On Tue, Jul 10, 2012 at 3:16 PM, Jim Jagielski j...@jagunet.com wrote:
I'd like to propose an Apache httpd 2.4.3 release RSN... I'll RM.
Any chance of getting my RFC 5878 patch in?
On Wed, Aug 8, 2012 at 2:47 AM, Guenter Knauf fua...@apache.org wrote:
Am 08.08.2012 07:39, schrieb Kaspar Brand:
On 06.08.2012 22:08, William A. Rowe Jr. wrote:
On 8/5/2012 10:10 PM, Kaspar Brand wrote:
On 05.08.2012 14:38, Guenter Knauf wrote:
Am 05.08.2012 10:10, schrieb Kaspar Brand:
On Wed, Aug 8, 2012 at 5:03 PM, Joe Orton jor...@redhat.com wrote:
On Wed, Aug 08, 2012 at 08:00:25AM +0200, Kaspar Brand wrote:
My thinking was that people should explicitly tell configure that they
want to link with the libs in a build directory (so that they don't
accidentally use a
On Sun, Aug 12, 2012 at 5:23 PM, Kaspar Brand httpd-dev.2...@velox.ch wrote:
On 10.08.2012 01:55, William A. Rowe Jr. wrote:
An openssl 'make localinstall' could trivially create the lib, include
trees consisting entirely of symlinks to the origin files in the same
build tree, and create an
On Thu, Aug 16, 2012 at 7:36 PM, Kaspar Brand httpd-dev.2...@velox.ch wrote:
On 12.8.12 20:01, Ben Laurie wrote:
On Sun, Aug 12, 2012 at 5:23 PM, Kaspar Brand httpd-dev.2...@velox.ch
wrote:
a workaround is to call configure with
suitable {CPP,LD}FLAGS, i.e.
CPPFLAGS=-I${openssl_build_dir
On Sat, Sep 1, 2012 at 4:47 PM, Jim Jagielski j...@jagunet.com wrote:
Another alternative would be to have the nonce also possibly
set at config-time and, if unset, then use the uuid. That way
it could also be used as a sort of shared-secret ;)
ProxySet nonce=applepie!
Longer term,
On Sat, Sep 1, 2012 at 8:13 PM, Jim Jagielski j...@jagunet.com wrote:
On Sep 1, 2012, at 12:39 PM, Ben Laurie b...@links.org wrote:
On Sat, Sep 1, 2012 at 4:47 PM, Jim Jagielski j...@jagunet.com wrote:
Another alternative would be to have the nonce also possibly
set at config-time
On Wed, Sep 5, 2012 at 11:57 AM, Jim Jagielski j...@jagunet.com wrote:
FWIW, I have time this week to impl this...
Feedback/Concerns?
I still want to know what the nonce is actually for! Are you going
to make me read the code and guess?
On Sep 1, 2012, at 11:47 AM, Jim Jagielski
On Wed, Sep 5, 2012 at 12:02 PM, Tony Stevenson pct...@apache.org wrote:
On 5 Sep 2012, at 11:57, Jim Jagielski j...@jagunet.com wrote:
FWIW, I have time this week to impl this...
Feedback/Concerns?
Only the term 'nonce' - It has very unfortunate connotations from UK english.
[1] :-)
On Thu, Sep 13, 2012 at 12:48 PM, Eric Covener cove...@gmail.com wrote:
On Sat, Aug 11, 2012 at 3:51 AM, field...@apache.org wrote:
Author: fielding
Date: Sat Aug 11 07:51:52 2012
New Revision: 1371878
URL: http://svn.apache.org/viewvc?rev=1371878view=rev
Log:
Apache does not tolerate
On Sun, Sep 16, 2012 at 7:24 AM, Kaspar Brand httpd-dev.2...@velox.ch wrote:
On 16.09.2012 08:00, Kaspar Brand wrote:
I have committed an improved version in r1385214
Um, make that read r1385216. I left out the acinclude.m4 changes in the
first attempt, unfortunately.
OK, I just checked it
On Wed, Nov 7, 2012 at 1:34 PM, Stefan Fritsch s...@sfritsch.de wrote:
On Wed, 7 Nov 2012, Jim Jagielski wrote:
Certainly once mod_lua is more production ready, we could
use that, couldn't we?
