Hi all,
I'm trying to work on getting some sane AJP proxy configurations using
Apache 2.2.4.
The problem I'm running into is that we use RewriteRules to use regular
expression matching for proxying. In a previous thread on this dev list
there was a discussion around ProxyPass being
Brad Nicholes wrote:
Maybe I missed this before, but what platform or LDAP SDK does this fail on?
The Novell LDAP SDK obviously supports LDAP_DEFAULT_SIZELIMIT (-1) and
according to the OpenLDAP source code, it also supports the same functionality
if the value of sizelimit is -1 even though
I just submitted bug 42120. It appears that Apache is improperly (at
least I think it's improper) matching Location blocks when doing
authentication if a path component parameter is passed on.
Specifically, something like this
Location /webapp/servlet/SomeServlet
{Auth stuff}
/Location
In
Nick Kew wrote:
On Fri, 13 Apr 2007 16:30:06 -0500
Andy Wang [EMAIL PROTECTED] wrote:
There are a number of potential workarounds (LocationMatch, or
Multiple Location blocks to deal with the ;* pattern) but it does
seem like this is a bug unless someone can clarify RFC 2396 section
3.3
We noticed that with mod_proxy_ajp, it's not possible to set an
indefinite timeout like was possible with mod_jk. So a long running JSP
page, for example:
% Thread.sleep(96); %
With mod_proxy_ajp timeout set to 300 will cause a 503 to be thrown back
to the client since mod_proxy_ajp's
Any chance I can convince a developer to look at Apache Bug #37814:
http://issues.apache.org/bugzilla/show_bug.cgi?id=37814
I've gotten about half a dozen pings offline about people asking if the
patch I posted fixes the problem (it does indeed), and it'd be nice if
we can get this workaround
William A. Rowe, Jr. wrote:
Andy Wang wrote:
I noticed that with OpenLDAP 2.2.x, auth_ldap from apache on windows
fails. The actual error ends up being a invalid size limit on the
openldap end of things.
Please clarify, this is the win32 WLDAP32.dll client to OpenLDAP 2.2
backend ldap
is even using any of the extended features of
ldap_search_ext_s so why bother using it.
I'd be more than willing to create the patch if someone wants to comment
on which solution they like more.
Andy
Andy Wang wrote:
William A. Rowe, Jr. wrote:
Please clarify, this is the win32 WLDAP32
.
Ideally sizelimit could be configureable via a module directive, but
since we'll be maintaining our own build with this patch I didn't want
to do anything too heavyweight.
Andy
Andy Wang wrote:
I noticed that with OpenLDAP 2.2.x, auth_ldap from apache on windows
fails. The actual error ends up
Bug filed:
http://issues.apache.org/bugzilla/show_bug.cgi?id=40051
Hi all,
We noticed that with Apache 2.2.9 when the bundled APR is used, the
bindist installation ends up having the following structure in bindist/lib:
./pkgconfig
./pkgconfig/apr-1.pc
./pkgconfig/apr-util-1.pc
./libapr-1.so.0.3.0
./libapr-1.so.0
./libapr-1.so
./libapr-1.la
./libapr-1.a
William A. Rowe, Jr. wrote:
Eric Covener wrote:
One case to keep on the radar: There can be configuration mechanisms
for the loader outside of the SHLIB_PATH envvar. If this is apr-util
in /usr/lib, so no shlib-path-var is in use, would we be able to find
/usr/lib/apr-util-1/apr_foo-1.so?
William A. Rowe, Jr. wrote:
In the long term, we have to fix apr-util, really not httpd's problem,
to teach apr-util's apu_dso to hunt in each shlibpath dir and its
apr-1-config subdir.
Ahh I see. So your thoughts are to fix the bindist relocation problem,
having apr-util look in all the
William A. Rowe, Jr. wrote:
In a case where it is relocated, envvar just needs to be updated right?
As a workaround, yes.
In the long term, we have to fix apr-util, really not httpd's problem,
to teach apr-util's apu_dso to hunt in each shlibpath dir and its
apr-1-config subdir.
As for
William A. Rowe, Jr. wrote:
For what it's worth I also did try using the ldap_search_ext_sW call
directy inside the uldap_cache_checkuserid function but that resulted
in a filter error.
