for renegotiation
support, so it makes the most sense to leave it optional-to-enable
rather than optional-to-disable.
If you want to protect some parts of your site with client
authentication, then you need to enable insecure renegotiation to
ProxyPass /cgi-bin/ http://otherserver.com/cgi-bin/ preservehost=On
keepalive=Off
This is more akin to how other worker properties are set.
What when we use RewriteRule[P] to proxy instead of ProxyPass?
For those who wonder why some may want to use RewriteRule, instead of
ProxyPass: it is
Probably not, but as we specify the time-outs to allow all normal
requests (we hope), I'd like to be warned when an attack occurs, but
also if one of my genuine customers is blocked (to possibly fine-tunes
the time-outs).
Another option would be to set an environment variable, so I could
Hello,
When an attack (timeout) is detected, it is logged at the info level.
Shouldn't this be considered as a warning?
Regards,
Nick
in the config a.k.a. mod_define
Date: Thu, 20 Jan 2011 16:29:43 +0100
From: Rainer Jung rainer.j...@kippdata.de
Reply-To: dev@httpd.apache.org
To: dev@httpd.apache.org
On 20.01.2011 16:02, Stefan Fritsch wrote:
On Thu, 20 Jan 2011, Nick Gearls wrote:
Using the $ character can interact with core
Using the $ character can interact with core interpolation, but also
with, for instance, mod_macro.
I strongly recommend to let mod_define's ability to replace the special
characters.
Moreover, mod_define is very stable, so why to strip it instead of just
extending it?
Cheers,
Nick
Hello,
I saw servers completely freezing (the whole system, not only httpd) due
to a memory leak problem in mod_substitute.
This is a major issue as it can completely block your systems, sometimes
even the fail-over as the server is blocked, but not completely down.
Even the management
we need to flatten and that takes time and space... lots o' space
OK, but why more space at each request?
The memory should be released at the end of the request.
Nick
On 7/1/2011 16:56, Jim Jagielski wrote:
On Jan 7, 2011, at 10:46 AM, Nick Kew wrote:
On Fri, 7 Jan 2011 15:59:26 +0100
When setting the q flag, I have no more memory leaks.
And it substitutes all instances on the line; however, it seems we
cannot assume it will always do so :-(
Btw, I never understood when multiple subst will work with the q flag;
does somebody have an answer?
For instance,
Substitute
...@gmail.com
On Sat, 6 Nov 2010, Nick Gearls wrote:
Btw, I copied the code from mod_headers and it is 98% identical, so I'll
modularise it to be 100% portable between these 2 modules (and others). The
next step will be to remove it from the modules itself and make the static
functions global
Subject: mod_substitute tags parsing
Date: Sat, 06 Nov 2010 18:19:33 +0100
From: Nick Gearls nickgea...@gmail.com
Reply-To: nickgea...@gmail.com
To: Development Apache dev@httpd.apache.org
Hello,
I took the tags parsing code from mod_headers to incorporate it to
mod_substitute.
It almost
Message
Subject: Re: mod_substitute tags parsing
Date: Sun, 7 Nov 2010 13:48:47 +0100 (CET)
From: Stefan Fritsch s...@sfritsch.de
To: Development Apache dev@httpd.apache.org, nickgea...@gmail.com
On Sun, 7 Nov 2010, Nick Gearls wrote:
Actually, the problem is that apr_table_get(r
Hello,
I took the tags parsing code from mod_headers to incorporate it to
mod_substitute.
It almost works, but I cannot obtain the handlers via apr_hash_get() -
even the locally defined ones (%D %t).
They are all registered:
static int tags_pre_config(apr_pool_t *p, apr_pool_t *plog,
mod_substitute, when triggered on the attached text with any
substitution, screws up the message: it either completely mixes
characters and truncates the text, or leads to an encoding error
(detected by the browser).
Ex: s/e/x/n
Remark: when using the q parameter, it works. The n parameter
Hello,
I'd like to extend the patch to allow also format string into the regex
part, but 'parse_format_string' looks a bit hard-coded to the value part.
How could I use to parse the regex?
