Bug report for Apache httpd-1.3 [2007/09/16]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=CriticalMAJ=Major | | | | MIN=Minor NOR=Normal ENH=Enhancement | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | |10038|New|Min|2002-06-20|ab benchmaker hangs on 10K https URLs with keepali| |10744|New|Nor|2002-07-12|suexec might fail to open log file| |10747|New|Maj|2002-07-12|ftp SIZE command and 'smart' ftp servers results i| |10760|New|Maj|2002-07-12|empty ftp directory listings from cached ftp direc| |14518|Opn|Nor|2002-11-13|QUERY_STRING parts not incorporated by mod_rewrite| |16013|Opn|Nor|2003-01-13|Fooling mod_autoindex + IndexIgnore | |16631|Inf|Min|2003-01-31|.htaccess errors logged outside the virtual host l| |17318|Inf|Cri|2003-02-23|Abend on deleting a temporary cache file if proxy | |19279|Inf|Min|2003-04-24|Invalid chmod options in solaris build| |21637|Inf|Nor|2003-07-16|Timeout causes a status code of 200 to be logged | |21777|Inf|Min|2003-07-21|mod_mime_magic doesn't handle little gif files| |22618|New|Maj|2003-08-21|MultiViews invalidates PATH_TRANSLATED if cgi-wrap| |22856|New|Min|2003-09-01|No 304 not modified when If-Modified-Since is a| |23472|New|Nor|2003-09-29|httpd.conf-dist has the wrong language code and MI| |25057|Inf|Maj|2003-11-27|Empty PUT access control in .htaccess overrides co| |26126|New|Nor|2004-01-14|mod_include hangs with request body | |26152|Ass|Nor|2004-01-15|Apache 1.3.29 and below directory traversal vulner| |26790|New|Maj|2004-02-09|error deleting old cache file | |29257|Opn|Nor|2004-05-27|Problem with apache-1.3.31 and mod_frontpage (dso,| |29498|New|Maj|2004-06-10|non-anonymous ftp broken in mod_proxy | |29538|Ass|Enh|2004-06-12|No facility used in ErrorLog to syslog| |30207|New|Nor|2004-07-20|Piped logs don't close read end of pipe | |30877|New|Nor|2004-08-26|htpasswd clears passwd file on Sun when /var/tmp i| |30909|New|Cri|2004-08-28|sporadic segfault resulting in broken connections | |31975|New|Nor|2004-10-29|httpd-1.3.33: buffer overflow in htpasswd if calle| |32078|New|Enh|2004-11-05|clean up some compiler warnings | |32539|New| |2004-12-06|[PATCH] configure --enable-shared= brocken on SuSE| |32974|Inf|Maj|2005-01-06|Client IP not set | |33086|New|Nor|2005-01-13|unconsistency betwen 404 displayed path and server| |33495|Inf|Cri|2005-02-10|Apache crashes with WSADuplicateSocket failed for| |33772|New|Nor|2005-02-28|inconsistency in manual and error reporting by sue| |33875|New|Enh|2005-03-07|Apache processes consuming CPU| |34108|New|Nor|2005-03-21|mod_negotiation changes mtime to mtime of Document| |34114|New|Nor|2005-03-21|Apache could interleave log entries when writing t| |34404|Inf|Blk|2005-04-11|RewriteMap prg can not handle fpout | |34571|Inf|Maj|2005-04-22|Apache 1.3.33 stops logging vhost| |34573|Inf|Maj|2005-04-22|.htaccess not working / mod_auth_mysql| |35424|New|Nor|2005-06-20|httpd disconnect in Timeout on CGI| |35439|New|Nor|2005-06-21|Problem with remove /../ in util.c and mod_rewri| |35547|Inf|Maj|2005-06-29|Problems with libapreq 1.2 and Apache::Cookie | |3|New|Nor|2005-06-30|Can't find DBM on Debian Sarge| |36375|New|Nor|2005-08-26|Cannot include http_config.h from C++ file| |37166|New|Nor|2005-10-19|Under certain conditions, mod_cgi delivers an empt| |37185|New|Enh|2005-10-20|AddIcon, AddIconByType for OpenDocument format| |37252|New| |2005-10-26|gen_test_char reject NLS string | |38989|New|Nor|2006-03-15|restart + piped logs stalls httpd for 24 minutes (| |39104|New|Enh|2006-03-25|[FR] fix build with -Wl,--as-needed | |39287|New|Nor|2006-04-12|Incorrect If-Modified-Since validation (due to syn| |39937|New|Nor|2006-06-30|Garbage output if README.html is gzipped or compre| |40176|New|Nor|2006-08-03|magic and mime| |40224|Ver|Nor|2006-08-10|System time crashes Apache @year 2038 (win32 only?|
Re: AW: SSL_VERSION_LIBRARY
