Re: [PATCH 43415] Logging remote port.
On Tue, Sep 18, 2007 at 02:04:32PM +0200, Adam Hasselbalch Hansen wrote: § 5. A provider of electronic communication nets or services for end users must register the following information about an internet session's initiating and terminating package: 1. Originating Internet Protocol address 2. Recipient Internet Protocol address 3. Transport protocol 4. Originating port number 5. Recipient port number 6. Time of start and end of communication. Looks harmless, and evidently adds value for you. Well, value, schmalue. But it's the law... I live in Sweden, and I really, really hope we never see the same thing here. But the point: Why implement this in e.g. Apache, when it is the ISP responsibility to store this information for all internet-sessions initiating and terminating package. This should be implemented in the firewall/router instead of on application level. A standalone sniffing box should be the best solution to this, I guess. That does NOT store the content. This is insane. -- magnus
Re: [PATCH 43415] Logging remote port.
Magnus Bodin wrote: A standalone sniffing box should be the best solution to this, I guess. That does NOT store the content. Ideally, until you note that if this machine is the SSL endpoint it's the only one with any privilage to put 2+2 together. Both a good and bad thing depending on what you are trying to accomplish. No problem with the patch (I too found %R sort of funky but... what else?) This is insane. We don't disagree :)
Re: Thoughts on Camillia in openssl binaries?
On 9/20/07, William A. Rowe, Jr. [EMAIL PROTECTED] wrote: Tom Donovan wrote: William A. Rowe, Jr. wrote: But if mod_deflate doesn't use it, and openssl is built zlib-dynamic, they simply pitched compression from ssl sessions as well with no other adverse effects. Yes, exactly. openssl doesn't select gzip compression if zlib-dynamic and zlib1.dll is missing. The other aspect, if a zlib1.dll replacement is needed for some critical decryption flaw in zlib again, it will be nice not to force users to entirely replace openssl or mod_deflate. So I expect we'll leave it as-is. I think mod_deflate on Windows links statically (zlib.lib) while openssl is linked dynamically (zdll.lib). At 40-60kb it's no big deal either way - but the security flaw in zlib argument would seem to apply to both equally. Both static or both dynamic would be more consistent. You were right, we weren't linking to zdll.lib for mod_deflate, I'll be fixing that shortly, and working up the two patches to share, one for the APR_NO_FILE tweak, one for the stderr quirk with modperl. Had to push out these binaries first, and also now am struggling very deep inside MSVCR80/OpenSSL/ActiveState Perl on x64 and a host of bugs that some of the perl packages have, assuming they can pack pointers into int's and back out again. Sorry that mess left me distracted from the issues you raised for most of this week. I found ActivePerl to not work to well on x64... I compiled the original perl source with MSVC70 and it works ok with extensions compiled with MSVC80... I never manged to get perl itself on MSVC80. I had no luck with ActiveState Perl. Bill -- ~Jorge
RE: Thoughts on Camillia in openssl binaries?
Perl 5.9.5 contains numerous changes to support building with MSVC80. These changes will be in 5.8.9 when that gets released, but 5.10 is looking distinctly likely to be released before it (and, of course, will also contain the changes). Steve From: Jorge Schrauwen [mailto:[EMAIL PROTECTED] Sent: 20 September 2007 09:37 To: dev@httpd.apache.org Subject: Re: Thoughts on Camillia in openssl binaries? I found ActivePerl to not work to well on x64... I compiled the original perl source with MSVC70 and it works ok with extensions compiled with MSVC80... I never manged to get perl itself on MSVC80. I had no luck with ActiveState Perl. -- ~Jorge
[Fwd: Re: [Fwd: Re: Thoughts on Camillia in openssl binaries?]]
