Jeff Trawick [EMAIL PROTECTED] writes:
The following patch adds a way for an APR app to say that the
apr_file_t being created from an os file should be treated as a pipe.
c'mon folks, I was counting on somebody to tell me how stupid this
patch was :) I have a bad attitude about the
Justin Erenkrantz [EMAIL PROTECTED] writes:
On Wed, Sep 25, 2002 at 03:24:32PM -0700, Will Hartung wrote:
It is not at all clear to me using the new 2.0 modules how I associate the
different names to our module. I see the ap_hook_handler(), but it only
wants the function, and doesn't seem
Hello all Http contributors,
I am conducting a survey about the way defects (or bugs-I use these two words
interchangeably) are handled in open source software projects. It is
very easy to fill out. It consists of three short sections which can be
completed at once or in different sessions. The
Since all of these issues are now public, I'm moving the discussion over
to the dev list.
First, +1 to the patch below. With nothing else put forward, this
is the patch that will go into 2.0.43
I've already moved it to apply_to_2.0.42 since, after the public
disclosure, there is nothing
At 11:11 PM 10/1/2002, Jerry Baker wrote:
Currently, authentication is broken with the standard Windows config file and current
HEAD. Where is the documentation on the complete mess-up of the auth modules and how
to get it working again?
The documentation is not complete, nor hooked up into
On Tue, Oct 01, 2002 at 11:13:55PM -0600, Jerry Baker wrote:
Jerry Baker says:
Jerry Baker says:
Yet, when I access that directory, I am just given an empty directory
listing. No prompt for a username or pass.
Nevermind. It's just something else that DAV broke. Turning off DAV
Greg Stein says:
On Tue, Oct 01, 2002 at 11:13:55PM -0600, Jerry Baker wrote:
Jerry Baker says:
Jerry Baker says:
Yet, when I access that directory, I am just given an empty directory
listing. No prompt for a username or pass.
Nevermind. It's just something else that DAV broke.
On Wed, 2 Oct 2002, Marc Slemko wrote:
Lets not encode env variables, as we discussed earlier.
Escaping them is bogus and doesn't solve anything since there are all
sorts of variables that aren't and shouldn't be encoded.
+1 to what Marc says. The encoding serves no purpose. Preventing
* Jerry Baker wrote:
Except for that directory is configured to require authentication. See
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13218
Location sections override Directory, see
http://httpd.apache.org/docs-2.0/sections.html#mergin
Sorry, I can't believe, that it worked ever
André Malo says:
* Jerry Baker wrote:
Except for that directory is configured to require authentication. See
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13218
Location sections override Directory, see
http://httpd.apache.org/docs-2.0/sections.html#mergin
Sorry, I can't believe,
André Malo says:
Sorry, I can't believe, that it worked ever before the way you
described. Are you sure, that you've changed nothing else?
So Location matches are even more important than .htaccess matches? That
doesn't make sense. I would think that a directive in .htaccess is
always more
André Malo says:
Sorry, I can't believe, that it worked ever before the way you
described. Are you sure, that you've changed nothing else?
If there's no way to have a LimitExcept *and* separate directories
requiring authentication for everything, how in the world could you have
a DAV enabled
If someone reverts that -part- of the commit, and changes CHANGES
to reflect this group decision, I will bring in that commit tomorrow a.m.
before the final tag and roll.
Sorry if I wasn't clear on the consensus decision. +1.
Bill
At 05:54 PM 10/2/2002, Joshua Slive wrote:
On Wed, 2 Oct
YES!
The pattern is:
VirtualHost
Directory (and .htaccess'es within those directories)
Files
Location
with the Limit[Except]s parsed in the appropriate container.
We repeat Location because the original Location could
have changed in translate_name, and yes, the URI permissions
On Tue, Oct 01, 2002 at 07:10:32PM -0500, William A. Rowe, Jr. wrote:
At 05:19 PM 10/1/2002, Greg Stein wrote:
...
As long as it is understood that only *one* thing can consume the request
body. Then the question arises: how do you arbitrate that? It would be nice
to simply say the handler is
On Wed, 2 Oct 2002, William A. Rowe, Jr. wrote:
YES!
All that merging stuff is true. But let's go back to the original
problem:
Location /
limitexcept GET
require valid-user
/limitexcept
/location
directory /
require valid-user
/directory
This has the effect of leaving GET unrestricted,
Joshua Slive says:
This has the effect of leaving GET unrestricted, according to the bug
report. Is this correct behavior? It seems like, since the other methods
are not change by the limitexcept, the require should still apply to
them.