On Thu, Sep 13, 2007 at 09:08:26AM -0500, William Rowe wrote: Joe Orton wrote: On Mon, Sep 10, 2007 at 09:47:24PM +0200, Ruediger Pluem wrote: On 09/10/2007 08:40 AM, Plüm wrote: That was the goal of my diagnostic patch: Finding out if we have a pool issue. Looks like we have. I guess the right fix is as you say to use the parent pool (process scope). Not 100% sure regarding the correct pool, but would that be the correct fix That's not really thread-safe, and it ought to be, though we might get away with it since it's called during startup. But rather than guessing pools, actually caching the stuff once at startup is probably cleanest, I've reviewed, I'd be entirely happy with the short-and-sweet hack on 2.0 and 2.2 if you would like this to become the new logic for trunk. Would that appeal? I guess that's fine. It should at least be explicitly documented in the 2.0/2.2 backports as here be dragons. Regards, joe
Re: New module mod_proxy_scgi
* Paul Querna wrote: +1 on concept. Shouldn't we consider moving X-Sendfile into another module or the core? It can be useful for regular CGIs or proxied stuff too.. We could put it into util_script or something. However, I'm not sure it'll gain much. Every protocol must implement it anyway, i.e. look for the header and initiate some action. The only common thing would be the configuration (which needs to be evaluated by each module, too). Further, we must ensure it's not used on regular proxy requests (similar to the Location/internal redirect stuff), because that woudl be a security issue. nd
Re: New module mod_proxy_scgi
* Graham Dumpleton wrote: Rather than call it X-Sendfile, can we perhaps adopt the generic Script-Control header mechanism as outlined in CGI 1.2. Sounds like an idea. I'd propose to support both then, though, because the X-Sendfile mechanism already exists out there and is used. I don't like people changing their applications just because we're too late ;) http://cgi-spec.golux.com/cgi-120-00a.html As one example of how Script-Control has been used, see: http://www.openvms-rocks.com/ht_root/src/httpd/cgi.c I have been contemplating using Script-Control headers as a means of Python WSGI applications controlling Apache when using mod_wsgi. It would be nice to push forward with such an idea and standardise on some Script-Control directives that everyone would use rather than using different strings for the same thing. Thinking further about Paul's mail, script-control parsing and the possibility to hook into certain control directives (does that make sense?) could be something for the core utils. nd
RE: [PATCH] Apache 2.2.x: Implicit creation of new proxy_workers
-Message d'origine- De : Plüm, Rüdiger, VF-Group [mailto:[EMAIL PROTECTED] Envoyé : lundi 10 septembre 2007 12:02 À : dev@httpd.apache.org Objet : Re: [PATCH] Apache 2.2.x: Implicit creation of new proxy_workers -Ursprüngliche Nachricht- Von: Nick Kew Gesendet: Montag, 10. September 2007 11:29 An: dev@httpd.apache.org Betreff: Re: [PATCH] Apache 2.2.x: Implicit creation of new proxy_workers Does this open the way to a DoS? If a rewriterule[P] enables backends to be derived from the request URI, then you're creating unlimited numbers of workers, which may never be used. Where are the limits on that? Also the scoreboard is a limiting factor for this. The number of available scoreboard entries is determined during the configuration phase of the startup (it cannot even be changed during graceful starts, this is why we add some additional entries to the number of workers we have counted in the configuration). To be honest I am still not convinced that the dynamic creation of workers is a good idea at all. I believe I have addressed your concerns in a new patch posted for PR#43308 in which I introduce a new configuration directive that limits the number of dynamically created workers. During configuration I also increment proxy_lb_workers by the value of ProxyMaxAddtlWorkers in order (at least I hope) for additional scoreboard entries to be allocated... BR -ascs
Re: [PATCH] Apache 2.2.x: Implicit creation of new proxy_workers