Feedback from Ben via legal-discuss, since his httpd-dev list seems to have fallen over and can't get up. Bill ---BeginMessage--- William A. Rowe, Jr. wrote: A thread from [EMAIL PROTECTED], we are considering adding a newer algorithm to a binary 0.9.8 build of openssl. Introduces a patent question, with what is almost but not quite a complete grant of license. Looking for any feedback if this would concern us, since Tom raises the point that it gets interesting with Firefox 3 possibly using this algorithm. I should point out that just because some loon contributes an algorithm to OpenSSL doesn't mean you need to implement it. If there's any encumbrance, then I see even less reason to implement (less than none, that is). Bill Subject: Re: Thoughts on Camillia in openssl binaries? From: Tom Donovan [EMAIL PROTECTED] Date: Tue, 18 Sep 2007 16:19:55 -0400 To: dev@httpd.apache.org To: dev@httpd.apache.org William A. Rowe, Jr. wrote: Two questions, one technical one legal. Technically, do we want to enable the Camillia algorithms in our binary builds of openssl 0.9.8 for win32 and other platforms where we might build it? Legally are we satisfied by http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html ? There is a small clause about permission needed to export from JP, which would mean if a JP site redistributed our binary (e.g. reexported it) it might cause them a hassle. Bill Seems reasonable in anticipation of it becoming supported in FireFox 3. FYI - enabling camellia works well with Apache 2.2.4/mod_ssl on Windows to the NTT test site - https://info.isl.ntt.co.jp/crypt/eng/camellia. The selected Cipher Suite is TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA. On a slightly-related note; it might also be a good change to statically link zlib into OpenSSL to avoid the need for zlib1.dll. Doing so adds about 40kb to the size of libeay32.dll vs. shipping the 58kb zlib1.dll. I think rle compression (which is always available) or no-compression gets used for SSL in most cases anyway. Many Windows users delete zlib1.dll and never notice its absence. PERL Configure VC-WIN32 enable-camellia zlib --with-zlib-lib=../zlib/zlib.lib --with-zlib-include=../zlib -tom- - DISCLAIMER: Discussions on this list are informational and educational only. Statements made on this list are not privileged, do not constitute legal advice, and do not necessarily reflect the opinions and policies of the ASF. See http://www.apache.org/licenses/ for official ASF policies and documents. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- http://www.apache-ssl.org/ben.html http://www.links.org/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff ---End Message---
What is httpd -X?
Hi Folks, I wanted to know: 1. What is httpd -X 2. Whether I can use this -X option for the deployment. Somebody please guide me. Thanks and Regards, Ashwani Sharma Mob: 09916454843 Off: +91-80-26265053 DISCLAIMER: This message (including attachment if any) is confidential and may be privileged. If you have received this message by mistake please notify the sender by return e-mail and delete this message from your system. Any unauthorized use or dissemination of this message in whole or in part is strictly prohibited. E-mail may contain viruses. Before opening attachments please check them for viruses and defects. While MindTree Consulting Limited (MindTree) has put in place checks to minimize the risks, MindTree will not be responsible for any viruses or defects or any forwarded attachments emanating either from within MindTree or outside. Please note that e-mails are susceptible to change and MindTree shall not be liable for any improper, untimely or incomplete transmission. MindTree reserves the right to monitor and review the content of all messages sent to or from MindTree e-mail address. Messages sent to or from this e-mail address may be stored on the MindTree e-mail system or else where.
Re: Thoughts on Camillia in openssl binaries?
Very interesting I'll keep and eye out for 5.10... Now back on topic... On 9/20/07, Steve Hay [EMAIL PROTECTED] wrote: Perl 5.9.5 contains numerous changes to support building with MSVC80. These changes will be in 5.8.9 when that gets released, but 5.10 is looking distinctly likely to be released before it (and, of course, will also contain the changes). Steve -- *From:* Jorge Schrauwen [mailto:[EMAIL PROTECTED] *Sent:* 20 September 2007 09:37 *To:* dev@httpd.apache.org *Subject:* Re: Thoughts on Camillia in openssl binaries? I found ActivePerl to not work to well on x64... I compiled the original perl source with MSVC70 and it works ok with extensions compiled with MSVC80... I never manged to get perl itself on MSVC80. I had no luck with ActiveState Perl. -- ~Jorge -- ~Jorge
FYI: Best of Open Source in Platforms Award by Infoworld
FYI: this info came in via the press mailing list ... http://www.infoworld.com/slideshow/2007/09/114-best_of_open_so-5.html ciao... -- Lars Eilebrecht [EMAIL PROTECTED]
Re: What is httpd -X?
