[STATUS] (httpd-test: perl-framework) Wed Feb 16 23:46:33 2005
httpd-test/perl-framework STATUS: -*-text-*- Last modified at [$Date: 2004-11-24 19:36:41 -0500 (Wed, 24 Nov 2004) $] Stuff to do: * finish the t/TEST exit code issue (ORed with 0x2C if framework failed) * change existing tests that frob the DocumentRoot (e.g., t/modules/access.t) to *not* do that; instead, have Makefile.PL prepare appropriate subdirectory configs for them. Why? So t/TEST can be used to test a remote server. * problems with -d perl mode, doesn't work as documented Message-ID: [EMAIL PROTECTED] Date: Sat, 20 Oct 2001 12:58:33 +0800 Subject: Re: perldb Tests to be written: * t/apache - simulations of network failures (incomplete POST bodies, chunked and unchunked; missing POST bodies; slooow client connexions, such as taking 1 minute to send 1KiB; ...) * t/modules/autoindex - something seems possibly broken with inheritance on 2.0 * t/ssl - SSLPassPhraseDialog exec: - SSLRandomSeed exec:
[STATUS] (httpd-test: flood) Wed Feb 16 23:46:07 2005
flood STATUS: -*-text-*- Last modified at [$Date: 2004-11-24 19:36:41 -0500 (Wed, 24 Nov 2004) $] Release: 1.0: Released July 23, 2002 milestone-03: Tagged January 16, 2002 ASF-transfer: Released July 17, 2001 milestone-02: Tagged August 13, 2001 milestone-01: Tagged July 11, 2001 (tag lost during transfer) RELEASE SHOWSTOPPERS: * Everything needs to work perfectly Other bugs that need fixing: * I get a SIGBUS on Darwin with our examples/round-robin-ssl.xml config, on the second URL. I'm using OpenSSL 0.9.6c 21 dec 2001. * iPlanet sends Content-length - there is a hack in there now to recognize it. However, all HTTP headers need to be normalized before checking their values. This isn't easy to do. Grr. * OpenSSL 0.9.6 Segfaults under high load. Upgrade to OpenSSL 0.9.6b. Aaron says: I just found a big bug that might have been causing this all along (we weren't closing ssl sockets). How can I reproduce the problem you were seeing to verify if this was the fix? * SEGVs when /tmp/.rnd doesn't exist are bad. Make it configurable and at least bomb with a good error message. (See Doug's patch.) Status: This is fixed, no? * If APR has disabled threads, flood should as well. We might want to have an enable/disable parameter that does this also, providing an error if threads are desired but not available. * flood needs to clear pools more often. With a long running test it can chew up memory very quickly. We should just bite the bullet and create/destroy/clear pools for each level of our model: farm, farmer, profile, url/request-cycle, etc. * APR needs to have a unified interface for ephemeral port exhaustion, but aparently Solaris and Linux return different errors at the moment. Fix this in APR then take advantage of it in flood. * The examples/analyze-relative scripts fail when there are less than 5 unique URLs. Other features that need writing: * More analysis and graphing scripts are needed * Write robust tool (using tethereal perhaps) to take network dumps and convert them to flood's XML format. Status: Justin volunteers. Aaron had a script somewhere that is a start. Jacek is working on a Mozilla application, codename Flood URL bag (much like Live HTTP Headers) and small HTTP proxy. * Get chunked encoding support working. Status: Justin volunteers. He got sidetracked by the httpd implementation of input filtering and never finished this. This is a stopgap until apr-serf is completed. * Maybe we should make randfile and capath runtime directives that come out of the XML, instead of autoconf parameters. * We are using apr_os_thread_current() and getpid() in some places when what we really want is a GUID. The GUID will be used to correlate raw output data with each farmer. We may wish to print a unique ID for each of farm, farmer, profile, and url to help in postprocessing. * We are using strtol() in some places and strtoll() in others. Pick one (Aaron says strtol(), but he's not sure). * Validation of responses (known C-L, specific strings in response) Status: Justin volunteers * HTTP error codes (ie. teach it about 302s) Justin says: Yeah, this won't be with round_robin as implemented. Need a linked list-based profile where we can insert new URLs into the sequence. * Farmer (Single-thread, multiple profiles) Status: Aaron says: If you have threads, then any Farmer can be run as part of any Farm. If you don't have threads, you can currently only run one Farmer named Joe right now (this will be changed so that if you don't have threads, flood will attempt to run all Farmers in serial under one process). * Collective (Single-host, multiple farms) This is a number of Farms that have been fork()ed into child processes. * Megaconglomerate (Multiple hosts each running a collective) This is a number of Collectives running on a number of hosts, invoked via RSH/SSH or maybe even some proprietary mechanism. * Other types of urllists a) Random / Random-weighted b) Sequenced (useful with cookie propogation) c) Round-robin d) Chaining of the above strategies Status: Round-robin is complete. * Other types of reports Status: Aaron says: simple reports are functional. Justin added a new type that simply prints the approx. timestamp when the test was run, and the result as OK/FAIL; it is called easy reports (see flood_easy_reports.h).
Re: Augmenting the Apache Web Server with Audit capability
Sarat S wrote: Hi, I apologize if this topic is not relevant to this forum. Please direct me to the suitable list. I'm working on a project that aims at augmenting the Apache Web Server with Audit capability compatible with an audit-enabled operating system(Mac OS X,Free BSD etc). What is an audit-enabled operating system? -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff
mod proxy new functionality ? possible ?
