Re: Memory leak in mod_ssl ssl_callback_TmpDH

[Joe Orton]

On Wed, May 28, 2014 at 10:10:16PM +0200, Ruediger Pluem wrote:
 Thanks, but I missed some stuff during review:
 
 1. We don't need to have two DH pointers in make_dh_params

Doh! 

 2. There possible frees on NULL pointers in free_dh_params:

This is unnecessary because DH_free() does that already, but that 
deserves a comment too.  I'll fix this with your patch for (1) shortly, 
thanks!

Re: svn commit: r1598299 - in /httpd/httpd/branches/2.2.x/docs/manual/mod: mod_autoindex.html.fr mod_autoindex.xml.ja mod_autoindex.xml.ko mod_autoindex.xml.tr

[Marion Christophe JAILLET]

Le 29/05/2014 16:12, lgen...@apache.org a écrit :

Author: lgentis
Date: Thu May 29 14:11:59 2014
New Revision: 1598299

URL: http://svn.apache.org/r1598299
Log:
Rebuild.

Modified:
 httpd/httpd/branches/2.2.x/docs/manual/mod/mod_autoindex.html.fr

Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/mod_autoindex.html.fr
URL: 
http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/docs/manual/mod/mod_autoindex.html.fr?rev=1598299r1=1598298r2=1598299view=diff
==
--- httpd/httpd/branches/2.2.x/docs/manual/mod/mod_autoindex.html.fr (original)
+++ httpd/httpd/branches/2.2.x/docs/manual/mod/mod_autoindex.html.fr Thu May 29 
14:11:59 2014
@@ -568,7 +568,7 @@ de l'index d'un répertoire/td/tr
  expression avec caractères génériques de style shell ou un nom de
  fichier complet. Plusieurs directives IndexIgnore effectuent des
  ajouts à la liste, et ne remplacent pas la liste des fichiers à
-ignorer. Par défaut, la liste contient code./code (le répertoire
+ignorés. Par défaut, la liste contient code./code (le répertoire
  courant)./p


Hmmm. Vraiment ???
Sinon, il faudrait enlever le à de la ligne précédente.

Idem pour 2.4 et le tronc.

CJ

Re: mod_ssl and missing debug logging

[Falco Schwarz]

 On 29 May 2014, at 19:15, Graham Leggett minf...@sharp.fm wrote:
 LogLevel debug
 This is httpd v2.4.9.

Unfortunately I am unable to help you with your error, however if you're trying 
to see more information, did you try to turn logging all the way up?

LogLevel warn ssl:trace4

You could try even higher, up until trace8. It can ne quite noisy though and at 
some point it starts to get unusable. 

Is there a reason for internal_internal_redirect to rename env variables?

[Gary Mort]

An interesting oddity with mod_rewrite is that it is very 
difficult[impossible?] to set environmental variables.


Because of the multiple passes apache makes through the entire rewrite 
ruleset, env variables tend to end up with the prefix 'redirect_' added 
to them.


At first it seemed like the issue was the difference between the Last 
and the END flag for rewrite_rules:

http://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewriterule

However, there does not seem to be any set of variables which can ensure 
apache will skip reprocessing htaccess rules.


The problem appears to be that the environmental variables are renamed 
before checking for the end flag:


After a pass through hook_fixup is complete, the new request information 
will be sent back to a special internal rewriter:

https://github.com/apache/httpd/blob/trunk/modules/mappers/mod_rewrite.c#L5080

This in turn starts the whole rule checking process over again in 
http_request and the request record is copied into a new record in 
internal_internal_redirect - at which time the environemental variables 
are renamed.

https://github.com/apache/httpd/blob/trunk/modules/http/http_request.c#L473

This then kicks back another pass through hook_fixup in mod_rewrite - at 
which point mod_rewrite will detect that the END flag had been set and 
so all htaccess rules are skiped:

https://github.com/apache/httpd/blob/trunk/modules/mappers/mod_rewrite.c#L4843

The problem is that this is too late in the process, by this point in 
time the env vars have been renamed.