Yup :)
So if you were to tweak things to decode utf-8 into unicode and then
invoke
the W flavor, it
mangled
with the ? character:
entry = ldap_first_entry(ldc-ldap, res);
dn = ldap_get_dn(ldc-ldap, entry);
Thanks,
Andy
Eric Covener wrote:
On Wed, Jul 16, 2008 at 4:55 PM, Andy Wang [EMAIL PROTECTED] wrote:
the case where we're seeing this none of the arguments contain anything
other
William A. Rowe, Jr. wrote:
That's correct. Windows utf-8 code page 65001 or so is only a psuedo
page
in all older and (afaik) newer flavors of windows). So it's returning
this
character in the local code page, can't represent it, and falls back
on '?'.
Yup, and that's what our assumption
Ruediger Pluem wrote:
According to the Microsoft
(http://support.microsoft.com/default.aspx/kb/314053)
TcpMaxConnectRetransmissions
Key: Tcpip\Parameters
Value Type: REG_DWORD - Number
Valid Range: 0 - 0x
Default: 2
Description: This parameter determines the number of times that
. Any thoughts?
--
Jess Holle
Andy Wang wrote:
Ruediger Pluem wrote:
According to the Microsoft
(http://support.microsoft.com/default.aspx/kb/314053)
TcpMaxConnectRetransmissions
Key: Tcpip\Parameters
Value Type: REG_DWORD - Number
Valid Range: 0 - 0x
Default: 2
Description
Ruediger Pluem wrote:
Correct and my statement didn't imply to set this registry value to 0. I think
this is a dangerous road and could lead to other network problems.
While your statement didn't imply that, the microsoft knowledge base
article seems to imply that this registry setting
On 08/21/2012 06:55 AM, Jim Jagielski wrote:
NOTE to Windows users: The issues with AcceptFilter None replacing
Win32DisableAcceptEx appears to have resolved starting with version
2.4.3 make Apache httpd 2.4.x suitable for Windows servers.
I noticed the following blurb from
Is there any chance the details of how to build the windows src packages
can be made available? I'd love to learn what exactly needs to be done
here.
Thanks,
Andy
On 09/25/2012 06:53 PM, Guenter Knauf wrote:
Am 25.09.2012 17:28, schrieb Jim Jagielski:
This *really* seems like some tribal
This was brought up a while ago that the Apache 2.4.x and 2.2.23 builds
were lacking the win32 source bundle. There was some discussion about
how to build these bundles:
http://mail-archives.apache.org/mod_mbox/httpd-dev/201209.mbox/%3C506243E0.3050108%40apache.org%3E
Is there anyway to make
On 12/18/2012 02:45 PM, Gregg Smith wrote:
On 12/18/2012 9:00 AM, Yehuda Katz wrote:
On Tue, Dec 18, 2012 at 11:24 AM, Andy Wang aw...@ptc.com
mailto:aw...@ptc.com wrote:
This was brought up a while ago that the Apache 2.4.x and 2.2.23
builds were lacking the win32 source bundle
A while ago, Lars Eilebrecht proposed a change to the default SSL
CipherSuite and BrowserMatch directives and was planning on submitting
the changes to trunk barring any -1s.
I haven't seen any action on this, and I've been really interested in
the proposed BrowserMatch changes. We've run into
Quite some time ago, one of my colleagues started the following thread:
http://marc.info/?l=apache-httpd-devm=121623942300453w=2
http://marc.info/?l=apache-httpd-devm=121623942300453w=2
There was some discussion around the Windows utf-8 codepage and it's
relationship to the local codepage.
I originally asked this on user@httpd and didn't get a response, so
thought I'd redirect to dev and see if anyone can explain why this would
occur if you have time. I have to admit, it's a curiosity to me, that I
just don't want to let go until I understand it and what research I've
done into
-traffic
cases.
On Wed, Jun 10, 2015 at 10:31 AM, Andy Wang aw...@ptc.com
mailto:aw...@ptc.com wrote:
I originally asked this on user@httpd and didn't get a response, so
thought I'd redirect to dev and see if anyone can explain why this
would occur if you have time. I have to admit
On 06/11/2015 09:02 AM, William A Rowe Jr wrote:
Sounds telling. Can you get your installer to stall without invoking
httpd.exe - and then attempt to start httpd outside of the installer on
the same machine? Something going on within the installer may be
interacting with the winsock stack.