Thanks,
Nick
ruediger.pl...@vodafone.com
To: dev@httpd.apache.org, nickgea...@gmail.com
-Original Message-
From: Nick Gearls
Sent: Mittwoch, 2. Juni 2010 14:06
To: Development Apache
Subject: mod_proxy and chunked encoding
Hello,
Although I can see a lot of problems related to chunked
encoding
Hello,
Although I can see a lot of problems related to chunked encoding, it is
not clear to me if it is correctly supported in latests versions.
During tests with 2.2.4, I found the following problem: when the
back-end sends chunked encoding to an Apache reverse proxy (see below
for loaded
Hello,
Is somebody still working on mod_substitute, or is this module abandoned?
The first bug is an enhancement, but the last 2 ones are blocking ones.
Could somebody work on this?
Thanks
Nick
Last version from trunk
Jim Jagielski wrote:
On Nov 19, 2009, at 12:12 PM, Nick Gearls wrote:
I'm not sure this is really desired:
1. More or less normal/abnormal case:
s/123/abc123def/ - *123* becomes abcabc123defdef
Substitution is made twice (why not 3 times, 4 times,... ?).
Flatening
-
From: Nick Gearls [mailto:nickgea...@gmail.com]
Sent: Mittwoch, 12. August 2009 16:32
To: Development Apache
Subject: Certificate chain order not conform to TLS standard
Hello,
I get problems with a picky SSL client complaining that
Apache does not
send the certificate chain in the right
Hello,
I get problems with a picky SSL client complaining that Apache does not
send the certificate chain in the right order (server/CA/root).
Is that possible? Doesn't Apache (I am using 2.2.4) honor the RFC?
Thanks,
Nick
on my test page).
Can I really consider this as safe?
Thanks,
Nick
Ruediger Pluem wrote:
On 06/10/2009 06:18 PM, Nick Gearls wrote:
Hi Nick,
Do you mean that mod_sed should be used instead of mod_substitute?
Because it is more complete, or more mature? I only need the substitution.
About
Hello,
There seems to be a memory problem when substituing something on very
long lines (several hundreds KB). this problem is different from bug
44948 (I applied this patch).
When using something like Substitute s/string1/string2/ on a 300 KB
line with 30 times string1 on the line, there
The problem is real.
I have an application which generates one line of about 300 KB :-(
In this case, Apache eats up all the memory (about 1 GB), and never
gives it back to the OS - game over - reboot !
How could this be solved?
Thanks,
Nick
Dan Poirier wrote:
Nick Gearls nickgea
Nick Kew wrote:
On Wed, 10 Jun 2009 13:11:16 +0200
Nick Gearls nickgea...@gmail.com wrote:
2. The memory is not freeed at the end of the HTTP request.
Maybe is it due to Keep-alive?
It's recycled within the server.
If using the q switch to not flatten the buckets, it uses almost no
memory
In a page containing only abcdef (inside the body), and the
following directives,
Substitute s~(abc.*)$~$1~q
Substitute s~def~XXX~
the second directive should be ignored, because of the q flag on the
first one.
The result should be abcdef.
However, the result is abcXXX.
Did I miss
I found a problem with handling of new lines in mod_substitute.
Take the following file as example
html
body
/body
/html
1. If I use Substitute s/\n/1/, it works almost correctly:
html
1body
1/body
1/html
1
Note
);
b = tmp_b;
}
Regards
Rüdiger
-Ursprüngliche Nachricht-
Von: Nick Gearls
Gesendet: Freitag, 13. März 2009 15:26
An: dev@httpd.apache.org
Betreff: Re: mod_substitute back-references
No, only once at a time.
It's just to give several
Same file, mod_substitute from 2.2.11, test under Windows
Regards,
Nick
Plüm, Rüdiger, VF-Group wrote:
-Ursprüngliche Nachricht-
Von: Nick Gearls
Gesendet: Montag, 16. März 2009 10:02
An: dev@httpd.apache.org
Betreff: Re: mod_substitute back-references
Different result
.
I suppose there is another interaction.
I'll try to make more tests.
