Am 29.09.2015 um 17:31 schrieb Jeff Trawick:
On 09/29/2015 04:20 AM, Reindl Harald wrote:
is that by intention?
The default timeout before retrying an error seems to be 10 minutes (see
http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslstaplingerrorcachetimeout),
which is pretty excessive
Am 06.09.2015 um 15:06 schrieb Kaspar Brand:
Taking into account that OCSP responders from the big players are
running on fairly robust infrastructure these days (cf. the sr.symcd.com
example, aka ocsp.verisign.net, aka ocsp.ws.symantec.com.edgekey.net),
I'm not buying the "OCSP is unreliable"
Am 05.09.2015 um 19:32 schrieb Seyyed Hesamoddin Ghasemi:
How can force Apache server to use a constant value sequence number in
all the sessions? Is this possible?
I'm an Msc computer engineering student and I need to do this in one of
the steps of my thesis implementations.
I would be happy
Am 16.07.2015 um 15:03 schrieb Michael Felt:
First little thing I ran into - that I did not have with 2.4.12 is this:
root@x065:[/data/prj/apache/httpd/test]/opt/httpd/sbin/apachectl start
AH00534: httpd: Configuration error: More than one MPM loaded.
Granted, I should perhaps change to
Am 10.07.2015 um 22:33 schrieb Jim Jagielski:
The pre-release test tarballs for Apache httpd 2.4.16 can be found
at the usual place:
http://httpd.apache.org/dev/dist/
I'm calling a VOTE on releasing these as Apache httpd 2.4.16 GA.
[ ] +1: Good to go
[ ] +0: meh
[ ] -1: Danger Will
in fact RedirectMatch is *completly* broken
RedirectMatch 404 ^\/something\/$
and *any* URI get a 404 response not just with the long list from my
previous post
Am 21.06.2015 um 18:57 schrieb Reindl Harald:
-1
just rebuilt my httpd rpm with the
http://httpd.apache.org/dev/dist/httpd-2.4.15
-1
just rebuilt my httpd rpm with the
http://httpd.apache.org/dev/dist/httpd-2.4.15.tar.bz2 on my testserver
and all vhosts are coming with a 404 page and nothing in the errorlog
first i thought it's a https problem cause by a self signed wildcard
certificate, but the same after remove the
is no longer re-useable
on different machines
On Sun, Jun 21, 2015 at 7:52 PM, Reindl Harald h.rei...@thelounge.net wrote:
in fact RedirectMatch is *completly* broken
RedirectMatch 404 ^\/something\/$
and *any* URI get a 404 response not just with the long list from my
previous post
Am
Am 21.06.2015 um 21:28 schrieb Yann Ylavic:
On Sun, Jun 21, 2015 at 9:04 PM, Reindl Harald h.rei...@thelounge.net wrote:
Am 21.06.2015 um 21:00 schrieb William A Rowe Jr:
Reindl,
Try reverting
http://svn.apache.org/viewvc?view=revisionrevision=1663259 and see if
this resolves your observed
rpmbuild to get a compareable
setup
On Jun 21, 2015 12:53 PM, Reindl Harald h.rei...@thelounge.net
mailto:h.rei...@thelounge.net wrote:
in fact RedirectMatch is *completly* broken
RedirectMatch 404 ^\/something\/$
and *any* URI get a 404 response not just with the long list from my
Am 21.06.2015 um 22:05 schrieb Yann Ylavic:
On Sun, Jun 21, 2015 at 9:37 PM, Reindl Harald h.rei...@thelounge.net wrote:
Am 21.06.2015 um 21:28 schrieb Yann Ylavic:
On Sun, Jun 21, 2015 at 9:04 PM, Reindl Harald h.rei...@thelounge.net
wrote:
Am 21.06.2015 um 21:00 schrieb William A Rowe
Am 28.05.2015 um 21:22 schrieb Rich Bowen:
On 05/27/2015 05:38 PM, olli hauer wrote:
- for long time there was no working mod_php module for 2.4, and
changing to
php-fpm was not for everyone a solution.