On 06/11/2015 12:54 PM, William A Rowe Jr wrote:
On Thu, Jun 11, 2015 at 11:09 AM, Andy Wang aw...@ptc.com
mailto:aw...@ptc.com wrote:
On 06/11/2015 09:02 AM, William A Rowe Jr wrote:
Sounds telling. Can you get your installer to stall without
invoking
On 06/10/2015 09:46 PM, William A Rowe Jr wrote:
On Wed, Jun 10, 2015 at 4:12 PM, Andy Wang aw...@ptc.com
mailto:aw...@ptc.com wrote:
I can reproduce the first case with the installer, pretty much
ondemand using our installer stuff. I've tried reproducing it by
ripping out
tests,
and these are mostly remote clients running IE11.
Andy
On 06/10/2015 03:52 PM, William A Rowe Jr wrote:
Can you reproduce using the real network driver? The loopback/localhost
interface is famously junk.
On Jun 10, 2015 11:22 AM, Andy Wang aw...@ptc.com
mailto:aw...@ptc.com wrote
On 05/29/2015 09:20 AM, Rainer Jung wrote:
Here you can see the SONAME is libssl.so.1.0.0. This name is added as a
dependency into the linked binary. At runtime the runtime linker will
look for this file, not for libssl.so.
During installation of lobssl.so (resp. libcrypto.so) typically the
On 05/27/2015 11:33 AM, Mario Brandt wrote:
Hi Tom,
I tried on Debian 7 and 8 both x64
To see your configure options would help a lot.
The missing symbol is in the lib.
mario@sasuke:~$ whereis libssl.so
libssl: /usr/lib/libssl.a /usr/lib/libssl.so
mario@sasuke:~$ readelf -s
Here's my proposed comment to inject in trunk/2.4/2.2 default httpd-ssl.conf
- any adjustments here?
# httpd 2.2.30, 2.4.13 and later force-disable aNULL, eNULL and EXP ciphers,
# while OpenSSL disabled these by default in 0.9.8zf/1.0.0r/1.0.1m/1.0.2a.
+1
Agreed +1. That's nice and
---
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4
!aNULL isn't needed?
On 05/26/2015 11:25 AM, William A Rowe Jr wrote:
On Tue, May 26, 2015 at 10:45 AM, Yann Ylavic ylavic@gmail.com
mailto:ylavic@gmail.com wrote:
On Tue, May 26, 2015 at 5:29 PM, Andy Wang aw...@ptc.com
mailto:aw...@ptc.com wrote:
# SSL Cipher Suite:
# List
I wanted to just send a quick email out to see if anyone is familiar
enough with the windows compile process to see if there are any thoughts
on how to improve what I'm doing.
So a few quick points
1) i'm using the unix source to prep the source tree
2) i'm not using any external
On 07/14/2015 10:36 AM, Mario Brandt wrote:
Hi Andy,
at least for the 2.4 there is a script on github [1]
Maybe you can adopt that for 2.2. I wonder why you still want 2.2.
Unless you use some exotic modules that do no build with 2.4, 2.4 is
the better option.
[1]
On 07/14/2015 10:53 AM, Jeff Trawick wrote:
cmake support for 2.2 should be a straightforward adjustment to 2.4
cmake ;) (not anywhere visible on my priority list)
Nor should it be :)
Not for 2.2 at least.
Honestly, I'd like to get all our customers on 2.2 to 2.4 asap. It
would save
asking on here hoping maybe someone had a bright idea that worked :)
Thanks,
Andy
On 07/14/2015 10:22 AM, Andy Wang wrote:
I wanted to just send a quick email out to see if anyone is familiar
enough with the windows compile process to see if there are any thoughts
on how to improve what I'm
Well,i just figured out #2 and #3
devenv /upgrade Apache.sln
devenv /build Release /project InstallBin
So just the dsw to sln conversion/save is manual now.
Andy
On 07/14/2015 10:36 AM, Andy Wang wrote:
I should add that I've done a little big of digging into MS
documentation and googling
On 07/14/2015 08:06 AM, William A Rowe Jr wrote:
The PROXY_DECLARE bug doesn't seem to be a showstopper, the announce can
make note of that fix.
With that issue addressed, this is my +1 for release.
