mpm worker and mod_cgi

[Andrej van der Zee]

Hi,

I am compiling mod_cgi with apxs outside the httpd-2.2.9 source tree.
When I choose --with-mpm=prefork this works fine, but when I use
--with-mpm=worker it seems not to use the implementation in the module
at all (the cgi_handler hook method is never called, but CGI
applications seem to work fine). In both cases I configure httpd with
--disable-cgi. Am I doing something wrong, or is there something
special about CGI for the worker mpm?

Thank you,
Andrej

SSL toolkit detection in acinclude.m4

[Ruediger Pluem]

While investigating PR46018 I came across the following in acinclude.m4

  dnl Run header and version checks
  saved_CPPFLAGS=$CPPFLAGS
  saved_LIBS=$LIBS
  if test x$ap_ssltk_base != x; then
APR_ADDTO(CPPFLAGS, [-I$ap_ssltk_base/include])
APR_ADDTO(INCLUDES, [-I$ap_ssltk_base/include])
APR_ADDTO(LDFLAGS, [-L$ap_ssltk_base/lib])


Is there any reason why we only save / restore CPPFLAGS and LIBS and
not INCLUDES and LDFLAGS which are also modified?

The next thing I don't get is why we do not add `$apr_config --libs` to LIBS
any longer (since r669924). This causes -ldl to miss and thus the checks to fail
(I guess only if there is no pkgconfig file).

Regards

Rüdiger

Save the DOLLAR

[Johnny Kewl]

Petition : Save the DOLLAR

http://answers.yahoo.com/question/index?qid=20081016021357AAsrnFRr=w

I'm asking the geeks, because the politicians and bankers dont know what the 
hell they doing...

Dont answer here... go to the link.

Thanks

---
HARBOR : http://www.kewlstuff.co.za/index.htm
The most powerful application server on earth.
The only real POJO Application Server.
See it in Action : http://www.kewlstuff.co.za/cd_tut_swf/whatisejb1.htm
---
If you cant pay in gold... get lost...
http://coolharbor.100free.com/debt/usadebt.htm 

Re: strange usage pattern for child processes

[Akins, Brian]

On 10/15/08 6:56 PM, Graham Leggett [EMAIL PROTECTED] wrote:

 Obviously, if the loop comes round more than once, then the client comes
 into play. This definitely needs to be fixed, it is a big performance issue.

Could a more general purpose optimization be done?  I was thinking of a
generic store and forward filter.  Basically, just dump the entire brigade
into some storage (memory, file) in a loop (like deflate sorta does) without
sending to client at all until the response is finished.  This would work
for proxy, php, some strange handler, etc.

A small test I did was a module had a filter that just dumped all the
brigade contents into a temp file. When it saw EOS, it would then send the
complete file to the client (via sendfile, mmap, etc..) and remove the
tempfile. Almost like an in process X-Sendfile.   This very rudimentary
module increased overall throughput of some large SSI files by about 20% and
completely shielded origin servers from clients in some proxy tests.  It
also did not consume very much memory (although I was writing the temp files
into /dev/shm on Linux).

Basic logic - I ignored flush and meta buckets in my tests:

  while (!APR_BRIGADE_EMPTY(bb)) {

e = APR_BRIGADE_FIRST(bb);

if (APR_BUCKET_IS_EOS(e)) {
create a file bucket with the tempfile and send it along
tempfile was opened with APR_DELONCLOSE
} else {
apr_bucket_read(e,
write content to temp file
}
apr_bucket_delete(e);
 }
   apr_brigade_cleanup(bb);
return APR_SUCCESS;



-- 
Brian Akins
Chief Operations Engineer
Turner Digital Media Technologies

Re: [VOTE] Release Apache HTTP server 2.2.10

[Oden Eriksson]

Den Friday 10 October 2008 16:36:02 skrev Jim Jagielski:

For some unknown reason I suddenly get some failed tests on Mandriva Cooker, 
it worked fine 2008-10-10 (!?)