In my experience, the only reason that php-fpm wasn't a solution for
everyone is that
Am 26.05.2015 um 10:33 schrieb Rainer Jung:
Current mod_ssl code tries to read embedded DH and ECC parameters only
from the first certificate file. Although this is documented
DH and ECDH parameters, however, are only read from the first
SSLCertificateFile directive, as they are applied
Am 10.05.2015 um 03:02 schrieb Noel Butler:
Either way, using slackware on all my servers its trivial since the
distro keeps pretty much up to date by design - unlike RH/debian and
their kiddy versions who bring out new releases with 2+yo libs and other
goodies, I'd just hesitate to drop them,
Am 21.04.2015 um 15:55 schrieb Jim Jagielski:
For comment: What do people think about adding the capability that
when httpd is started, it tries to access http://httpd.apache.org/doap.rdf
to check its version number with the latest one referred to in that
file and, if a newer one exists, it
Am 17.04.2015 um 23:29 schrieb Yue Chen:
Hi,
In some OS's, the network stack would compile packet filters to the
native code, like the Berkeley Packet Filter (BPF)
apache and packet filter are completly different things at completly
different layers
signature.asc
Description: OpenPGP
what's the purpose of these warnings and listening on tcp6 in a
environment with a completly dsiabled ipv6 stack?
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
tcp6 0 0 :::80 :::*
LISTEN 1120/httpd
ifconfig
eth0:
Am 27.01.2015 um 21:41 schrieb William A. Rowe Jr.:
On Mon, 26 Jan 2015 16:43:29 -0500
Jim Jagielski j...@jagunet.com wrote:
I'll give the vote another 24 hours... I don't consider the
UTC/logging issue enough to hold the release, unless it appears
a symptom of a more serious problem, but
Am 22.12.2014 um 11:15 schrieb Graham Leggett:
On 21 Dec 2014, at 10:48 PM, Eric Covener cove...@gmail.com wrote:
I don't see how adding expression or Location support as
necessitating, or benefiting in a meaningful way, from the deprecation
/ movement of the other directives. I am assuming
Am 22.12.2014 um 14:26 schrieb Graham Leggett:
On 22 Dec 2014, at 14:53, Reindl Harald h.rei...@thelounge.net wrote:
as user i will tell you something about the without any notable problems: if
you use the new directives in the main configuration and somewhere below (vhost or even
.htaccess
Am 20.10.2014 um 19:17 schrieb wr...@rowe-clan.net:
Is this a responsible recommendation, though? Does TLSv1.0 offer any
significant improvement over SSLv3.0 that HTTP server project endorses?
Can or should 'we' officially designate SSLv3 as undesirable without
making the same recommendation
Am 17.10.2014 um 12:02 schrieb Takashi Sato:
SSLv3 is now insecure (CVE-2014-3566, POODLE)
Let's disable SSLv3 by default, at least trunk.
SSLProtocol default is all.
