Re: Time for Apache httpd 2.4.3 ??

On Tue, Jul 10, 2012 at 3:16 PM, Jim Jagielski j...@jagunet.com wrote: I'd like to propose an Apache httpd 2.4.3 release RSN... I'll RM. Any chance of getting my RFC 5878 patch in?

Re: Linking mod_ssl with a specific OpenSSL version (Re: svn commit: r1358167 - in /httpd/httpd/trunk: acinclude.m4 modules/ssl/ssl_engine_init.c)

On Wed, Aug 8, 2012 at 2:47 AM, Guenter Knauf fua...@apache.org wrote: Am 08.08.2012 07:39, schrieb Kaspar Brand: On 06.08.2012 22:08, William A. Rowe Jr. wrote: On 8/5/2012 10:10 PM, Kaspar Brand wrote: On 05.08.2012 14:38, Guenter Knauf wrote: Am 05.08.2012 10:10, schrieb Kaspar Brand:

Re: Linking mod_ssl with a specific OpenSSL version

On Wed, Aug 8, 2012 at 5:03 PM, Joe Orton jor...@redhat.com wrote: On Wed, Aug 08, 2012 at 08:00:25AM +0200, Kaspar Brand wrote: My thinking was that people should explicitly tell configure that they want to link with the libs in a build directory (so that they don't accidentally use a

Re: Linking mod_ssl with a specific OpenSSL version

On Sun, Aug 12, 2012 at 5:23 PM, Kaspar Brand httpd-dev.2...@velox.ch wrote: On 10.08.2012 01:55, William A. Rowe Jr. wrote: An openssl 'make localinstall' could trivially create the lib, include trees consisting entirely of symlinks to the origin files in the same build tree, and create an

Re: Linking mod_ssl with a specific OpenSSL version

On Thu, Aug 16, 2012 at 7:36 PM, Kaspar Brand httpd-dev.2...@velox.ch wrote: On 12.8.12 20:01, Ben Laurie wrote: On Sun, Aug 12, 2012 at 5:23 PM, Kaspar Brand httpd-dev.2...@velox.ch wrote: a workaround is to call configure with suitable {CPP,LD}FLAGS, i.e. CPPFLAGS=-I${openssl_build_dir

Re: how to avoid balancer manager nonce?

On Sat, Sep 1, 2012 at 4:47 PM, Jim Jagielski j...@jagunet.com wrote: Another alternative would be to have the nonce also possibly set at config-time and, if unset, then use the uuid. That way it could also be used as a sort of shared-secret ;) ProxySet nonce=applepie! Longer term,

Re: how to avoid balancer manager nonce?

On Sat, Sep 1, 2012 at 8:13 PM, Jim Jagielski j...@jagunet.com wrote: On Sep 1, 2012, at 12:39 PM, Ben Laurie b...@links.org wrote: On Sat, Sep 1, 2012 at 4:47 PM, Jim Jagielski j...@jagunet.com wrote: Another alternative would be to have the nonce also possibly set at config-time

Re: how to avoid balancer manager nonce?

On Wed, Sep 5, 2012 at 11:57 AM, Jim Jagielski j...@jagunet.com wrote: FWIW, I have time this week to impl this... Feedback/Concerns? I still want to know what the nonce is actually for! Are you going to make me read the code and guess? On Sep 1, 2012, at 11:47 AM, Jim Jagielski

Re: how to avoid balancer manager nonce?

On Wed, Sep 5, 2012 at 12:02 PM, Tony Stevenson pct...@apache.org wrote: On 5 Sep 2012, at 11:57, Jim Jagielski j...@jagunet.com wrote: FWIW, I have time this week to impl this... Feedback/Concerns? Only the term 'nonce' - It has very unfortunate connotations from UK english. [1] :-)

Re: DNT IE10 (was svn commit: r1371878 - /httpd/httpd/trunk/docs/conf/httpd.conf.in)

On Thu, Sep 13, 2012 at 12:48 PM, Eric Covener cove...@gmail.com wrote: On Sat, Aug 11, 2012 at 3:51 AM, field...@apache.org wrote: Author: fielding Date: Sat Aug 11 07:51:52 2012 New Revision: 1371878 URL: http://svn.apache.org/viewvc?rev=1371878view=rev Log: Apache does not tolerate

Re: Linking mod_ssl with a specific OpenSSL version

On Sun, Sep 16, 2012 at 7:24 AM, Kaspar Brand httpd-dev.2...@velox.ch wrote: On 16.09.2012 08:00, Kaspar Brand wrote: I have committed an improved version in r1385214 Um, make that read r1385216. I left out the acinclude.m4 changes in the first attempt, unfortunately. OK, I just checked it

Re: Rethinking be liberal in what you accept

On Wed, Nov 7, 2012 at 1:34 PM, Stefan Fritsch s...@sfritsch.de wrote: On Wed, 7 Nov 2012, Jim Jagielski wrote: Certainly once mod_lua is more production ready, we could use that, couldn't we? One could of course. But not everyone has lua, lua is slower than C, and even doing it in a