One could of course. But not everyone has lua, lua is slower than C, and
even doing it in a
On 30 April 2013 11:14, Reindl Harald h.rei...@thelounge.net wrote:
Am 30.04.2013 12:03, schrieb André Warnier:
As a general idea thus, anything which impacts the delay to obtain a 404
response, should
impact these bots much more than it impacts legitimate users/clients.
How much ?
Let us
On 30 April 2013 11:29, Graham Leggett minf...@sharp.fm wrote:
On 30 Apr 2013, at 12:03 PM, André Warnier a...@ice-sa.com wrote:
The only cost would a relatively small change to the Apache webservers,
which is what my
suggestion consists of : adding a variable delay (say between 100 ms and
On 1 May 2013 10:19, Tom Evans tevans...@googlemail.com wrote:
On Wed, May 1, 2013 at 1:47 AM, André Warnier a...@ice-sa.com wrote:
Christian Folini wrote:
Hey André,
I do not think your protection mechanism is very good (for reasons
mentioned before) But you can try it out for yourself
On 1 May 2013 11:11, Graham Leggett minf...@sharp.fm wrote:
On 01 May 2013, at 11:34 AM, Marian Marinov m...@yuhu.biz wrote:
Actually, what we are observing is completely opposite to what you are
saying.
Delaying spam bots, brute force attacks, and vulnerability scanners
significantly
On 12 June 2013 20:49, William A. Rowe Jr. wr...@rowe-clan.net wrote:
On Wed, 12 Jun 2013 21:24:31 +0200
Reindl Harald h.rei...@thelounge.net wrote:
well, on Redhat systems in /etc/sysconfig/httpd put the line
OPENSSL_NO_DEFAULT_ZLIB=1 did disable it before httpd
offered a option, but IHMO
On 12 June 2013 23:00, William A. Rowe Jr. wr...@rowe-clan.net wrote:
On Wed, 12 Jun 2013 21:05:05 +0100
Ben Laurie b...@links.org wrote:
On 12 June 2013 20:49, William A. Rowe Jr. wr...@rowe-clan.net
wrote:
On Wed, 12 Jun 2013 21:24:31 +0200
Reindl Harald h.rei...@thelounge.net wrote
On Wed, Aug 31, 2011 at 9:03 PM, Dirk-WIllem van Gulik
di...@webweaving.org wrote:
Suggestion for
http://people.apache.org/~dirkx/CVE-2011-3192.txt
You probably mean deprecated not desecrated, amusing though that is.
On 1 November 2014 at 09:05, Kaspar Brand httpd-dev.2...@velox.ch wrote:
On 30.10.2014 15:51, Jeff Trawick wrote:
IMO the present concerns with OCSP Stapling are:
* not so clear that it has seen enough real-world testing; commented out
sample configs and better documentation will help, as
On Sat, 5 Sep 2015 at 09:32 Kaspar Brand wrote:
> On 04.09.2015 17:54, Rob Stradling wrote:
> > Today, roughly 25% of HTTPS servers on the Internet have OCSP stapling
> > enabled. Browsers aren't likely to start hard-failing by default until
> > that % is a lot higher.
On 3 May 2017 at 09:03, Issac Goldstand wrote:
> What would work, in my eyes, if people are open to it, is treating the
> contents of these definitions/macros (and I'm all for the macros, just
> so that interested sysadmins can see *exactly* what the settings are on
> their
Good grief. Yes! No-one uses svn these days. I can't even remember how to.
Literally everything I contribute to uses git.
On Sat, 5 Oct 2019 at 21:09, Jim Jagielski wrote:
> Various PMCs have made their default/de-facto SCM git and have seen an
> increase in contributions and contributors...
>
On Sun, 6 Oct 2019 at 17:52, Roy T. Fielding wrote:
> > On Oct 5, 2019, at 1:09 PM, Jim Jagielski wrote:
> >
> > Various PMCs have made their default/de-facto SCM git and have seen an
> increase in contributions and contributors...
> >
> > Is this something the httpd project should consider?
On Tue, 27 Jul 2021 at 18:12, Paul Querna wrote:
> Years ago I started hacking on an "mpm fuzz":
> https://github.com/pquerna/httpd/compare/trunk...pquerna:mpm_fuzz
>
> The idea was to make a "fake" MPM, which could feed data from AFL directly
> into the network filter stack, in a super
101 - 125 of 125 matches
Mail list logo