http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslprotocol
all means a shortcut for ``+SSLv3 +TLSv1'' or - when using
Am 02.10.2014 um 22:36 schrieb Joe Orton:
On Wed, Oct 01, 2014 at 02:16:17PM -0400, Eric Covener wrote:
The default handler (static file handler) is a fall-through, and there is
not currently a way to tell it NOT to respond for something because a
configured module unexpectedly passed control
Am 03.10.2014 um 00:09 schrieb Eric Covener:
On Thu, Oct 2, 2014 at 5:06 PM, Reindl Harald h.rei...@thelounge.net wrote:
however, control that by modsec gives you even the option to
select the status code without leak source code - if a module
can do that why not the core itself
Am 03.10.2014 um 02:18 schrieb Eric Covener:
On Thu, Oct 2, 2014 at 7:02 PM, Reindl Harald h.rei...@thelounge.net wrote:
Am 03.10.2014 um 00:09 schrieb Eric Covener:
On Thu, Oct 2, 2014 at 5:06 PM, Reindl Harald h.rei...@thelounge.net
wrote:
however, control
be at least
a big fat warning in the documenetation that it has
the opposite effect in some environments
On Mon, Sep 16, 2013 at 7:56 AM, Reindl Harald h.rei...@thelounge.net
mailto:h.rei...@thelounge.net wrote:
why in the world does Apache add the *sourcode* of the called PHP
script after
Am 01.10.2014 um 20:19 schrieb Eric Covener:
On Wed, Oct 1, 2014 at 2:16 PM, Eric Covener cove...@gmail.com
mailto:cove...@gmail.com wrote:
To me, this does not exonerate mod_php, it implicates it. I suspect your
source code is served because PHP
swallowed the LimitRequestBody
Am 01.10.2014 um 20:36 schrieb Eric Covener:
On Wed, Oct 1, 2014 at 2:24 PM, Reindl Harald h.rei...@thelounge.net
mailto:h.rei...@thelounge.net wrote:
i don't know what happens internally
That's what's on-topic for the development list
agreed - but ship source code to a client
Am 14.09.2014 um 13:21 schrieb Martynas Bendorius:
Is there any special reason why mod_systemd and mod_journald (available in
trunk) are not backported to 2.4 yet?
As we have a lot of distributions already using systemd by default
(CentOS/RHEL 7, Fedora, Arch Linux, CoreOS,
openSUSE),
Am 11.09.2014 um 18:13 schrieb wr...@rowe-clan.net:
Subject: Re: mod_status: Apache 2.4 incorrect IP (proxy, not
useragent_ip) on server-status page
From: Jim Jagielski j...@jagunet.com
Date: 9/11/14 10:45 am
To: dev@httpd.apache.org
Ugg. Yeah; we should actually have
Am 27.08.2014 um 22:26 schrieb dev:
unsubscribe
your job, no list-member can do that for you
hence the mail headers
list-help: mailto:dev-h...@httpd.apache.org
list-unsubscribe: mailto:dev-unsubscr...@httpd.apache.org
List-Post: mailto:dev@httpd.apache.org
List-Id: dev.httpd.apache.org
Am 15.07.2014 19:20, schrieb Jim Jagielski:
The pre-release test tarballs for Apache httpd 2.4.10 can be found
at the usual place:
http://httpd.apache.org/dev/dist/
I'm calling a VOTE on releasing these as Apache httpd 2.4.10 GA.
[ ] +1: Good to go
[ ] +0: meh
[ ] -1: Danger
Am 24.06.2014 20:40, schrieb Jim Jagielski:
I'm hoping to encourage us to push out the next 2.4 release within
the next coupla weeks, maybe after the July 4th US-based
holiday.
Comments?
yes - let me know whne there are testing-tarballs to feed
the local rpmbuilder :-)
signature.asc
Am 18.04.2014 14:34, schrieb Falco Schwarz:
As of httpd-2.4.7 the strength of DH temp keys is determined by the private
key's bit length. I recently noticed
the following behavior (using httpd-2.4.9 and openssl-1.0.2-beta2-dev):
I am using multiple certificates for one VHost (ECC and RSA):
Am 12.04.2014 20:21, schrieb mi2 co2:
Hi - I have a question regarding heartbleed and httpd configuration data
leakage. It was suggested that I ask this
on the dev list as well.