On 9/20/07, Ashwani Kumar Sharma [EMAIL PROTECTED] wrote: What is httpd –X See: http://httpd.apache.org/docs/2.2/programs/httpd.html Whether I can use this –X option for the deployment. The better question is: why would you want to? You mention nothing about what problem you are trying to solve, so there isn't much advice we can give you. But I can't imagine many problems where running a single-process, non-detached web server in production would be the right solution. Joshua.
Re: [PATCH 43415] Logging remote port.
tisdagen den 18 september 2007 skrev Adam Hasselbalch Hansen: I have created a patch for httpd 2.2.6, giving the additional LogFormat directive %R, which logs the port of the host making the request. This is due to new legislation in Denmark, requiring ISPs and hosting companies to log the originating port of all traffic. Any feedback is appreciated :) FYI: This has been applied for the upcoming Mandriva 2008 release, thanks. -- Regards // Oden Eriksson
AW: What is httpd -X?
I'm wondering a bit why the -X argument is in the docs, but not listet using httpd -h regrads Mario -Ursprüngliche Nachricht- Von: Joshua Slive [mailto:[EMAIL PROTECTED] See: http://httpd.apache.org/docs/2.2/programs/httpd.html
Re: What is httpd -X?
Hello, * Joshua Slive [EMAIL PROTECTED] [20070920 15:12]: On 9/20/07, Ashwani Kumar Sharma [EMAIL PROTECTED] wrote: Whether I can use this –X option for the deployment. The better question is: why would you want to? You mention nothing about what problem you are trying to solve, so there isn't much advice we can give you. But I can't imagine many problems where running a single-process, non-detached web server in production would be the right solution. well, we had a special case where just about everything was handled by a custom (threaded) apache module .. one process was just fine, and not detaching allowed us to respawn directly via init ... we've moved from -X to -DNO_DETACH, thou, so we can do graceful restarts - those are completely disabled when -X is used, as this is mainly for debugging .. might be a reason why it's not really in the helppage. Br, Andreas -- flatline IT services - Andreas Kotes - Tailored solutions for your IT needs
RE: What is httpd -X?
Hi All, Please find my answer inline with this mail. Thanks and Regards, Ashwani Sharma Mob: 09916454843 Off: +91-80-26265053 -Original Message- From: Mario Brandt [mailto:[EMAIL PROTECTED] Sent: Thursday, September 20, 2007 7:11 PM To: 'dev@httpd.apache.org' Subject: AW: What is httpd -X? I'm wondering a bit why the -X argument is in the docs, but not listet using httpd -h I want to start the httpd web server through my own application and then I would like to shut down the web server once I wish to bring my application down, normally or abnormally (in case). Will it be fine if I spawn the Apache web server by httpd -X option? Would it create some unforeseen prob in my application. All this I am doing so that I can kill the apache web server through kill(pid, sigkill) option. Killing two httpd processes after spawning two httpd processes is difficult. regrads Mario -Ursprüngliche Nachricht- Von: Joshua Slive [mailto:[EMAIL PROTECTED] See: http://httpd.apache.org/docs/2.2/programs/httpd.html DISCLAIMER: This message (including attachment if any) is confidential and may be privileged. If you have received this message by mistake please notify the sender by return e-mail and delete this message from your system. Any unauthorized use or dissemination of this message in whole or in part is strictly prohibited. E-mail may contain viruses. Before opening attachments please check them for viruses and defects. While MindTree Consulting Limited (MindTree) has put in place checks to minimize the risks, MindTree will not be responsible for any viruses or defects or any forwarded attachments emanating either from within MindTree or outside. Please note that e-mails are susceptible to change and MindTree shall not be liable for any improper, untimely or incomplete transmission. MindTree reserves the right to monitor and review the content of all messages sent to or from MindTree e-mail address. Messages sent to or from this e-mail address may be stored on the MindTree e-mail system or else where.