t/modules/digestNOK 6/13# Failed test 6 in t/modules/digest.t at 
line 84
t/modules/digestNOK 7/13# Failed test 7 in t/modules/digest.t at 
line 96
t/modules/digestNOK 8/13# Failed test 8 in t/modules/digest.t at 
line 106   
t/modules/digestNOK 11/13# Failed test 11 in t/modules/digest.t at 
line 141 
t/modules/digestNOK 12/13# Failed test 12 in t/modules/digest.t at 
line 152 
t/modules/digestFAILED tests 6-8, 11-12 




-- 
Regards // Oden Eriksson

Re: SSL toolkit detection in acinclude.m4

[Rainer Jung]

Ruediger Pluem wrote:

While investigating PR46018 I came across the following in acinclude.m4

  dnl Run header and version checks
  saved_CPPFLAGS=$CPPFLAGS
  saved_LIBS=$LIBS
  if test x$ap_ssltk_base != x; then
APR_ADDTO(CPPFLAGS, [-I$ap_ssltk_base/include])
APR_ADDTO(INCLUDES, [-I$ap_ssltk_base/include])
APR_ADDTO(LDFLAGS, [-L$ap_ssltk_base/lib])


Is there any reason why we only save / restore CPPFLAGS and LIBS and
not INCLUDES and LDFLAGS which are also modified?

The next thing I don't get is why we do not add `$apr_config --libs` to LIBS
any longer (since r669924). This causes -ldl to miss and thus the checks to fail
(I guess only if there is no pkgconfig file).


Yes, I ran into a similar issue, when compiling 2.2.10 against static 
openssl libs on Solaris, having no pkgconfig. Then you need to add -ldl, 
-lnsl, -lsocket during the configure tests, because otherwise tehy fail. 
That was not necessary until 2.2.9.


Regards,

Rainer

Re: [VOTE] Release Apache HTTP server 2.2.10

[Sander Temme]

On Oct 16, 2008, at 6:07 AM, Oden Eriksson wrote:

For some unknown reason I suddenly get some failed tests on Mandriva  
Cooker,

it worked fine 2008-10-10 (!?)



I saw that on my Solaris x86 VM, but it happened across the board  
against 2.2.9 and the 2.2.10 rc.  And, I didn't see it on either  
Ubuntu or my Mac so I'm blaming staleness in the Perl setup on that  
Solaris install.


S.

--
Sander Temme
[EMAIL PROTECTED]
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF





smime.p7s
Description: S/MIME cryptographic signature

Re: strange usage pattern for child processes

[Lars Eilebrecht]

Ruediger Pluem wrote:

 This is a pity, because then it will become much harder to debug
 this issue. Any chance you get shell access or that you can instruct
 the administrators in the service company to get the needed information
 for you?

Getting shell access is very unlikely ...
However, initial tests using mod_disk_cache have been very good.
The performance of mod_mem_cache compared to mod_disk_cache is
just very bad ... It seems the main issue is/was that under high
load the child process(es) of Apache just starve while trying to
read something from the mem cache or to write something to it.
But well, without access to the box I couldn't really dig into
what exactly is happening in such a case.


 Ok. MaxSpareThreads is set to 75 with ThreadsPerChild 256. This means
 that StartServers 3 is pointless because after starting *one* process we 
 already
 have way too much spare threads *overall*. So the other 2 processes will get 
 killed
 immediately :-).

Yes you are right, I missed that MaxSpareThreads applies to all child
processes. But I didn't wrote the config. ;-)

However, I still find it a bit odd that we actually use only a single
process and only start using threads of another child process once
all threads of the other process are busy. Wouldn't it make more
sense to keep spare threads in all child processes instead of just
one? Especially if the config has low MaxRequestsPerChild limit.
Or am I missing something?

ciao...
-- 
Lars Eilebrecht
[EMAIL PROTECTED]

Re: strange usage pattern for child processes

[Ruediger Pluem]

On 10/16/2008 02:35 PM, Lars Eilebrecht wrote:
 Ruediger Pluem wrote:
 
 This is a pity, because then it will become much harder to debug
 this issue. Any chance you get shell access or that you can instruct
 the administrators in the service company to get the needed information
 for you?
 