Should someone have been exploiting this bug, would it be possible that httpd
configuration data, derived via
Am 11.04.2014 15:34, schrieb Andre Nathan:
I'm trying to protect a webserver from DDoS attacks. The plan for this is to
not publish its IP address anywhere
public. DNS records point to a CDN service like CloudFlare. The CDN will sync
to the webserver via a random entry
in the zone, making
Am 11.04.2014 21:15, schrieb Jeff Trawick:
On Fri, Apr 11, 2014 at 3:00 PM, Andre Nathan andre...@gmail.com
mailto:andre...@gmail.com wrote:
On Fri, Apr 11, 2014 at 3:31 PM, Eric Covener cove...@gmail.com
mailto:cove...@gmail.com wrote:
Should have been more clear, I meant
Hi
i know that this is more or less off-topic but i doubt there
are better sources to ask then the httpd-developers
after update openssl and re-new all certificates one question
remains: in case of httpd-prefork would a attacker only have
been able to compromise the private key and data of his
Am 09.04.2014 13:53, schrieb Graham Leggett:
On 09 Apr 2014, at 1:48 PM, Reindl Harald h.rei...@thelounge.net wrote:
after update openssl and re-new all certificates one question
remains: in case of httpd-prefork would a attacker only have
been able to compromise the private key and data
Am 09.04.2014 14:19, schrieb Graham Leggett:
On 09 Apr 2014, at 2:14 PM, Roman Drahtmueller dr...@suse.de wrote:
There have been some zero-before-free changes in mozilla-nss recently.
It may be time to have object reuse issues in mind for both core and at
least the auth* modules.
The
Am 09.04.2014 17:41, schrieb William A. Rowe Jr.:
Combined with typical ssl session shmcb ... That single process still has
session keys of other prefork processes,
as well as the common ssl session ticket key and ssl cert keys. In practice
the benefits of prefork are somewhat
limited to
Am 09.04.2014 21:42, schrieb Rainer Jung:
On 09.04.2014 18:05, Reindl Harald wrote:
Am 09.04.2014 17:41, schrieb William A. Rowe Jr.:
Combined with typical ssl session shmcb ... That single process still has
session keys of other prefork processes,
as well as the common ssl session ticket
Am 08.04.2014 02:04, schrieb Miguel Villarreal:
Hello. Where can I find examples of how to use the APR_CRYPTO API?
multiple times was explained that this is the wrong list
why do you continue with such joke questions?
http://www.catb.org/esr/faqs/smart-questions.html
signature.asc
to be more precise it is part of glibc
[builduser@testserver:~]$ rpm -q --file /usr/include/unistd.h
glibc-headers-2.18-13.fc20.x86_64
Am 05.04.2014 21:33, schrieb Mario Brandt:
it should be included in your distro if you use linux or unix
signature.asc
Description: OpenPGP digital
Am 13.03.2014 17:49, schrieb Jim Jagielski:
The pre-release test tarballs for Apache httpd 2.4.9 can be found
at the usual place:
http://httpd.apache.org/dev/dist/
I'm calling a VOTE on releasing these as Apache httpd 2.4.9 GA.
[ ] +1: Good to go
[ ] +0: meh
[ ] -1: Danger Will
Am 11.03.2014 22:52, schrieb Falco Schwarz:
On 11 Mar 2014, at 22:43, Steffen i...@apachelounge.com
mailto:i...@apachelounge.com wrote:
Builds fine on VC11 Win32, other flavors I try tomorrow
Till now it runs fine, but get the following (run OpenSSL 1.0.1f):
AH02559: The
shit
is a psychopathic reaction to the the simple question post in plaintext and
was the direct repsone to that off-list reply to Noel
On 08/03/2014 10:49, Reindl Harald wrote:
if you fail to heed that warning your the only one who will regret it
stop your personal vendetta - the only one
the next one with his vendetta
i just *asked* consider post plain text
nothing more
Am 10.03.2014 00:32, schrieb Nick Edwards:
Truer words were never spoken about Harald Reindl, this person brings
trouble to every mailing list he joins
postfix - banned
read the history
fedora - moderation
Am 07.03.2014 18:07, schrieb Yann Ylavic
can you please post plaintext instead HTML to lists
for me such messages are unreadable after medical operations
on both eyes because you override my MUA font settings
signature.asc
Description: OpenPGP digital signature
Am 07.03.2014 18:58, schrieb Mikhail T.:
On 07.03.2014 12:28, Yann Ylavic wrote:
Sorry, this was posted from gmail...