Regards,
Nick
Nick Gearls wrote:
Same file, mod_substitute from 2.2.11, test under Windows
Regards,
Nick
Plüm, Rüdiger, VF-Group wrote:
-Ursprüngliche Nachricht-
Von: Nick Gearls Gesendet: Montag, 16. März
no influence.
I also managed to have a full recursive loop (Apache eating memory up to
a crash), but I cannot reproduce it anymore !?!
Regards,
Nick
Ruediger Pluem wrote:
On 03/12/2009 06:13 PM, Nick Gearls wrote:
Anyway, a real problem:
Substitute s|(toreplace)|*replaced[$1]*|qi
. I do not
expect this.
Nick
Jim Jagielski wrote:
On Mar 11, 2009, at 5:03 AM, Nick Gearls wrote:
Oops, stupid !
Anyway, a real problem:
Substitute s|(toreplace)|*replaced[$1]*|qi
translates toreplace into
*replaced[*replaced[*replaced[toreplace]*]*]*
Don't we expect the q flag
at 8:01 AM, Nick Gearls nickgea...@gmail.com wrote:
When using
Substitute s|toreplace|*$1*|ni
I get *$1 in my page.
You have to capture something.
Same thing
Plüm, Rüdiger, VF-Group wrote:
Have you tried without the q flag?
Regards
Rüdiger
-Ursprüngliche Nachricht-
Von: Nick Gearls
Gesendet: Mittwoch, 11. März 2009 10:04
An: dev@httpd.apache.org
Betreff: Re: mod_substitute back-references
Oops, stupid !
Anyway, a real
When using
Substitute s|toreplace|*$1*|ni
I get *$1 in my page.
There is no info about backtracking on the doc page, so maybe I don't
use the right syntax ?
Regards,
Nick
Plüm, Rüdiger, VF-Group wrote:
-Ursprüngliche Nachricht-
Von: Nick Gearls
Gesendet: Montag, 9
Hi,
Is there any plan to support back-references in mod_substitute ?
mod_sed could obviously do it, but it must be much heavier.
Thanks,
Nick
at global level, then to 0 at the dir level.
But in ap_proxy_http_process_response(), dconf-error_override is
always set to 1. dconf is built as usual:
proxy_dir_conf *dconf = ap_get_module_config(r-per_dir_config,
proxy_module);
Any idea ?
Thanks,
Nick
Nick Gearls wrote:
A patch is submitted
The development was actually done in 2.2.
I do not see any difference between 2.2 2.3 regarding this.
Eric Covener wrote:
On Tue, Feb 3, 2009 at 5:39 AM, Nick Gearls nickgea...@gmail.com wrote:
A patch is submitted:
https://issues.apache.org/bugzilla/show_bug.cgi?id=46656
Here
I understand now.
What about 2.3 ?
To be honest, I really cannot imagine another module using that value,
even in 2.2. But we have to be strict, I agree.
Does the code satisfies everybody, or should I rework it in any way ?
Eric Covener wrote:
On Tue, Feb 3, 2009 at 9:33 AM, Nick Gearls
A patch is submitted:
https://issues.apache.org/bugzilla/show_bug.cgi?id=46656
Here are the modifs:
- added |ACCESS_CONF to AP_INIT_FLAG
- error_override error_override_set are moved to proxy_dir_conf
- set_proxy_error_override() is modified to use provided dconf*
As I explained, this is very
Hello,
Is there any reason to not accept this directive inside a location ?
There is a major reason to use a different setting inside a location:
- for security reason, you set it to on
- if you have a Web service, you are obliged to set it to off because
SOAP fault error messages are reported
Hello,
In ssl_engine_kernel.c, line 1439 in ssl_callback_SSLVerify_CRL(), we
reinitialise a new CRL by calling object SSL_X509_STORE_lookup().
This was already performed at the beginning of the function.
Couldn't we reuse the first one instead of cleaning it and reusing it ?
