Justin Erenkrantz wrote:
> --On November 3, 2005 4:54:08 PM + Nick Kew <[EMAIL PROTECTED]> wrote:
>
>> Just to elaborate on that, it's the name I'm not happy about.
>> I'm perfectly happy with the /modules/aaa/ classification.
>
>
> The problem is that mod_access does not indicate the purp
OK, I've made an effort at tackling filter.xml, one of the
documentation todos. Since it's pretty much a complete
rewrite, please review before I commit.
--
Nick Kew
Filters
This document describes the use of filters in Apache.
Filtering in Apache 2
mod
On 11/08/2005 10:45 PM, Christophe Jaillet wrote:
> Hi,
>
> in many places in apache, strings are compared using the following
> construction :
> if (0 == strcasecmp("XX", str)) {
> ...
> }
> else if (0 == strcasecmp("YY", str)) {
> ...
> }
> else if (0 == strcasecmp("ZZ", st
Hi,
in many places in apache, strings are compared using the following
construction :
if (0 == strcasecmp("XX", str)) {
...
}
else if (0 == strcasecmp("YY", str)) {
...
}
else if (0 == strcasecmp("ZZ", str)) {
...
}
else if (0 == strcasecmp("AA", str)) {
...
}
...
Justin Erenkrantz wrote:
--On November 3, 2005 4:50:08 PM + Nick Kew <[EMAIL PROTECTED]> wrote:
So can mod_rewrite and others, but that doesn't make it mod_authz_url!
Perhaps mod_load_average should be called mod_authz_busy ?
No, mod_authz_host only does authorization checks. mod_rewrite
Hi,
in file "/modules/ldap/util_ldap.c" there is a function
(util_ldap_parse_cert_type) that checks that a given string (type) is of a
known certificate type.
How ever, code using this function does not always return the correct
diagnostic message in some cases.
* the comment around line 1
--On November 3, 2005 4:50:08 PM + Nick Kew <[EMAIL PROTECTED]> wrote:
So can mod_rewrite and others, but that doesn't make it mod_authz_url!
Perhaps mod_load_average should be called mod_authz_busy ?
No, mod_authz_host only does authorization checks. mod_rewrite can do
anything... (Har
--On November 3, 2005 4:54:08 PM + Nick Kew <[EMAIL PROTECTED]> wrote:
Just to elaborate on that, it's the name I'm not happy about.
I'm perfectly happy with the /modules/aaa/ classification.
The problem is that mod_access does not indicate the purpose of the module.
access to what? What
On 11/08/2005 10:15 PM, Joshua Slive wrote:
>
>
> Ruediger Pluem wrote:
>
[..cut..]
>
>
> Has anyone actually tested this? Is it true that there is no way to run
> a host-restricted cached proxy? That would be really lame.
I tested only with 2.0.55 today. But given the fact that this pa
Ruediger Pluem wrote:
http://httpd.apache.org/docs/2.0/mod/mod_proxy.html#access
suggests to secure a forward proxy by using mod_authz_host. Currently the
advice should be the
opposite: Yes, secure your forward proxy, but do *not* do this with
mod_authz_host as it
does not work as expected.
On 11/08/2005 01:36 AM, Roy T. Fielding wrote:
> On Nov 7, 2005, at 3:03 PM, Ruediger Pluem wrote:
>
[..cut..]
>
>> but the next request for this (fresh) resource will not check the
>> access control and
>> deliver it to any client, regardless of the IP. Correct?
>
Many thanks for sorting m
Colm MacCarthaigh wrote:
if single-allow-from-all && no-deny-rules:
no-header;
else
header;
I think that is probably reasonable and would catch 99.5% of real
configs. There is a silly case that I didn't mention:
Order deny,allow
Deny from al
I was interested in getting feedback from current mail group users.We have mirrored your mail list in a new application that provides a more aggregated and safe environment which utilizes the power of broadband.Roomity.com v 1.5 is a web 2.01 community webapp. Our newest version adds broadcast vide
On Sat, Nov 05, 2005 at 08:08:14PM +0100, Marc Stern wrote:
> It's a bit more complex than that.