Is it written anywhere in the bylaws of this mailing list
that use of HTML is something to apologize for?
nearly any mailing-list has it written clear, some even reject HTML
been most well behaved on, unlike others, please remember our previous
conversations. If you think a posters post
violates some RFC, ignore it, or take it up with him in private, do not
pollute this list with your bullshit.
Thank you :)
On Fri, 2014-03-07 at 19:13 +0100, Reindl Harald
no clue what are you doing and that thread
belongs not to http-ddevl at all - really
@Reindl Harald,
If I remove that apr files from 'BuildPrereq', it is still showing
some 'undeclared errors' related to apr-util modules
the intention to remove the build-deps in httpd.spec was for the
case you manage
Am 03.03.2014 11:07, schrieb Venkatesh Prabu Narayanan:
@Graham,
Most of these dependencies are not available for RHEL 4 via yum
why do you waste others time not stating at the begin
that you are use a unsupported and outdated OS?
you can't have recent software on such a system
so please
i would happily build a RPM for our devel-machines
still missing a RC tarball :-(
http://httpd.apache.org/dev/dist/
Am 03.03.2014 15:04, schrieb Jim Jagielski:
Anyone else willing/able to cast some STATUS votes?
On Feb 4, 2014, at 8:58 AM, Jim Jagielski j...@jagunet.com wrote:
I'd like to
Am 03.03.2014 15:44, schrieb Eric Covener:
On Mon, Mar 3, 2014 at 9:06 AM, Reindl Harald h.rei...@thelounge.net wrote:
Anyone else willing/able to cast some STATUS votes?
i would happily build a RPM for our devel-machines
still missing a RC tarball :-(
http://httpd.apache.org/dev/dist
Am 02.03.2014 08:00, schrieb Venkatesh Prabu Narayanan:
I am new to this list. I am trying to compile httpd 2.2.24 rpm build from
source tar ball and it is failing with
apr, apr-util dependencies.
[root@localhost httpd]# rpmbuild -ba httpd-2.2.24.spec
error: Failed build dependencies:
Am 28.02.2014 14:01, schrieb Tom Browder:
I got little response on the user list, so:
I am using httpd 2.4.7 built from source (On Debian Linux 7, 32-bit).
OpenSSL is a Debian package with version 1.0.1e.
The pertinent part of my httpd.conf is:
SSLCertificateKeyFile
Am 28.02.2014 14:18, schrieb Tom Browder:
On Fri, Feb 28, 2014 at 8:10 AM, Reindl Harald h.rei...@thelounge.net wrote:
Am 28.02.2014 14:01, schrieb Tom Browder:
I got little response on the user list, so:
http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslpassphrasedialog
Am 21.02.2014 14:13, schrieb Dr Stephen Henson:
On 21/02/2014 13:02, Jeff Trawick wrote:
Including dev@httpd.apache.org...
Is anybody else seeing the same behavior? Looking at the documentation, 2.4.7
has gained some performance improvements, but I’m seeing something different
on
my end
Am 09.02.2014 08:15, schrieb Kaspar Brand:
On 07.02.2014 01:58, Daniel Kahn Gillmor wrote:
As part of the goal of dropping encrypted private key support, have you
considered using an agent-based framework for private keys?
I haven't, no, since an important aspect of that goal is to reduce
Am 04.02.2014 19:16, schrieb Falco Schwarz:
After playing around a bit more with this patch, I discovered that
OCSPStapling cannot get the issuer certificate if you use only the
SSLCertificateFile directive. It works if you specify
SSLCertificateChainFile, though.