I don't see any
On 07/19/2008 06:08 PM, Nick Kew wrote:
Reviewing the backport proposal in STATUS, it amounts to
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/mappers/mod_rewrite.c?r1=6394
\
65r2=664330pathrev=664330
It still seems to be at risk of generating a malformed cookie,
if secure is
Cross-site scripting (XSS) vulnerability when displaying the 403
Forbidden error page
I can't find any info about this issue on the site.
I guess this could also touch some other error numbers (404, ...).
Any patch to fix this ?
Btw, is there a way to be notified about security issues ?
I'm interested
Regards,
Nick
If there's a chance to add it, I'm ready to write the doc patch
Nick
Dirk-Willem van Gulik wrote:
On May 6, 2008, at 3:27 PM, Nick Gearls wrote:
Just a little adding: by adding LoadFile libgcc_s.so.1 in
httpd.conf, I don't have any more file in the chroot (except htdocs
if not in pure
Can you tell me where to find the XML doc file ?
It's not obvious from the site :-(
Thanks,
Nick
Dirk-Willem van Gulik wrote:
On May 6, 2008, at 4:12 PM, Nick Gearls wrote:
If there's a chance to add it, I'm ready to write the doc patch
Lets get that in there - and then lets (or I'll
Great idea
Nick
Jani M. wrote:
Hi,
I've been playing with the idea of adding support for the proxy module
to add stickysession cookies on behalf of the backend servers. I have
one case on my hands right now where this would be needed, and I can
think of this being of use for others too.
Can we move a build from one Linux machine to another one (same OS
version, CPU, etc.), or are there some hard-coding in the binaries
linked to the origin platform ?
I'm obviously asking the question because I tried and I have a problem
on the target computer: Apache does not seem to correctly
Is there some limitation in using new versions of PCRE libraries ?
For example, can we use latest PCRE (5.10.x) with Apache 2.2.4 ?
Thanks,
Nick
I'm running the patch for one week on a production server, and it works
perfectly (http://svn.apache.org/viewvc?view=revrevision=611483).
When using Apache as a reverse proxy, the chroot environment is totally
empty (except libgcc_s.so.1).
Could we include this in next build ?
As it is very
Hello,
As some may now, ModSecurity adds a very easy and effective way to put
Apache in jail, but chrooting the process after its initialisation, thus
putting all listening processes in jail.
You specify one directive, and the only thing you have to put in the
jail is your htdocs and logs
Message-
From: Colm MacCarthaigh [mailto:[EMAIL PROTECTED]
Sent: Donnerstag, 24. Januar 2008 13:16
To: dev@httpd.apache.org
Subject: Re: High security
On Thu, Jan 24, 2008 at 01:10:23PM +0100, Nick Gearls wrote:
You specify one directive, and the only thing you have to
put in the
jail is your
Hello,
The proposed patch generalizes a mechanism that currently exist, but is
incomplete.
It now allows to accept all SSL connections that fail for any reason
related to certificate verification or validation.
Could this be included in next release ?
This has a huge impact on the user, as
Hello,
I'm trying to build Apache 2.2.4 with VS 2008 Beta 2 (under Vista to
make it simple), and I have a problem.
I patched several stuff to have it compile nicely, but the program
crashes at startup: An unhandled non-continuable exception was thrown
during process load. The program
Hi,
I think mod_proxy should be enhanced/fixed in some way:
- If I use ProxyPass ProxyPassReverse to forward connection from
proxy to back-end, ProxyPassReverse adapts the Location header
from back-end/... to proxy/
1. Why only the Location header ?
2. In case you access your proxy in
wrote:
On Wed, 03 Oct 2007 12:11:09 +0200
Nick Gearls [EMAIL PROTECTED] wrote:
Hi,
I think mod_proxy should be enhanced/fixed in some way:
- If I use ProxyPass ProxyPassReverse to forward connection from
proxy to back-end, ProxyPassReverse adapts the Location header
from back-end
I agree, we have to check if it latches the back-end before changing it
to the front-end, and vice-versa.
This way, it sounds totally safe, no ?
Graham Leggett wrote:
On Wed, October 3, 2007 1:03 pm, Nick Kew wrote:
It would break headers that contain a URL-like pattern that isn't
a URL.
1 - 100 of 105 matches
Mail list logo