 Getting shell access is very unlikely ...
 However, initial tests using mod_disk_cache have been very good.
 The performance of mod_mem_cache compared to mod_disk_cache is
 just very bad ... It seems the main issue is/was that under high
 load the child process(es) of Apache just starve while trying to
 read something from the mem cache or to write something to it.
 But well, without access to the box I couldn't really dig into
 what exactly is happening in such a case.

Maybe while writing as mod_mem_cache needs to do locking over all threads
during several processing phases.

 
 
 Ok. MaxSpareThreads is set to 75 with ThreadsPerChild 256. This means
 that StartServers 3 is pointless because after starting *one* process we 
 already
 have way too much spare threads *overall*. So the other 2 processes will get 
 killed
 immediately :-).
 
 Yes you are right, I missed that MaxSpareThreads applies to all child
 processes. But I didn't wrote the config. ;-)

I have not assumed that you wrote the config :-).

 
 However, I still find it a bit odd that we actually use only a single
 process and only start using threads of another child process once
 all threads of the other process are busy. Wouldn't it make more
 sense to keep spare threads in all child processes instead of just
 one? Especially if the config has low MaxRequestsPerChild limit.
 Or am I missing something?

Two points that can happen:

1. Because of the configuration you only have one process started. Once it 
reaches
   MinSpareThreads it starts a second one. Depending on the request types the
   first process still has a lot of keepalive connections and thus is more busy
   than the second process.

2. Unfair lock handling on OS side. Each process tries to get the accept mutex.
   If getting the lock is not fairly distributed over the two processes then
   one process has to handle more connections than the other one.

Given the MaxRequestsPerChild limit (why is there one at all), the configuration
is especially unfortunate as if there is only one process there are times where
httpd does not accept new connections at all until it has started an additional
process. So MPM settings should be in a way that they allow an idle system to
run more than one process.
But, who I am a telling, you didn't wrote the config :-).

Regards

Rüdiger

Re: svn commit: r704883 - /httpd/httpd/trunk/Apache.dsw

[William A. Rowe, Jr.]

Tom Donovan wrote:
 William A. Rowe, Jr. wrote:
 [EMAIL PROTECTED] wrote:
 Author: tdonovan
 Date: Wed Oct 15 05:24:25 2008
 New Revision: 704883

 URL: http://svn.apache.org/viewvc?rev=704883view=rev
 Log:
 Windows: add apr_dbd_odbc project to Visual Studio workspace .dsw file

 Hmmm?  Guess I'm confused, we trigger _try_dbd in Makefile.win for the
 BuildBin
 target.  We could default to building this as a dependency but it
 really isn't
 needed if _try_dbd sees a default odbc list, which could be a simple
 ifndef
 test of DBD_LIST.

 More likely I'm the one confused.
 
 You are correct, this change isn't necessary for either a command-line
 build using the generated .mak files (from the Windows .zip
 distribution), or for an IDE build.
 
 _try_dbd works as you describe and it builds the odbc driver for the
 BuildBin target.
 
 If there are no .mak files, the symbol USEDSW=1 is defined; then the
 build uses:
 
 msdev Apache.dsw /USEENV /MAKE  apr_dbd_odbc - Win32 $(LONG)
 
 which fails without an apr_dbd_odbc project in Apache.dsw.  This can
 happen if the source is from a snapshot or from svn, instead of from the
 Windows source .zip file.
 
 It also seemed odd in the IDE to see a project for each of the other dbd
 drivers, but no project for odbc.
 
 I couldn't see any disadvantage to having an apr_dbd_odbc project in
 Apache.dsw, but maybe I'm missing something.

HA!  Yes I was confused, too.  apr_dbd_odbc must be added as a project.
It does not become a -dependency- of any particular target.

We'll always build it; we could leave it out of the _try_dbd default list.
But since we can't imagine many users ever inspecting or changing that
code and recompiling it with local changes, the _try_dbd solution is likely
the simplest.