Error only using
Am 30.01.2014 18:47, schrieb Eric Covener:
I think a link here is good for posterity
thanks again for feedback
mod_rewrite doesn't expose client_addr
https://issues.apache.org/bugzilla/show_bug.cgi?id=56094
signature.asc
Description: OpenPGP digital signature
Am 31.01.2014 12:17, schrieb Reindl Harald:
Am 30.01.2014 18:47, schrieb Eric Covener:
I think a link here is good for posterity
thanks again for feedback
mod_rewrite doesn't expose client_addr
https://issues.apache.org/bugzilla/show_bug.cgi?id=56094
https://issues.apache.org/bugzilla
Hi
may i ask if there is a piece missing in the docs,
maybe even there and i don't spot it, or mod_rewrite
can not distinguish between %a and %{c}a currently
the idea is that the proxy has 127.0.0.1 and does SSL-termination
so it should use unecrypted connections to httpd, but in case
the
not that important now but maybe worth
should i post here the link to the bugreport or
leave it alone?
thanks again!
On Thu, Jan 30, 2014 at 11:02 AM, Reindl Harald h.rei...@thelounge.net
wrote:
Hi
may i ask if there is a piece missing in the docs,
maybe even there and i don't spot
Am 26.01.2014 23:11, schrieb Graham Leggett:
A look at mod_alias shows it has 7 directives:
• Alias
• AliasMatch
• Redirect
• RedirectMatch
• RedirectPermanent
• RedirectTemp
• ScriptAlias
• ScriptAliasMatch
In theory we only need these three:
• Alias
• Redirect
• ScriptAlias
+1
in some cases re-consider if a used option is really needed
and disable it may close a vulnerability, the admin only
needs to know that there is danger
Am 10.01.2014 15:24, schrieb Jim Jagielski:
+1
On Jan 10, 2014, at 8:44 AM, Jeff Trawick traw...@gmail.com wrote:
[X] It is mandatory to
Am 30.12.2013 18:07, schrieb Graham Leggett:
On 30 Dec 2013, at 6:58 PM, Stefan Fritsch s...@sfritsch.de wrote:
Does anyone disagree with the below change (not yet merged to 2.x
branches)? There is a similar paragraph in howto/auth.xml that I
intend to remove.
I would say digest
Am 27.12.2013 16:53, schrieb Frederick Miller:
Please remove me from this email list. Please unsubscribe me. Thanks.
first do *not* hijack threads
please realize that any mailing list has a welcome message
which should be read after subscribe and not careless thrown
away as well as list
Am 09.12.2013 19:28, schrieb Jim Jagielski:
This seems kinda serious
https://issues.apache.org/bugzilla/show_bug.cgi?id=55635
any remoteip people able to look into this?
i am willing to debug but i need a simplified
step-to-step what to look for and how to
reproduce if possible
Am 09.12.2013 20:00, schrieb Jeff Trawick:
On Mon, Dec 9, 2013 at 1:52 PM, Reindl Harald h.rei...@thelounge.net
mailto:h.rei...@thelounge.net wrote:
Am 09.12.2013 19:28, schrieb Jim Jagielski:
This seems kinda serious
https://issues.apache.org/bugzilla
Am 25.11.2013 21:49, schrieb Michael Felt:
I am wanting to leave the additions I have done (which are not known to any
clean option) and compare that with
a) the latest TR
b) the latest trunk
Is there a clean that goes farther than make distclean (i.e., to even undo
whatever buildconf
Hi
is there something wrong with these patches or why does ab not send SNI
headers?
https://blogs.oracle.com/meena/entry/apachebench_ab_and_sni
for each https-request fro ab the target servers floods one line into log
[Sat Nov 23 14:00:33.592232 2013] [ssl:error] [pid 28314] AH02033: No
Am 23.11.2013 14:22, schrieb Jeff Trawick:
On Sat, Nov 23, 2013 at 8:03 AM, Reindl Harald h.rei...@thelounge.net
mailto:h.rei...@thelounge.net wrote:
is there something wrong with these patches or why does ab not send SNI
headers?
https://blogs.oracle.com/meena/entry
Am 23.11.2013 15:44, schrieb Eric Covener:
On Sat, Nov 23, 2013 at 8:33 AM, Reindl Harald h.rei...@thelounge.net wrote:
Am 23.11.2013 14:22, schrieb Jeff Trawick:
On Sat, Nov 23, 2013 at 8:03 AM, Reindl Harald h.rei...@thelounge.net:
is there something wrong with these patches or why
Am 23.11.2013 16:13, schrieb Eric Covener:
is there something wrong with these patches or why does ab not send SNI
headers?