I should have posted this in the user group but I thought I could post here first since this group should contain the best of the mod proxy experts Thanks I wish to do the following 1) there will be about 30 computers connected in LAN 2) I intend to use apache mod proxy in one gateway computer say gcomp1 and make all the 30 computers access the internet only THROUGH gcomp1 proxy is needed for ftp, sftp, ssh , smtp, pop , http and https protocols socks ? My questions are 1) Is this advisable? Is apache mod proxy better or worse than using other proxies like socks.nec etc ? 2) Can apache mod proxy (with the addition of necessary modules) handle all the above 7 protocols ? 3) *the most important* I want the apache mod proxy to be setup this way. Say a client computer clientcomp1 wants to access an external ftp or SFTP server ..extserver1 The user in the client computer enters the following details in his/her sftp/ftp client hostname: gcomp1 (the local gateway server IP address where apache mod proxy is working) username: user214214 pass: 23jjksdhafkhk and once the sftp/ftp client connects to the apache mod proxy server gateway gcomp1 the mod proxy apache server needs to forward/proxy this connection to extserver1 username: differentusername password: different password Maybe A mapping file should be able to configured in mod proxy to let it know which external server to forward the request for a particular internal username like for example user214214: extserver1:differentusername:differentpassword user453646: extserver2:differentusername2:differentpassword2 and so on The objective of the whole exercise is to secure all the usernames , passwords for the external servers and isolate them from the internal users fully and completely. Is the above possible in apache mod proxy ? If not is there any proxy/gateway available which does the above ? Thanks chris
Re: [PATCH] 2.0.x remove formatting from ap_log_error calls
On Tue, 15 Feb 2005 09:43:17 -0500, Eric Covener [EMAIL PROTECTED] wrote: On Thu, 10 Feb 2005 18:48:00 -0500, Jeff Trawick [EMAIL PROTECTED] wrote: On Thu, 10 Feb 2005 14:02:02 -0500, Eric Covener [EMAIL PROTECTED] wrote: Patch against 2.0.x of below. There is at least one other such fix that is in trunk but not in 2.0.x. See http://svn.apache.org/viewcvs.cgi/httpd/httpd/trunk/server/mpm_common.c?rev=102772r1=102686r2=102772 Care to add that and possibly other similar fixes to your patch and post again? That way, folks who would approve it for the 2.0.x branch would only have to look at one patch. I wasn't able to find any in addition to the one you referenced by searching the last year of source change reports, but I've added the above and one more fix for an ap_log_error call that doesn't exist in trunk (server/config.c) I made two minor adjustments... server/config.c: In other places where syntax error was reported, two invocations of ap_log_foo were used so that the variable message was on a line by itself. I made a similar change here. ... server is exiting in mpm_common.c: I restored the ability to find old wisdom via google by reverting the text back to Apache is exiting patch is at http://httpd.apache.org/~trawick/covener-removecontrolchars-2.0.patch and is in 2.0.x STATUS file for a vote Thanks for the patch!
Re: [PATCH] Log 408
* Jim Jagielski wrote: Another set of eyes please :) Index: server/protocol.c === --- server/protocol.c (revision 153271) +++ server/protocol.c (working copy) @@ -880,6 +880,12 @@ return r; } +if (r-status == HTTP_REQUEST_TIME_OUT r-connection-keepalive != AP_CONN_KEEPALIVE) { +r-the_request = ; +ap_update_child_status(conn-sbh, SERVER_BUSY_LOG, r); +ap_run_log_transaction(r); +} + apr_brigade_destroy(tmp_bb); return NULL; } Unfortunately this also logs SSL handshake errors and aborted connections as 408, which is not correct. I'd log this as a more general error (400?, 0? ), but not as time out. nd -- package Hacker::Perl::Another::Just;print [EMAIL PROTECTED] split/::/ =__PACKAGE__]}~; # André Malo # http://www.perlig.de #
Re: [STATUS] (httpd-2.0) Wed Feb 16 23:45:38 2005
On Wed, 2005-02-16 at 23:45 -0500, Rodent of Unusual Size wrote: 2.0.53 : in development I was under the impression that this version was in fact released... -- Bojan
Re: [STATUS] (httpd-2.0) Wed Feb 16 23:45:38 2005
* Bojan Smojver wrote: On Wed, 2005-02-16 at 23:45 -0500, Rodent of Unusual Size wrote: 2.0.53 : in development I was under the impression that this version was in fact released... fixed, thanks ;) nd -- Real programmers confuse Christmas and Halloween because DEC 25 = OCT 31. -- Unknown (found in ssl_engine_mutex.c)
[PATCH 33627] Bite-sized changes moving closer to a build on Cygwin - tiny patch!
http://issues.apache.org/bugzilla/show_bug.cgi?id=33627 I've bugzilla-ed a tiny patch - review would be appreciated! Thanks very much, Max. This patch contains three independently-reviewable changes that do not entirely fix the build on Cygwin, but do make important progress in that direction. * build/install.sh: Automagically append .exe - this is needed because libtool will not pass unknown options to an install program, so we are unable to use -e .exe in this case. * build/instdso.sh: Like OS/2, on Cygwin we can't rename DLLs. Additionally, on Cygwin we need the .la files installed to allow DSOs built by other software packages to link against installed DSOs - e.g. mod_dav_svn - mod_dav. So, disable the latter part of instdso.sh, just like on OS/2. * modules/dav/fs/config6.m4: Cygwin is a DLL platform too. Add it to the list alongside OS/2.