At some point, it would be nice to add some decision making so that the
others, beyond odbc, can be detected if they just reside somewhere in the
LIB and INCLUDE paths :)

[ANNOUNCEMENT] Apache HTTP Server 2.2.10 Released

[Jim Jagielski]

   Apache HTTP Server 2.2.10 Released

   The Apache Software Foundation and the Apache HTTP Server Project  
are

   pleased to announce the release of version 2.2.10 of the Apache HTTP
   Server (Apache).  This version of Apache is principally a bug and
   security fix release. The following potential security flaws are
   addressed:

 * CVE-2008-2939 (cve.mitre.org)
   mod_proxy_ftp: Prevent XSS attacks when using wildcards in the
   path of the FTP URL. Discovered by Marc Bevand of Rapid7.

   We consider this release to be the best version of Apache  
available, and

   encourage users of all prior versions to upgrade.

   Apache HTTP Server 2.2.10 is available for download from:

 http://httpd.apache.org/download.cgi

   Apache 2.2 offers numerous enhancements, improvements, and  
performance

   boosts over the 2.0 codebase.  For an overview of new features
   introduced since 2.0 please see:

 http://httpd.apache.org/docs/2.2/new_features_2_2.html

   Please see the CHANGES_2.2 file, linked from the download page,  
for a

   full list of changes.  A condensed list, CHANGES_2.2.10 provides the
   complete list of changes since 2.2.9. A summary of security
   vulnerabilities which were addressed in the previous 2.2.9 and  
earlier

   releases is available:

 http://httpd.apache.org/security/vulnerabilities_22.html

   Apache HTTP Server 1.3.41 and 2.0.63 legacy releases are also  
currently

   available.  See the appropriate CHANGES from the url above.  See the
   corresponding CHANGES files linked from the download page.  The  
Apache

   HTTP Project developers strongly encourage all users to migrate to
   Apache 2.2, as only limited maintenance is performed on these legacy
   versions.

   This release includes the Apache Portable Runtime (APR) version  
1.3.0
   bundled with the tar and zip distributions.  The APR libraries  
libapr
   and libaprutil (and on Win32, libapriconv) must all be updated to  
ensure

   binary compatibility and address many known platform bugs.

   This release builds on and extends the Apache 2.0 API.  Modules  
written
   for Apache 2.0 will need to be recompiled in order to run with  
Apache

   2.2, and require minimal or no source code changes.

 http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/VERSIONING

   When upgrading or installing this version of Apache, please bear  
in mind
   that if you intend to use Apache with one of the threaded MPMs  
(other

   than the Prefork MPM), you must ensure that any modules you will be
   using (and the libraries they depend on) are thread-safe.

Re: svn commit: r705361 - in /httpd/httpd/trunk/modules/aaa: mod_authz_dbd.c mod_authz_dbm.c mod_authz_groupfile.c mod_authz_owner.c mod_authz_user.c

[Eric Covener]

On Thu, Oct 16, 2008 at 5:09 PM,  [EMAIL PROTECTED] wrote:

 NOTE: I can't test mod_authnz_ldap.c myself, so I'm not sure if it
 needs similar fixes.  On the one hand, a NULL r-user in the authz
 handlers always generates a log message.  However, it appears that
 authn_ldap_build_filter() will sometimes then be called, perform no
 action, which may result in a possibly uninitialized filtbuf buffer
 being passed to util_ldap_cache_getuserdn().  I don't know if that
 could cause problems in the LDAP cache code.  If someone familiar with
 LDAP authz could take a look, that would be much appreciated.

IIUC mod_authnz_ldap would follow the pattern of the modules in your
commit and not mod_authz_host.

Authorization in LDAP has a special path for when authentication
wasn't handled by mod_authnz_ldap, but r-user still may be mappable
to an DN on the LDAP server. Net, it can't do anything useful without
r-user.  This short-circuit should be possible well before the
problematic functions you mention.

-- 
Eric Covener
[EMAIL PROTECTED]