Re: URL scanning by bots

On 30 April 2013 11:14, Reindl Harald h.rei...@thelounge.net wrote: Am 30.04.2013 12:03, schrieb André Warnier: As a general idea thus, anything which impacts the delay to obtain a 404 response, should impact these bots much more than it impacts legitimate users/clients. How much ? Let us

Re: URL scanning by bots

On 30 April 2013 11:29, Graham Leggett minf...@sharp.fm wrote: On 30 Apr 2013, at 12:03 PM, André Warnier a...@ice-sa.com wrote: The only cost would a relatively small change to the Apache webservers, which is what my suggestion consists of : adding a variable delay (say between 100 ms and

Re: URL scanning by bots

On 1 May 2013 10:19, Tom Evans tevans...@googlemail.com wrote: On Wed, May 1, 2013 at 1:47 AM, André Warnier a...@ice-sa.com wrote: Christian Folini wrote: Hey André, I do not think your protection mechanism is very good (for reasons mentioned before) But you can try it out for yourself

Re: URL scanning by bots

On 1 May 2013 11:11, Graham Leggett minf...@sharp.fm wrote: On 01 May 2013, at 11:34 AM, Marian Marinov m...@yuhu.biz wrote: Actually, what we are observing is completely opposite to what you are saying. Delaying spam bots, brute force attacks, and vulnerability scanners significantly

Re: Apache 2.2 - Change default for SSLCompression to off

On 12 June 2013 20:49, William A. Rowe Jr. wr...@rowe-clan.net wrote: On Wed, 12 Jun 2013 21:24:31 +0200 Reindl Harald h.rei...@thelounge.net wrote: well, on Redhat systems in /etc/sysconfig/httpd put the line OPENSSL_NO_DEFAULT_ZLIB=1 did disable it before httpd offered a option, but IHMO

Re: Apache 2.2 - Change default for SSLCompression to off

On 12 June 2013 23:00, William A. Rowe Jr. wr...@rowe-clan.net wrote: On Wed, 12 Jun 2013 21:05:05 +0100 Ben Laurie b...@links.org wrote: On 12 June 2013 20:49, William A. Rowe Jr. wr...@rowe-clan.net wrote: On Wed, 12 Jun 2013 21:24:31 +0200 Reindl Harald h.rei...@thelounge.net wrote

Re: Next update

On Wed, Aug 31, 2011 at 9:03 PM, Dirk-WIllem van Gulik di...@webweaving.org wrote: Suggestion for        http://people.apache.org/~dirkx/CVE-2011-3192.txt You probably mean deprecated not desecrated, amusing though that is.

Re: [RFC] Enable OCSP Stapling by default in httpd trunk

On 1 November 2014 at 09:05, Kaspar Brand httpd-dev.2...@velox.ch wrote: On 30.10.2014 15:51, Jeff Trawick wrote: IMO the present concerns with OCSP Stapling are: * not so clear that it has seen enough real-world testing; commented out sample configs and better documentation will help, as

Re: [RFC] Enable OCSP Stapling by default in httpd trunk

On Sat, 5 Sep 2015 at 09:32 Kaspar Brand wrote: > On 04.09.2015 17:54, Rob Stradling wrote: > > Today, roughly 25% of HTTPS servers on the Internet have OCSP stapling > > enabled. Browsers aren't likely to start hard-failing by default until > > that % is a lot higher.

Re: SSL and Usability and Safety

On 3 May 2017 at 09:03, Issac Goldstand wrote: > What would work, in my eyes, if people are open to it, is treating the > contents of these definitions/macros (and I'm all for the macros, just > so that interested sysadmins can see *exactly* what the settings are on > their

Re: Migrate to git?

Good grief. Yes! No-one uses svn these days. I can't even remember how to. Literally everything I contribute to uses git. On Sat, 5 Oct 2019 at 21:09, Jim Jagielski wrote: > Various PMCs have made their default/de-facto SCM git and have seen an > increase in contributions and contributors... >

Re: Migrate to git?

On Sun, 6 Oct 2019 at 17:52, Roy T. Fielding wrote: > > On Oct 5, 2019, at 1:09 PM, Jim Jagielski wrote: > > > > Various PMCs have made their default/de-facto SCM git and have seen an > increase in contributions and contributors... > > > > Is this something the httpd project should consider?

Re: Fuzzing integration with oss-fuzz

On Tue, 27 Jul 2021 at 18:12, Paul Querna wrote: > Years ago I started hacking on an "mpm fuzz": > https://github.com/pquerna/httpd/compare/trunk...pquerna:mpm_fuzz > > The idea was to make a "fake" MPM, which could feed data from AFL directly > into the network filter stack, in a super

<    1   2