https://blogs.oracle.com/meena/entry/apachebench_ab_and_sni
Ask Meena perhaps? She's quite harmless
you missed what i asked - in fact why there are patches needed
Am 23.11.2013 16:48, schrieb Jeff Trawick:
On Sat, Nov 23, 2013 at 10:27 AM, Reindl Harald h.rei...@thelounge.net
Am 23.11.2013 16:13, schrieb Eric Covener:
I don't think this list is appropriate for this issue.
then state it without cynicism and disrespect
Further, I
VirtualHost IP_ADDR:443
IfModule mod_headers.c
Header set Strict-Transport-Security max-age=31536000
/IfModule
/VirtualHost
in case of a 404 error all mod_headers defined headers are missing
not only the ones defined inside VirtualHost
* X-DNS-Prefetch-Control
* X-Content-Type-Options
*
Am 19.11.2013 18:45, schrieb Jim Jagielski:
The pre-release test tarballs for Apache httpd 2.4.7 can be found
at the usual place:
http://httpd.apache.org/dev/dist/
I'm calling a VOTE on releasing these as Apache httpd 2.4.7 GA.
[ ] +1: Good to go
[ ] +0: meh
[ ] -1: Danger Will
), and hands them out to clients based on the length of
the certificate's RSA/DSA key. With
Java-based clients in particular (Java 7 or earlier), this may lead to
handshake failures - see this FAQ answer for
working around such issues.
Am 20.11.2013 00:12, schrieb Reindl Harald:
Am 19.11.2013 18:45
Am 13.11.2013 17:39, schrieb Jim Jagielski:
Now that APR 1.5 is soon-to-be released, we are good for
a release of 2.4.7.
I propose a TR next week (I'll RM) and would request
that people look thru STATUS for some remaining backports
is this one considered to be included in 2.4.7
Am 27.10.2013 12:59, schrieb Eric Covener:
On Sun, Oct 27, 2013 at 12:04 AM, Reindl Harald h.rei...@thelounge.net
wrote:
in case of SSLCryptoDevice rdrand is Apache using it exclusive
or as an additional entrophy source? exclusive most likely would
be bad, additional fine, but i do not find
Hi
in case of SSLCryptoDevice rdrand is Apache using it exclusive
or as an additional entrophy source? exclusive most likely would
be bad, additional fine, but i do not find any information
http://www.theregister.co.uk/2013/09/10/torvalds_on_rrrand_nsa_gchq/
___
also not
Am 28.09.2013 18:21, schrieb Tim Bannister:
On 28 Sep 2013, at 14:19, Eric Covener cove...@gmail.com wrote:
I've come back to this because I've struggled in another area with
access_checker vs. access_checker_ex. I really think we need basic access
control outside of Require and Satisfy.
Am 22.07.2013 17:01, schrieb William A. Rowe Jr.:
On Sun, 21 Jul 2013 00:15:45 +0200
Reindl Harald h.rei...@thelounge.net wrote:
but why does httpd need CAP_DAC_OVERRIDE while starting initially as
root?
CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_BIND_SERVICE CAP_SETGID
CAP_SETUID Jul 21
control (not traditional
access control, of course).
On Mon, Jul 22, 2013 at 1:08 PM, Reindl Harald h.rei...@thelounge.net
mailto:h.rei...@thelounge.net wrote:
Am 22.07.2013 17:01, schrieb William A. Rowe Jr.:
On Sun, 21 Jul 2013 00:15:45 +0200
Reindl Harald h.rei...@thelounge.net
Hi
i am trying to restrict Apache 2.4.5 / 2.4.6-dev as much as possible
without CAP_DAC_OVERRIDE i get warnings any docroot not existing while
after start all vhosts are fully operational, the other capabilities are
clear to switch the user and bind port 80, CAP_IPC_LOCK maybe for php-opcaches
Am 15.07.2013 18:48, schrieb Jim Jagielski:
The pre-release test tarballs for Apache httpd 2.4.6 can be found
at the usual place:
http://httpd.apache.org/dev/dist/
I'm calling a VOTE on releasing these as Apache httpd 2.4.6 GA.