On Mon, 17 Sep 2007 11:33:16 +0200 Axel-Stéphane SMORGRAV [EMAIL PROTECTED] wrote: To be honest I am still not convinced that the dynamic creation of workers is a good idea at all. Indeedie. I believe I have addressed your concerns in a new patch posted for PR#43308 in which I introduce a new configuration directive that limits the number of dynamically created workers. During configuration I also increment proxy_lb_workers by the value of ProxyMaxAddtlWorkers in order (at least I hope) for additional scoreboard entries to be allocated... Instead of limiting the number and thus creating them randomly (according to what traffic happens to hit the server first), wouldn't it be better to introduce a configuration directive to create your choice of those extra workers at startup? If your config is such that specifying the workers isn't going to work, then managing them dynamically in a useful manner is going to be a complex job that should probably have its own separate module, based on a reslist and a usage-counting strategy to drop little-used workers. Or something like that. -- Nick Kew Application Development with Apache - the Apache Modules Book http://www.apachetutor.org/
RE: [PATCH] Apache 2.2.x: Implicit creation of new proxy_workers
-Message d'origine- De : Nick Kew [mailto:[EMAIL PROTECTED] Envoyé : lundi 17 septembre 2007 12:59 À : dev@httpd.apache.org Objet : Re: [PATCH] Apache 2.2.x: Implicit creation of new proxy_workers On Mon, 17 Sep 2007 11:33:16 +0200 Axel-Stéphane SMORGRAV [EMAIL PROTECTED] wrote: Instead of limiting the number and thus creating them randomly (according to what traffic happens to hit the server first), wouldn't it be better to introduce a configuration directive to create your choice of those extra workers at startup? That configuration directive already exists: it's called ProxyPass. RewriteRule / http://server/ [P] ProxyPass / ! ProxyPass / http://server/ Been there, done that. Works well provided you have an exhaustive list of backends at the time the server is started. The list of our backends resides in a RewriteMap so that approach is not practical. If your config is such that specifying the workers isn't going to work, then managing them dynamically in a useful manner is going to be a complex job that should probably have its own separate module, based on a reslist and a usage-counting strategy to drop little-used workers. Or something like that. A separate pool of dynamically created workers, of limited size known at configuration time, with a LRU replacement strategy whenever we run out of workers would indeed be a very elegant solution. I do not really see why this should be done in another module, though. BR -ascs
Re: [PATCH] Apache 2.2.x: Implicit creation of new proxy_workers
On Sep 17, 2007, at 6:58 AM, Nick Kew wrote: Instead of limiting the number and thus creating them randomly (according to what traffic happens to hit the server first), That is part of, I think, both Rüdiger's and my concern. The benefits are this are really really fuzzy when applied to the real world. If you know enough about how the proxies will be used, then trying to figure out how to do it with ProxyPass (esp. now with the Match version) is likely better. If not, then creating a limit means that the ones created first get the benefits and the ones after the limit don't. To me, this implies some sort of staleness factor should be implemented, such that if older ones haven't been used they should be removed to make space for newer ones...
Re: [PATCH] Apache 2.2.x: Implicit creation of new proxy_workers
On Mon, 17 Sep 2007 13:29:44 +0200 Axel-Stéphane SMORGRAV [EMAIL PROTECTED] wrote: I do not really see why this should be done in another module, though. How about: 1. It's a well-defined task (isn't it)?, and therefore a natural candidate for a module in a modular server. 2. Because it's a lot of extra complexity, it should remain optional. 3. Separating it out will help maintainability. Or rather, failing to do so will tend to be a maintenance nightmare. 4. If we get around to refactoring mod_proxy to provide separate forward and reverse proxy modules, a worker management module will be a useful optional extra for both to have. -- Nick Kew Application Development with Apache - the Apache Modules Book http://www.apachetutor.org/
Plans to release binaries?