That's what I thought at first, but there are two
Joshua Slive says:
This has the effect of leaving GET unrestricted, according to the bug
report. Is this correct behavior? It seems like, since the other methods
are not change by the limitexcept, the require should still apply to
them.
I agree. The LimitExcept directive implies that the
http://httpd.apache.org/docs-2.0/mod/core.html#rlimitnproc says:
| Note: If CGI processes are not running under userids other than the
| web server userid, this directive will limit the number of processes
| that the server itself can create. Evidence of this situation will
| be indicated by
* Jerry Baker wrote:
If there's no way to have a LimitExcept *and* separate directories
requiring authentication for everything, how in the world could you
have a DAV enabled server while still being able to restrict
directories with authentication requirements?
There are several ways. For
On Thu, Oct 03, 2002 at 03:22:35AM +0200, André Malo wrote:
http://httpd.apache.org/docs-2.0/mod/core.html#rlimitnproc says:
| Note: If CGI processes are not running under userids other than the
| web server userid, this directive will limit the number of processes
| that the server
* André Malo wrote:
# or: use advantages of PCRE
Location /(?!secret)
which have to be turned on, of course
Location ~ /(?!secret)
[...]
nd
On Wednesday, October 2, 2002, at 08:07 PM, Joshua Slive wrote:
Location /
limitexcept GET
require valid-user
/limitexcept
/location
directory /
require valid-user
/directory
This has the effect of leaving GET unrestricted, according to the bug
report. Is this correct behavior?
At 06:23 PM 10/2/2002, Greg Stein wrote:
On Tue, Oct 01, 2002 at 07:10:32PM -0500, William A. Rowe, Jr. wrote:
At 05:19 PM 10/1/2002, Greg Stein wrote:
...
As long as it is understood that only *one* thing can consume the request
body. Then the question arises: how do you arbitrate that? It
Output filters cannot handle methods -- only input filters can do that.
It sounds to me like you guys are just arguing past each other -- the
architecture is broken, not the individual modules. Just fix it.
Greg is right -- the default handler is incapable of supporting any
method other than
APACHE 1.3 STATUS: -*-text-*-
Last modified at [$Date: 2002/09/30 16:42:10 $]
Release:
1.3.28-dev: In development
1.3.27: Tagged September 30, 2002.
1.3.26: Tagged June 18, 2002.
1.3.25: Tagged June 17, 2002. Not released.
1.3.24:
APACHE 2.0 STATUS: -*-text-*-
Last modified at [$Date: 2002/09/28 18:20:43 $]
Release:
2.0.43 : in development.
2.0.42 : released September 24, 2002 as GA.
2.0.41 : rolled September 16, 2002. not released.
2.0.40 : released
At 10:22 PM 10/2/2002, Roy T. Fielding wrote:
Output filters cannot handle methods -- only input filters can do that.
It sounds to me like you guys are just arguing past each other -- the
architecture is broken, not the individual modules. Just fix it.
Greg is right -- the default handler is
On Wed, Oct 02, 2002 at 09:28:51PM -0500, William A. Rowe, Jr. wrote:
...
Ryan and I spent literally an HOUR on the phone dissecting this issue.
I don't have the brain cycles to fully dump that conversation back, but it
comes down to this;
* No request except DAV methods should ever receive
Robin P. Blanchard wrote:
In effort to build up a reverse proxy for Exchange 2000, I've determined:
1) using 1.3.26 or 1.3.28dev (CVS from a few minutes ago)
a. IE clients fail IIS's auth challenge
b. if those clients are sent first through squid, auth succeeds.
c. mozilla,
for testing from http://httpd.apache.org/dev/dist/ in your preferred
.tar.gz, .tar.Z or -win32-src.zip format (-win32-src.zip containing
the msvc makefiles.)
We expect to release this image due to two minor security
exposures sometime around noon PDT today, Oct 3rd.
Your participation in
Dear list,
On MacOSX 10.2 Jaguar, hostname based access control is broken in Apache
2.0. This problem appears in the access tests of the perl-framework, where
any test that tests something like 'Deny from localhost' fails. I have since
determined that deny from any other hostname is broken as
Hi,
We are very pleased to inform you, that we have included your
application (for which you are listed as author or contact person) into
GNUWin II (http://gnuwin.epfl.ch). We would like to thank you for your
contribution to the world of free software.
GNUWin shall help to introduce users to
33 matches
Mail list logo