I think that makes sense. If you've already gone through the
contortions of build from
On 07/14/2015 01:47 PM, Gregg Smith wrote:
You know 2.2 has .mak files in the source. They've been given no love in
a long time but nothing major has changed for them to need it AFAIK.
Those should make your automating life simple.
nmake /f makefile.win [options] installr
I was never able
http://svn.apache.org/viewvc?view=revisionrevision=1661848
https://bz.apache.org/bugzilla/show_bug.cgi?id=53882
Looks like it was explicitly changed to track mpms like any other shared
module, and as Bill noted, --enable-load-all-modules simply loaded them
all mpms included.
Andy
On
Yup, 2.2.31 built fine, and surprisingly it had the ssl deps change too.
I put the nmake into a retry loop :)
And now it's all automated.
Yay.
Thanks for the help,
Andy
On 07/15/2015 10:22 AM, Andy Wang wrote:
On 07/14/2015 09:37 PM, Gregg Smith wrote:
On 7/14/2015 12:09 PM, Andy Wang
On 07/11/2015 09:29 AM, William A Rowe Jr wrote:
The pre-release candidate tarballs of Apache httpd 2.2.30, can be found in;
http://httpd.apache.org/dev/dist/
+/-1
[ ] Release 2.2.30 GA (apr 1.5.2, apr-util 1.5.4)
Win32 src to follow shortly, vote to run through 14:30 GMT Tuesday.
On 07/13/2015 05:27 PM, Yann Ylavic wrote:
On Tue, Jul 14, 2015 at 12:09 AM, Andy Wang aw...@ptc.com wrote:
I'm running into a problem with mod_proxy_balancer unable to find
ap_proxy_set_scoreboard_lb on Windows.
There is possibly a missing PROXY_DECLARE for ap_proxy_set_scoreboard_lb
http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_dh.c?revision=1680916view=markup
Line 80
static const unsigned char dh1024_p[] = {
is in an #if 0
Line 113
is not
static const unsigned char dh1024_p[] = {
ssl_engine_dh.c:123:28: error: redefinition of 'dh1024_p'
On 07/14/2015 09:37 PM, Gregg Smith wrote:
On 7/14/2015 12:09 PM, Andy Wang wrote:
link.exe -lib @C:\Users\runtime\AppData\Local\Temp\nm9E02.tmp
c:\Program Files (x86)\Microsoft Visual Studio
10.0\VC\BIN\nmake.exe -
nologo -f libaprutil.mak CFG=libaprutil - Win32 Release
On 10/21/2015 09:31 AM, Yann Ylavic wrote:
OK, thanks :)
Andy, can you give the proposed patch a try?
I will do that today.
And thank you to Rudiger and yourself, and everyone else on the thread
for all the help.
I missed the trailing 0x0a in the different wireshark captures. I was
On 10/21/2015 09:54 AM, Andy Wang wrote:
On 10/21/2015 09:31 AM, Yann Ylavic wrote:
OK, thanks :)
Andy, can you give the proposed patch a try?
I will do that today.
And thank you to Rudiger and yourself, and everyone else on the thread
for all the help.
I missed the trailing 0x0a
On 10/22/2015 10:31 AM, Andy Wang wrote:
On 10/22/2015 10:06 AM, Yann Ylavic wrote:
Does it make a difference with "AcceptFilter http none" configured?
It shouldn't, but since we are in the x-files...
I already had to do that. We have this weird scenario where when our
installe
ng a
0x0a to the end of it but it doesn't recreate the problem.
Andy
On 10/22/2015 08:59 AM, William A Rowe Jr wrote:
On Thu, Oct 22, 2015 at 8:42 AM, Andy Wang <aw...@ptc.com
<mailto:aw...@ptc.com>> wrote:
On 10/21/2015 10:01 AM, Andy Wang wrote:
On 10/22/2015 04:50 PM, Yann Ylavic wrote:
On Thu, Oct 22, 2015 at 3:42 PM, Andy Wang <aw...@ptc.com> wrote:
Tested with the patch and looks good.
Not that much actually, the patch fails to consume the CRLFs, and
hence can end up in an infinite loop.
So I'm attaching a new on
On 10/21/2015 10:01 AM, Andy Wang wrote:
I will do that today.