NOTE: The -deps tarballs are included here *only* to make
Am 12.07.2013 14:03, schrieb kalyan sita:
I would like to work on mod_wsgi and fastcgi modules of Apache source code
But using configure I cannot enable these modules while building the httdp
2.2.22 source code. Can anyone please
help me out?
they are not part of the standard tarball and
Am 11.07.2013 20:54, schrieb Jim Jagielski:
The pre-release test tarballs for Apache httpd 2.4.5 can be found
at the usual place:
http://httpd.apache.org/dev/dist/
I'm calling a VOTE on releasing these as Apache httpd 2.4.5 GA.
NOTE: The -deps tarballs are included here *only* to
Am 10.07.2013 16:52, schrieb peter_bateman:
I know this may be a newbie question, however when i run the following
command, all of my apache processes are listed with -k start. I have an
example listed below:
ps -aux | grep apache | grep -v grep
apache 22397 3.5 0.3 360224 28476 ?
Am 10.07.2013 20:18, schrieb William A. Rowe Jr.:
Precisely. With mod_perl, they can pick it up in their next cycle. It
has been a very long time since 2.4.0, certainly within some of the
bleed releases, but without mod_perl nobody would make the jump.
It isn't inconcievable that 2.4.x is
Am 24.06.2013 20:16, schrieb Jim Jagielski:
I propose a release somewhere around the 4th of July,
to celebrate our independence from proprietary s/w!
I'll RM
a snapshot for testers at http://httpd.apache.org/dev/dist/
would be fine, it would take me 5 minutes to rebuild
our RPM from it and
Am 12.06.2013 21:15, schrieb William A. Rowe Jr.:
I believe the change is outside of the scope which server authors should
entertain, and it is up to the user agent authors to make an intelligent
choice knowing the risks and lack of risks in their agent implementation
yes and no
in fact if
Am 12.06.2013 21:49, schrieb William A. Rowe Jr.:
On Wed, 12 Jun 2013 21:24:31 +0200
Reindl Harald h.rei...@thelounge.net wrote:
well, on Redhat systems in /etc/sysconfig/httpd put the line
OPENSSL_NO_DEFAULT_ZLIB=1 did disable it before httpd
offered a option, but IHMO any server software
Am 12.06.2013 21:52, schrieb William A. Rowe Jr.:
On Wed, 12 Jun 2013 21:27:18 +0200
Stefan Fritsch s...@sfritsch.de wrote:
All web *browsers* that support compression are affected. Only non-
browser clients are not affected. Calling that far from all
stretches things a bit.
You would
Am 10.06.2013 15:37, schrieb Eric Covener:
Is there some historical or other reason that the location has higher
precedence that directory/files? I think the other way is much more
intuitive
no - not from the daily use perspective
Directory /
Options -Indexes
Am 10.06.2013 15:58, schrieb Eric Covener:
Directory /
Options -Indexes -ExecCGI -MultiViews +FollowSymLinks
AllowOverride None
Require all denied
/Directory
does not mean i do not need the possibility to allow
a specific
Am 03.06.2013 08:54, schrieb ruan:
unbelieveable - there where *two* of this
useless unsubscribe-threads within a few
days - what about read the welcome messages
and/or list-headers?
list-help: mailto:dev-h...@httpd.apache.org
list-unsubscribe: mailto:dev-unsubscr...@httpd.apache.org
List-Post:
IfModule mod_headers.c
Header set X-DNS-Prefetch-Control off
/IfModule
from the network:
x-dns-prefetch-control: off
signature.asc
Description: OpenPGP digital signature
101 - 200 of 284 matches
Mail list logo