Re: What is httpd -X?
On 9/20/07, Ashwani Kumar Sharma [EMAIL PROTECTED] wrote: I want to start the httpd web server through my own application and then I would like to shut down the web server once I wish to bring my application down, normally or abnormally (in case). Will it be fine if I spawn the Apache web server by httpd -X option? Would it create some unforeseen prob in my application. All this I am doing so that I can kill the apache web server through kill(pid, sigkill) option. Killing two httpd processes after spawning two httpd processes is difficult. No, this is not the right solution. As has already been pointed out in this thread, -DNO_DETACH is available if you just don't want apache detaching. But even easier, you only have to kill one single process (the apache parent process written to the httpd.pid log file) and that process will take care of killing off all the rest. But you do it withh SIGTERM, not SIGKILL, to give the process a chance to do the cleanup. Joshua.
Re: svn commit: r537429 - in /httpd/httpd/trunk/modules/proxy: mod_proxy.c mod_proxy.h
Author: jim Date: Sat May 12 07:12:24 2007 New Revision: 537429 URL: http://svn.apache.org/viewvc?view=revrev=537429 Log: Add regex pattern matching to ProxyPass, allowing, for example: ProxyPass ~ \.gif balancer://imagecluster It would also be really nice to have ProxyPassMatch, a la RedirectMatch and AliasMatch and DirectoryMatch, et al. Historically, we seem to have a problem with the '~' syntax in that it's extremely easy to overlook it in the documentation, or, in certain fonts, to misread it as '-' or '_'. --Rich
Re: [PATCH 43415] Logging remote port.
On 9/19/07, Plüm, Rüdiger, VF-Group [EMAIL PROTECTED] wrote: -Ursprüngliche Nachricht- Von: Adam Hasselbalch Hansen Gesendet: Mittwoch, 19. September 2007 11:13 An: dev@httpd.apache.org Betreff: Re: [PATCH 43415] Logging remote port. Plüm wrote: 1. Please provide a patch against trunk. mod_config_logger.c hasn't changed in trunk, so the patch will work fine. Sorry. Just a default comment if someone sends in a patch that is not against trunk :-). 2. Please also add a patch for the documentation. Done. Fine, I have already seen it in the report. 3. I am not too happy with using %R, but to be honest I have no better proposal :-). Maybe other have. Well, then... ;) I will leave around for just one or two days. If nobody has a better idea we just take %R. Feel free to bug me if your patch falls off my radar. There is an article on ONLamp a while back that used %S. But I like %R better ;) http://www.onlamp.com/pub/a/apache/2004/04/22/blackbox_logs.html?page=3 The patch just uses apr_itoa() -B
minor fix on httpd test case t/modules/include.t on perl-framework
Hi One particular perl-framework test case for httpd's include moduele keep on failing in solaris and other systems. test case 53 in t/include.t produces the following expected and received o/ps. # testing : GET /modules/include/file.shtml # expected: Monday, 31-Jul-2006 07:21:59 Monday, 31-Jul-2006 07:21:59 Monday, July 31, 2006 Monday, July 31, 2006 07:21:59 07:21:59 # received: Monday, 31-Jul-2006 07:21:59 PDT Monday, 31-Jul-2006 07:21:59 PDT Monday, July 31, 2006 Monday, July 31, 2006 07:21:59 07:21:59 not ok 53 The following simple fix on t/modules/include.t make the test pass through. Can I have your comments and get it committed. Thankyou. else { my $file = catfile($htdocs, splitpath($dir), file.shtml); my $mtime = (stat $file)[9]; my @time = localtime($mtime); my $strftime = sub($) { my $fmt = shift; + POSIX::strftime($fmt, @time); -POSIX::strftime($fmt, $time[0], $time[1], $time[2], $time[3], $time[4], -$time[5], -1, -1, -1); }; Regards Sris