I've tried hacking around with mod_rewrite and http_request to add 
another check for the END flag so as to abort processing.  The most 
promising was to copy lines 4842 through 4847 so that they also appeared 
right before the internal redirect in the same function at line 5079

https://github.com/apache/httpd/blob/trunk/modules/mappers/mod_rewrite.c#L5079

Placing it at that spot would correctly stop the rewrite processing, but 
it would also stop some additional filename cleanup/directory prefix 
cleanup - so where I had rules to internally redirect missing file 
requests to a specific php file Apache could not find the file[but it 
could load the file when directly entered]


I also tried adding some checks into http_request but they didn't seem 
to be called at all.



The easiest solution would be to simply replace line 473 in http_request.c
new-subprocess_env=rename_original_env(r-pool,r-subprocess_env);
with

new-subprocess_env=r-subprocess_env;

As near as I can tell, the internal redirect logic is explictly only for 
internal redirects, so there is no need to rename environemntal 
variables at all.


Rather then continue fiddling with it, I am using that small change for 
my own server and I wanted to find out of there was some reason for this 
behaviour today? [I realise that this function may well have been called 
from many places in the past and so used to need to rename the 
variables- I just can't see any reason for it today]


-Gary

Re: Is there a reason for internal_internal_redirect to rename env variables?

[Eric Covener]

On Thu, May 29, 2014 at 4:34 PM, Gary Mort garyam...@gmail.com wrote:
 An interesting oddity with mod_rewrite is that it is very
 difficult[impossible?] to set environmental variables.

In per-directory context only, right?

-- 
Eric Covener
cove...@gmail.com

Re: Is there a reason for internal_internal_redirect to rename env variables?

[Gary Mort]

On 05/29/2014 04:38 PM, Eric Covener wrote:

On Thu, May 29, 2014 at 4:34 PM, Gary Mort garyam...@gmail.com wrote:

An interesting oddity with mod_rewrite is that it is very
difficult[impossible?] to set environmental variables.

In per-directory context only, right?



I believe so.  For my structure I have a single .htaccess file in my 
root directory.  A request to http://localhost/static/missing.png will 
be rewritten internally so instead of trying to load the non-existent 
file static/missing.png it will instead execute actions/badmedia.php


There is only a single .htaccess file in the root web directory[ie there 
is no static/.htaccess file or actions/.htaccess file].


What threw me initially was that I made the assumption that 
per-directory context meant that there were multiple .htaccess files, 
when in fact as far as I can tell it just means that for each file 
pattern, apache will reprocess the request with the ruleset specific to 
that context.


ie for apache processing, there are 3 sets of rules:
One for the root directory
One for the static sub-directory, which is inherited from the root
One for the actions sub-directory, which is inherited from the root

Even though the rulesets all come from the same file, internally Apache 
considers them independent and thus 'per-directory' refers to the 
internal processing?


The renaming of env variables causes a lot of confusion...searching 
around initially I saw many people banging their head into the same issue:

http://stackoverflow.com/questions/3050444/when-setting-environment-variables-in-apache-rewriterule-directives-what-causes

The only real solution seems to be to write a rewrite rule for every 
variable.
Ie if I want to potentially set an env variable called: 
OriginalMediaFile then I would also need to have


|RewriteCond  %{ENV:REDIRECT_OriginalMediaFile}  !^$
RewriteRule  .*  -  [E=OrginalMediaFile:%{ENV:REDIRECT_OriginalMediaFile}]|


Since I was setting potentially up to 20 variables, I didn't want to 
maintain that list which was why I looked into trying to get Apache to 
honor the 'END' flag before renaming the variables.   Since that didn't 
work, I figured I'd ask to see if there was a strong reason for renaming 
those variables in Apache 2.4.9 - since it's just a one line code change 
to fix it if there isn't.

Re: mod_ssl and missing debug logging

[Yann Ylavic]

On Thu, May 29, 2014 at 7:14 PM, Graham Leggett minf...@sharp.fm wrote:
 Ring any bells?

I noticed in [1] that no mod_ssl log callback was set on the write
side of the SSL connection (wbio).
That probably only concerns network events/errors, but maybe the patch
proposed there can help.
The callback is level TRACE4 though.

Regards,
Yann.

[1] 
http://mail-archives.apache.org/mod_mbox/httpd-dev/201401.mbox/%3ccakq1svmvpckx_gf9w72ghyefqdddvkqvpdjxkgc5cst8yyd...@mail.gmail.com%3E