>
> At a certain point, a fix was released for IE 6 to correct the
> incompatibility that needed the 'ssl-unclean-shutdown' directive (I guess
> it's KB 831167). At this point, we had two different f
On Tue, Nov 08, 2005 at 12:54:18PM -0500, Joshua Slive wrote:
> 1. Order Allow,Deny
>Allow from all
>
> 2. Order Deny,Allow
>Allow from all
>
> 3. Order Deny,Allow
>
> The difference between the three only becomes important if you add more
> Allow/Deny directives.
o.k., is the followin
Justin Erenkrantz wrote:
On Tue, Nov 08, 2005 at 07:48:07AM +0100, Ruediger Pluem wrote:
So do you think that there is a todo for mod_authz_host to add such things
or should this be left to the administrator who can of course use
mod_headers in the first case to add Cache-Control: private?
I
William A. Rowe, Jr. wrote:
Ondrej Sury wrote:
Just a thought... Wouldn't it be possible to solve this by extending
HTTP to support something similar to STARTTLS from IMAP/SMTP?
Dudes, it's already published in http://rfc.net/rfc2818.html - yet it seems
my mailbox fills with another 100k of
Just an FYI...
Original Message
Subject: 21 days? Win32 1.3.34 candidate ready for testing
Date: Tue, 08 Nov 2005 11:19:24 -0600
From: William A. Rowe, Jr. <[EMAIL PROTECTED]>
To: testers@httpd.apache.org
Folks,
I'll pull down Win32 binaries for 1.3.34 tonight, since it's bee
Ondrej Sury wrote:
Just a thought... Wouldn't it be possible to solve this by extending
HTTP to support something similar to STARTTLS from IMAP/SMTP?
Dudes, it's already published in http://rfc.net/rfc2818.html - yet it seems
my mailbox fills with another 100k of this discussion every month (
On Tuesday 08 November 2005 12:02, Brian Candler wrote:
[twice - please don't]
> On Sun, Nov 06, 2005 at 10:19:25PM +, Nick Kew wrote:
> > I'll sign my server. Same as I'll sign an httpd tarball if I roll one
> > for public consumption. You sign your server. Where's the problem?
>
> The pr
On Tue, Nov 08, 2005 at 12:02:03PM +, Brian Candler wrote:
> The attacker doesn't have your private key, so they would create their own
> key pair. As a result, the connecting client would see a *different* key
> than the one they would see if they connect to your server directly. The
> problem
On Sun, Nov 06, 2005 at 05:31:13PM -0500, Peter Djalaliev wrote:
>However, I really think that PGP and the web-of-trust has
>applicability and usefulness for web sites. For a smaller web site,
>obtaining a certificate of sufficient level is quite hard and
>expensive. These website
On Sun, Nov 06, 2005 at 10:19:25PM +, Nick Kew wrote:
> I'll sign my server. Same as I'll sign an httpd tarball if I roll one
> for public consumption. You sign your server. Where's the problem?
The problem is that you'll have no protection against man-in-the-middle
attacks, whereby an atta
On Tue, 8 Nov 2005 [EMAIL PROTECTED] wrote:
Igor Sysoev wrote
Actually, with MSIE 5.5+ appearance the chances that client can not
decompress the response from downstream cache have increased.
If MSIE 5.5 is configured to work via proxy with HTTP/1.0, then
MSIE will never send "Accept-Encoding"
Ondrej Sury said:
> Just a thought... Wouldn't it be possible to solve this by extending
> HTTP to support something similar to STARTTLS from IMAP/SMTP?
Very possible yes, HTTP already has support for this, as does httpd v2.2.
The trouble is the browsers don't (yet), so until there is widespread
On Tue, 2005-10-25 at 20:25 +0200, Joost de Heer wrote:
> > The one-virtual-host-per-ip limitation is imposed by SSL, it has nothing
> > to do with the webserver.
>
>
> one-virtual-host-per-ip-and-port
>
Just a thought... Wouldn't it be possible to solve this by extending
HTTP to support some
> Igor Sysoev wrote
>
> Actually, with MSIE 5.5+ appearance the chances that client can not
> decompress the response from downstream cache have increased.
> If MSIE 5.5 is configured to work via proxy with HTTP/1.0, then
> MSIE will never send "Accept-Encoding" header, and it would refuse
> the c
27 matches
Mail list logo
