+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned
Several times a year, we get offers or full dumps of programmatic static
code analysis.
We have, for decades, rejected it all, and invited reporters to bring
specific analysis of actually problematic cases back to the list (or
security@, as applicable.)
If anyone is interested, we consistently in
G/A and apologies for the delay...I'm not on the net 24/7...
Yes, a 'clean' and 2.2.x build goes to completion without issue.
Norm
On 8/01/2017 12:29 AM, Yann Ylavic wrote:
On Sat, Jan 7, 2017 at 1:35 AM, William A Rowe Jr wrote:
Great catch, thanks Norm. That too is part of the r1753592 backp
Howdy,
I ran clang-analyzer against the HTTPD master branch, and it found 126 issues.
Many of these are benign, but I was curious if the community has any thoughts
on this? With another project, I’ve found that keep static code analysis to
zero issues can really help finding new, serious issues
> On Jan 7, 2017, at 3:25 PM, Reindl Harald wrote:
>
>
>
> Am 07.01.2017 um 22:53 schrieb Yann Ylavic:
>> On Sat, Jan 7, 2017 at 9:30 AM, Reindl Harald wrote:
>>>
>>> something like below where "X-TLS-Offloading" is only evaluated from
>>> "RemoteIPInternalProxy" pyhsical addressess
>>>
>>>
On Sun, Jan 8, 2017 at 12:39 AM, Reindl Harald wrote:
>
> Am 08.01.2017 um 00:31 schrieb Yann Ylavic:
>>
>> On Sun, Jan 8, 2017 at 12:22 AM, Reindl Harald
>> wrote:
>>>
>>>
>>> ok, so we need to continue the code below and set the option in every
>>> tls-offloaded application - intention of this
Am 08.01.2017 um 00:31 schrieb Yann Ylavic:
On Sun, Jan 8, 2017 at 12:22 AM, Reindl Harald wrote:
ok, so we need to continue the code below and set the option in every
tls-offloaded application - intention of this thread was maybe get this
transparent which seems not to be possible
It is "
On Sun, Jan 8, 2017 at 12:22 AM, Reindl Harald wrote:
>
> ok, so we need to continue the code below and set the option in every
> tls-offloaded application - intention of this thread was maybe get this
> transparent which seems not to be possible
It is "technically" possible, but not wise IMHO.
M
Am 07.01.2017 um 23:53 schrieb Yann Ylavic:
On Sat, Jan 7, 2017 at 11:25 PM, Reindl Harald wrote:
Am 07.01.2017 um 22:53 schrieb Yann Ylavic:
Wouldn't something like this work?
RewriteRule on
RewriteCond %{ENV:remoteip-proxy-ip-list} .
RewriteCond %{HTTP:X-TLS-Offloading} ^true$
RewriteRul
On Sat, Jan 7, 2017 at 11:25 PM, Reindl Harald wrote:
>
> Am 07.01.2017 um 22:53 schrieb Yann Ylavic:
>>
>> Wouldn't something like this work?
>>
>> RewriteRule on
>> RewriteCond %{ENV:remoteip-proxy-ip-list} .
>> RewriteCond %{HTTP:X-TLS-Offloading} ^true$
>> RewriteRule ^ - [E=HTTPS:on,E=REQUEST
Am 07.01.2017 um 22:53 schrieb Yann Ylavic:
On Sat, Jan 7, 2017 at 9:30 AM, Reindl Harald wrote:
something like below where "X-TLS-Offloading" is only evaluated from
"RemoteIPInternalProxy" pyhsical addressess
RemoteIPHeader X-Forwarded-For
RemoteTLSHeaderX-TLS-Offloading
Re
On Sat, Jan 7, 2017 at 9:30 AM, Reindl Harald wrote:
>
> something like below where "X-TLS-Offloading" is only evaluated from
> "RemoteIPInternalProxy" pyhsical addressess
>
> RemoteIPHeader X-Forwarded-For
> RemoteTLSHeaderX-TLS-Offloading
> RemoteIPInternalProxy 192.168.196.1
>
Am 07.01.2017 um 17:04 schrieb Jered Floyd:
Does the "sslheaders" experimental plugin meet your needs?
https://docs.trafficserver.apache.org/en/latest/admin-guide/plugins/sslheaders.en.html
not really beause it's not transparent to the application and so i can
continue fake the $_SERVER var
On Sat, Jan 7, 2017 at 2:30 AM, Reindl Harald wrote:
> * Apache Trafficserver in front
> * ATS configured for TLS-offloading
> * connection to backend-httpd on the LAN unencrypted
> * mod_remoteip correctly configured on backend httpd
>
> is there any way to make the backend php application aware
On Sat, Jan 7, 2017 at 1:35 AM, William A Rowe Jr wrote:
> Great catch, thanks Norm. That too is part of the r1753592 backport
> proposal, hoping someone is willing to look at these proposals.
Now backported to 2.2.x (r175), along with other accepted "SNI" patches.
Norm, does it work for you?
NormW in gmane.comp.apache.devel (Sat, 7 Jan 2017 11:31:32 +1100):
> D:\Projects\svn\httpd-2.2.x>svn diff
> Index: modules/proxy/mod_proxy.c
> ===
> --- modules/proxy/mod_proxy.c (revision 1777591)
> +++ modules/proxy/mod_proxy.c (
* Apache Trafficserver in front
* ATS configured for TLS-offloading
* connection to backend-httpd on the LAN unencrypted
* mod_remoteip correctly configured on backend httpd
is there any way to make the backend php application aware that in fact
$_SERVER['HTTPS'] and $_SERVER['REQUEST_SCHEME'] s
17 matches
Mail list logo