Re: Question about RemoteIPInternalProxyList (PR 62220)

2018-04-06 Thread William A Rowe Jr 
Asking me to ask myself why I did what I did 10 years ago :)

Best explanation I have is that I'd envisioned that the internal and
external trust lists would be universally accepted lists, and they are
*very* slow to parse with DNS lookups. E.g. the wikipedia X-F-F
whitelist. And a corporate firewall/proxy list. Fairly cookie-cutter.

These days, with specific services forwarded for specific front ends
and applications over specific routes, I can see the demand for
per-host lists.

The underlying issue, IIRC, was that we want to assemble the list
(global, or per-vhost) long before we augment it with specific deltas
(removal or addition) for the host or per-file (location) context.
That's why I suspect I made this exec-on-read.





On Fri, Apr 6, 2018 at 1:10 PM, Christophe Jaillet
 wrote:
> Hi list,
>
> I'm working on PR 62220 and I don't understand what could cause the reported
> regression.
>
> Apparently the behavior of RemoteIPInternalProxyList has changed in 2.4.33.
> But RemoteIPInternalProxy (without List) still works as expected.
>
> Looking at the implementation of the 2 directives, RemoteIPInternalProxyList
> is equivalent to several RemoteIPInternalProxy directives. So why one should
> stop working and not the other?
>
> After some debugging, it appeared that removing the EXEC_ON_READ from
> RemoteIPInternalProxyList makes it work as expected again.
>
> My question are:
>   - why is RemoteIPInternalProxyList defined with EXEC_ON_READ? This makes
> nearly no cense so me.
>   - BUT if removing it is the solution, why was it working before???
>
> Any hint?
>
> CJ
>

Re: Question about RemoteIPInternalProxyList (PR 62220)

2018-04-06 Thread Marion et Christophe JAILLET 



Le 06/04/2018 à 20:23, Eric Covener a écrit :

On Fri, Apr 6, 2018 at 2:10 PM, Christophe Jaillet
 wrote:

Hi list,

I'm working on PR 62220 and I don't understand what could cause the reported
regression.

Apparently the behavior of RemoteIPInternalProxyList has changed in 2.4.33.
But RemoteIPInternalProxy (without List) still works as expected.

Looking at the implementation of the 2 directives, RemoteIPInternalProxyList
is equivalent to several RemoteIPInternalProxy directives. So why one should
stop working and not the other?

After some debugging, it appeared that removing the EXEC_ON_READ from
RemoteIPInternalProxyList makes it work as expected again.

My question are:
   - why is RemoteIPInternalProxyList defined with EXEC_ON_READ? This makes
nearly no cense so me.

I guess it makes some sense in that it is acting almost like an
"Include", so I don't think it's a copy/paste kind of thing.


   - BUT if removing it is the solution, why was it working before???

is it broken w/o vhosts? I am not sure cmd->server is right for
EXEC_ON_READ?  Maybe something in this neighborhood?


Hi,
at least the 'config' used in 'proxies_set()' is not the same when 
parsing RemoteIPInternalProxyList  and RemoteIPInternalProxy directives.

And yes, according to my test, it seems to work without vhosts.

CJ

Re: Question about RemoteIPInternalProxyList (PR 62220)

2018-04-06 Thread Eric Covener 
On Fri, Apr 6, 2018 at 2:10 PM, Christophe Jaillet
 wrote:
> Hi list,
>
> I'm working on PR 62220 and I don't understand what could cause the reported
> regression.
>
> Apparently the behavior of RemoteIPInternalProxyList has changed in 2.4.33.
> But RemoteIPInternalProxy (without List) still works as expected.
>
> Looking at the implementation of the 2 directives, RemoteIPInternalProxyList
> is equivalent to several RemoteIPInternalProxy directives. So why one should
> stop working and not the other?
>
> After some debugging, it appeared that removing the EXEC_ON_READ from
> RemoteIPInternalProxyList makes it work as expected again.
>
> My question are:
>   - why is RemoteIPInternalProxyList defined with EXEC_ON_READ? This makes
> nearly no cense so me.

I guess it makes some sense in that it is acting almost like an
"Include", so I don't think it's a copy/paste kind of thing.

>   - BUT if removing it is the solution, why was it working before???

is it broken w/o vhosts? I am not sure cmd->server is right for
EXEC_ON_READ?  Maybe something in this neighborhood?

Question about RemoteIPInternalProxyList (PR 62220)

2018-04-06 Thread Christophe Jaillet 

Hi list,

I'm working on PR 62220 and I don't understand what could cause the 
reported regression.


Apparently the behavior of RemoteIPInternalProxyList has changed in 
2.4.33. But RemoteIPInternalProxy (without List) still works as expected.


Looking at the implementation of the 2 directives, 
RemoteIPInternalProxyList is equivalent to several RemoteIPInternalProxy 
directives. So why one should stop working and not the other?


After some debugging, it appeared that removing the EXEC_ON_READ from 
RemoteIPInternalProxyList makes it work as expected again.


My question are:
  - why is RemoteIPInternalProxyList defined with EXEC_ON_READ? This 
makes nearly no cense so me.

  - BUT if removing it is the solution, why was it working before???

Any hint?

CJ