Re: svn commit: r1357986 - /httpd/mod_fcgid/trunk/modules/fcgid/fcgid_bridge.c

2013-10-02 Thread Chris Darroch
Chris Darroch wrote: The intent of r1357986 was to deal with a particular, wonky sub-case, when the Authorizer returns 200 (so the spec paragraph doesn't apply in this case, as it's a 200 OK response), but adds a Location header with a relative (not absolute) path. In this case, 2.3.7 and pr

Re: svn commit: r1357986 - /httpd/mod_fcgid/trunk/modules/fcgid/fcgid_bridge.c

2013-10-02 Thread Chris Darroch
Jeff Trawick wrote: URL: http://svn.apache.org/viewvc?rev=1357986&view=rev Log: Avoid internal sub-requests and processing of Location headers when in FCGI_AUTHORIZER mode, as the mod_fcgid_authenticator(), etc. hook fun

Re: mod_proxy, oooled backend connections and the keep-alive race condition

2013-10-02 Thread Yann Ylavic
Is the "Step Three-and-a-Half" really required since ap_proxy_connect_backend() (that does the same is_socket_connected() check) is run almost before? May the ap_proxy_connection_create() function in between take some time or is it a last chance to catch the race? Regards On Thu, Oct 3, 2013 at

Re: mod_proxy, oooled backend connections and the keep-alive race condition

2013-10-02 Thread Yann Ylavic
A late (little) fix below... On Thu, Oct 3, 2013 at 12:14 AM, Yann Ylavic wrote: > > Index: modules/proxy/proxy_util.c > === > --- modules/proxy/proxy_util.c(revision 1528615) > +++ modules/proxy/proxy_util.c(working copy)

Re: Is AuthnProviderAlias subtly broken in 2.4?

2013-10-02 Thread tguadagno
please chime in, on this bug https://issues.apache.org/bugzilla/show_bug.cgi?id=55622 -- View this message in context: http://apache-http-server.18135.x6.nabble.com/Is-AuthnProviderAlias-subtly-broken-in-2-4-tp5008056p5009073.html Sent from the Apache HTTP Server - Dev mailing list archive at

Re: Is AuthnProviderAlias subtly broken in 2.4?

2013-10-02 Thread tguadagno
actually, that approach was depricated in 2.3(i think), you can do that in 2.2. the replacement was supposed to be aliasing -- View this message in context: http://apache-http-server.18135.x6.nabble.com/Is-AuthnProviderAlias-subtly-broken-in-2-4-tp5008056p5009071.html Sent from the Apache HTTP

Re: Is AuthnProviderAlias subtly broken in 2.4?

2013-10-02 Thread Eric Covener
You c On Wed, Oct 2, 2013 at 1:40 PM, tguadagno wrote: > hi, thanks for the update. is there any way to get ldap redundancy without > aliasingi thought not. You can put multiple hostnames in one AuthLDAPURL. TBH I'm not sure those aliases permit two different AuthLDAPURL's combined that wa

Re: Is AuthnProviderAlias subtly broken in 2.4?

2013-10-02 Thread tguadagno
hi, thanks for the update. is there any way to get ldap redundancy without aliasingi thought not. -- View this message in context: http://apache-http-server.18135.x6.nabble.com/Is-AuthnProviderAlias-subtly-broken-in-2-4-tp5008056p5009068.html Sent from the Apache HTTP Server - Dev mailing

Re: Is AuthnProviderAlias subtly broken in 2.4?

2013-10-02 Thread Mikhail T.
02.10.2013 09:59, tguadagno ???(??): > hi, i am having the same issue, have you figured out a fix yet? Nope... I rewrote the config replicating in multiple places the details, that were neatly "aliased" in 2.2 -mi

Re: Is AuthnProviderAlias subtly broken in 2.4?

2013-10-02 Thread tguadagno
hi, i am having the same issue, have you figured out a fix yet? -- View this message in context: http://apache-http-server.18135.x6.nabble.com/Is-AuthnProviderAlias-subtly-broken-in-2-4-tp5008056p5009054.html Sent from the Apache HTTP Server - Dev mailing list archive at Nabble.com.

Re: mod_proxy, oooled backend connections and the keep-alive race condition

2013-10-02 Thread Yann Ylavic
On Wed, Oct 2, 2013 at 9:40 AM, Thomas Eckert wrote: > Yann, although I do expect it to solve the issue discussed here, I don't > think simply flushing everything instantly is the right way to go. For > example, how do the proposed changes work with modules which scan the > request body like mod

Re: Add skiplist to APR 1.5 (Was: Re: event MPM (Was: Re: Planning for 2.4.7 in Oct))

2013-10-02 Thread Jim Jagielski
Now that skiplist is being added to APR 1.5, I will start the process of moving trunk to use it and will propose a backport for 2.4...

Re: Streamlining/improving ephemeral key handling in mod_ssl?

2013-10-02 Thread Hanno Böck
On Mon, 30 Sep 2013 18:40:28 +0200 Kaspar Brand wrote: > Testing patches and reporting on its results e.g. (as previously > solicited in this thread). I have put a backport of the relevant trunk > commits under > > https://people.apache.org/~kbrand/mod_ssl-2.4.x-ekh.diff I found that this doesn

Re: mod_proxy, oooled backend connections and the keep-alive race condition

2013-10-02 Thread Thomas Eckert
Yann, although I do expect it to solve the issue discussed here, I don't think simply flushing everything instantly is the right way to go. For example, how do the proposed changes work with modules which scan the request body like mod_security ? A lot of scanning/parsing can only be done in a sen

Re: [PATCH 55593] Add "SSLServerInfoFile" directive

2013-10-02 Thread Kaspar Brand
On 01.10.2013 12:15, Dr Stephen Henson wrote: > That's just OpenSSL internals though. To handle ServerInfo properly in mod_ssl > IMHO you would need a new directive as there's no support for per-certificate > SSL_CONF commands: it wasn't intended to be used like that in its current > form. > > Th