And thank you to Rudiger and yourself, and everyone else on the thread
for all the help.
I missed the trailing 0x0a in the different wireshark captures. I was
trusting wireshark's http dissection rather than looking at the raw
On 10/22/2015 10:06 AM, Yann Ylavic wrote:
Does it make a difference with "AcceptFilter http none" configured?
It shouldn't, but since we are in the x-files...
I already had to do that. We have this weird scenario where when our
installer installs httpd, httpd hangs. Packet captures show
On 10/22/2015 10:38 AM, Graham Leggett wrote:
On 22 Oct 2015, at 5:31 PM, Andy Wang <aw...@ptc.com> wrote:
I already had to do that. We have this weird scenario where when our installer
installs httpd, httpd hangs. Packet captures show the request arriving but no
ACK or an
On 10/22/2015 10:52 AM, Andy Wang wrote:
On 10/22/2015 10:38 AM, Graham Leggett wrote:
On 22 Oct 2015, at 5:31 PM, Andy Wang <aw...@ptc.com> wrote:
I already had to do that. We have this weird scenario where when our
installer installs httpd, httpd hangs. Packet capture
On 10/19/2015 06:05 PM, Yann Ylavic wrote:
[From users@]
On Mon, Oct 19, 2015 at 11:44 PM, Andy Wang <aw...@ptc.com> wrote:
The issue is currently reproduced using Apache httpd 2.4.16, mod_jk 1.2.41
and tomcat 8.0.28.
I've created a very very simple JSP page that does nothing but
On 10/19/2015 07:44 PM, Eric Covener wrote:
On Mon, Oct 19, 2015 at 7:05 PM, Yann Ylavic wrote:
This is the deferred write triggering *after* the keepalive timeout,
whereas no subsequent request was pipelined.
I wonder if we shouldn't issue a flush at the end of each
On 10/20/2015 05:19 AM, Yann Ylavic wrote:
mod_dumpio's traces (level TRACE7) could be helpful here, Andy?
I'll reconfigure to get that in a bit today.
I'll also try with mod_proxy_ajp as well to see if the same occurs.
Thanks,
Andy
On 10/20/2015 11:16 AM, Andy Wang wrote:
On 10/20/2015 05:19 AM, Yann Ylavic wrote:
mod_dumpio's traces (level TRACE7) could be helpful here, Andy?
I'll reconfigure to get that in a bit today.
I'll also try with mod_proxy_ajp as well to see if the same occurs.
mod_proxy_ajp has
On 10/20/2015 02:57 PM, Andy Wang wrote:
On 10/20/2015 11:16 AM, Andy Wang wrote:
On 10/20/2015 05:19 AM, Yann Ylavic wrote:
mod_dumpio's traces (level TRACE7) could be helpful here, Andy?
I'll reconfigure to get that in a bit today.
I'll also try with mod_proxy_ajp as well to see
https://bz.apache.org/bugzilla/show_bug.cgi?id=54626
It looks like this was fixed in trunk a couple of years ago.
Is there a reason why it wasn't proposed for a backport to 2.4 or to 2.2?
I don't mind managing the patch myself - I'm trying to get someone to
stage a system for me to test it,
The patch in trunk is broken.
It looks like it was applied with the 2.2.25 generated diff and patch
heuristically applied
On 09/08/2015 09:38 PM, Eric Covener wrote:
No reason at all as far as I can tell, just overlooked. I always
build with an alternate SDK on Windows -- a confirmation
On 09/08/2015 09:38 PM, Eric Covener wrote:
I always build with an alternate SDK on Windows
Do you mind if I ask which sdk (mozilla?) and why?
Thanks,
Andy
On 09/10/2015 01:50 PM, Andy Wang wrote:
I'm going to try 2.2.31 now to see if I see different behavior. But
other than to correct the incorrect message about SSL being unavailable,
in 2.4.x the fixed version of the patch doesn't appear to functionally
change anything.
yup, 2.2.31 works
On 09/10/2015 02:51 PM, Eric Covener wrote:
On Thu, Sep 10, 2015 at 3:44 PM, Andy Wang <aw...@ptc.com> wrote:
yup, 2.2.31 works perfectly fine for me as well without any additional
patches. I posted a comment on the bugzilla report as well as an updated
patch against 2.4.16. I don'
69 matches
Mail list logo