Hi, A customer asked me whether WIN32 binaries for the new 2.0.61 and 2.2.6 would be offered soonish by the ASF, and I don't really want to send him to some other place offering binaries. Are there plans to release them soon, or do we wait for 2.2.7 and a settled fastcgi interface? No hurry, Martin -- [EMAIL PROTECTED]| Fujitsu Siemens http://www.fujitsu-siemens.com/imprint.html | 81730 Munich, Germany
Re: Favicon.ico
On Wed, Sep 12, 2007 at 02:07:55AM -0400, Jack Gostl wrote: First thing I tired. The icon shows up. If the icon type is NOT Microsoft's Resource Image type, perhaps a link href=images/favicon.ico rel=shortcut icon type=image/png / in the HTML head helps to help the browser identify the real content type (here: image/png). Also, it tells the browser not only to try and guess whether /favicon.ico is there, but tells it to actually load it, possibly even from a different URL. Martin -- [EMAIL PROTECTED]| Fujitsu Siemens http://www.fujitsu-siemens.com/imprint.html | 81730 Munich, Germany
Re: My module configuration and AddHandler
On Mon, 17 Sep 2007 15:19:18 +0200 gromeck [EMAIL PROTECTED] wrote: Now I get only requests for this directory, but for all types of files. Do I have to filter out the extension on my own? You do not have to filter out the extension but the handler name. Add something like if (strcmp(r-handler, mymodule) != 0) return DECLINED; to the first line of handler function of your module. -- Takashi Sato [EMAIL PROTECTED]
Re: Plans to release binaries?
Martin Kraemer wrote: Hi, A customer asked me whether WIN32 binaries for the new 2.0.61 and 2.2.6 would be offered soonish by the ASF, and I don't really want to send him to some other place offering binaries. Soonish. I'm still getting myself satisfied w.r.t. the binaries, have been working allot on VC8 here. Are there plans to release them soon, or do we wait for 2.2.7 and a settled fastcgi interface? That's one possibility, remember modperl has issues too, which is what really makes me apprehensive, at least if we pass them out without due warning of what's broke. Bill
reliable piped log + tcp/ip socket
hi! i tried to use AP_HAVE_RELIABLE_PIPED_LOGS with a java program that parses vhost logs and provides access to some log through a tcp/ip socket. the problem is, that java cannot bind the socket cause it is already bound to a process that launched a couple of seconds before the current one. gentoo compiled apache with -D AP_HAVE_RELIABLE_PIPED_LOGS and thus tries to respwan the process if it hangs. after apache started, the java program tries to come up but after a second it crashes. i tried to use simple shell scripts that just log a line into a logfile and afterwards reads from stdin endlessly. this shell script starts (logs) often at least two times after apache started. sometimes it works after the first try but there are even three or more processes that come up before the last remains. after trying to read log.c, mod_log_config.c and main.c i cannot determine the condition that must be true that the spawned processs looks like running that apache. how do you determine if the spawned process is running or not? maybe the startup of the piped process lasts to long and thats the reason why apache tries to restart reliably? in this configuration apache tries to parse at least 32.000 lines of configuration so the startup time varies. to solve my problem there are two possibilities (for java process purposes): 1. determine that apache shut me down, so close the socket that the next spawned java process can bind the socket 2. ensure that apache just spawns one process after startup and waits some (more) time until the java program comes up does anyone know how to deal with that issue? here some server details: CustomLog |java -cp /ApacheLogMultiplexer ApacheLogMultiplexer /ApacheLogMultiplexer/accesslog.xml vhost using: Apache/2.2.6 (Unix) Architecture: 32-bit Server MPM: Prefork threaded: no forked: yes (variable process count) Server compiled with -D APACHE_MPM_DIR=server/mpm/prefork -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_SYSVSEM_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=128 -D HTTPD_ROOT=/usr -D SUEXEC_BIN=/usr/sbin/suexec -D DEFAULT_PIDLOG=/var/run/httpd.pid -D DEFAULT_SCOREBOARD=logs/apache_runtime_status -D DEFAULT_LOCKFILE=/var/run/accept.lock -D DEFAULT_ERRORLOG=logs/error_log -D AP_TYPES_CONFIG_FILE=/etc/apache2/mime.types -D SERVER_CONFIG_FILE=/etc/apache2/httpd.conf regards, armin