On 8/10/07, Rich Bowen [EMAIL PROTECTED] wrote:
Received this query from a friend and colleague:
... I've been working on an issue at
work, where we're trying to remove some headers from a (proxied)
request. Whilst I was looking for a solution I came across this
patch:
On 8/25/07, Roy T. Fielding [EMAIL PROTECTED] wrote:
For standards conformance, I am going to start removing the default
content type settings from trunk tomorrow.
http://issues.apache.org/bugzilla/show_bug.cgi?id=13986
If you have any problems with that, let them be known here.
+1
On 8/26/07, Julien Perez [EMAIL PROTECTED] wrote:
Hello everybody,
While setting up a reverse proxy squid + apache w/ mod_expires.c in order to
decrease the load on the web server, I discovered that mod_expires.c was
working by checking the mimetype of the content generated by the web server
On 9/1/07, Graham Leggett [EMAIL PROTECTED] wrote:
Hi all,
I am working on a patch that needs to widen the two bitmaps below, as
they have run out of bits. Would such a change be backport-able to v2.2,
and what kind of MMN bump would it need if so?
I think that'll break the binary API, which
On 9/20/07, Ashwani Kumar Sharma [EMAIL PROTECTED] wrote:
What is httpd –X
See:
http://httpd.apache.org/docs/2.2/programs/httpd.html
Whether I can use this –X option for the deployment.
The better question is: why would you want to?
You mention nothing about what problem you are trying to
On 9/20/07, Ashwani Kumar Sharma [EMAIL PROTECTED] wrote:
I want to start the httpd web server through my own application and then I
would like to shut down the web server once I wish to bring my application
down, normally or abnormally (in case).
Will it be fine if I spawn the Apache web
On 9/26/07, Nick Kew [EMAIL PROTECTED] wrote:
We really need to fix this issue of inappropriate DefaultTypes.
An approach that deals with this without loss of back-compatibility
is to hand the decision to systems administrators:
#to suppress setting content-type when the server has no
On 10/1/07, Jim Jagielski [EMAIL PROTECTED] wrote:
I know Roy's already reported the proxy error as bogus, but I think
the OPTIONS * BUGZ report is also bogus. As a test, I assumed that
both www.apache.org and apache.webthing.com are reasonably configured
servers:
www.apache.org is using a
On 10/1/07, William A. Rowe, Jr. [EMAIL PROTECTED] wrote:
But I'm rather against breaking this in 2.2 to solve (what are, today)
configuration quirks. Let's get this right for 2.4 and call out the
change very clearly in (our overlong) CHANGES? I'm thinking of a new
second-priority category
On 10/1/07, William A. Rowe, Jr. [EMAIL PROTECTED] wrote:
Joshua Slive wrote:
Should be in this, rather sparse file:
http://httpd.apache.org/docs/trunk/new_features_2_4.html
But it's not a feature-per say. It's a bugfix, so the name new_features
doesn't tell admins they have to adopt
On 10/3/07, Roy T. Fielding [EMAIL PROTECTED] wrote:
I don't care what the uptake graph says. I don't care what people
outside this project mailing list think, period, about this project.
And if five years from now there are three or more Apache committers
that want to release 1.3.x, then no
On 10/9/07, Jim Jagielski [EMAIL PROTECTED] wrote:
All I'm saying is that, iirc, the intent of force-response-1.0 is
to force a 1.0 response and disable keepalives... it was designed
to work around buggy browsers that had problems with 1.1 features,
including wonky 1.0-type keepalives.
No,
On 10/15/07, Marten Lehmann [EMAIL PROTECTED] wrote:
I'm using httpd-2.2.4. If you don't have an idea, I can maybe track it
down a bit further. But so far this simpelst thing I can explain is:
With a pretty standard httpd.conf there is no long entry unless someone
actually calls a URL. But
On Nov 2, 2007 12:41 PM, Shaw, Dan [EMAIL PROTECTED] wrote:
Good Morning,
We are trying to identify the following and we have received one
response and need to verify.
We are looking for feedback or heck even a solution on the following
In order to get the IP address of the client, instead
Nick Kew wrote:
Paul Querna wrote:
2. There are several formats for each mail message (regular, raw,
mime). Probably the links to everything other than the standard
format should use the rel=nofollow modifier to keep the search
engines out. Keeping the robots off of 2/3 of the links
Justin Erenkrantz wrote:
3. We should probably turn on the email-address-obfiscation feature. I
personally would prefer if everyone could just use proper spam
filtering, but I think the general expectation nowadays is that we try
to avoid displaying raw addresses.
I think this feature is
One of the best features of mod_mbox is the stable URLs it provides for
messages. But the recent upgrade broke all the index urls
(date/thread/author) as well as other special urls (raw) for no apparent
reason. I've added some Redirects to catch these, but please try keep
these stable in the
mod_mbox used to send Last-Modified HTTP response headers, at least on
the messages. (I can't remember if they were sent on indexes.) This
seems to have disappeared.
(Sorry for just dumping problem reports here without looking at the code...)
Joshua.
Paul Querna wrote:
Joshua Slive wrote:
mod_mbox used to send Last-Modified HTTP response headers, at least on
the messages. (I can't remember if they were sent on indexes.) This
seems to have disappeared.
(Sorry for just dumping problem reports here without looking at the
code
Maxime Petazzoni wrote:
Hi,
* Joshua Slive [EMAIL PROTECTED] [2005-10-15 14:58:16]:
One of the best features of mod_mbox is the stable URLs it provides
for messages. But the recent upgrade broke all the index urls
(date/thread/author) as well as other special urls (raw) for no
apparent
The download.cgi got updated to 1.3.34 before the release, so all 1.3
downloads are now broken (unless the downloader clicks on other files
and goes exploring). I don't have time to fix it right now, so if
someone else can take a look...
joshua.
There appear to be some httpd processes spinning on cpu on ajax.
Attaching with gdb and asking for a backtrace gives me something like this:
#0 0x209f3710 in l2 () from /lib/tls/libc.so.6.1
#1 0x21007f30 in mbox_wrap_text (
str=0x22210038 Author: jta\nDate: Thu Jan
Maxime Petazzoni wrote:
Salut,
* Joshua Slive [EMAIL PROTECTED] [2005-10-16 15:54:18]:
There appear to be some httpd processes spinning on cpu on ajax.
Attaching with gdb and asking for a backtrace gives me something
like this:
[snip]
Could you send us the URL that raised the problem
Maxime Petazzoni wrote:
Salut,
* Joshua Slive [EMAIL PROTECTED] [2005-10-16 15:54:18]:
There appear to be some httpd processes spinning on cpu on ajax.
Attaching with gdb and asking for a backtrace gives me something
like this:
[snip]
Could you send us the URL that raised the problem
Just for your info... I've already responded on the users list.
-- Forwarded message --
From: Bret Martin [EMAIL PROTECTED]
Date: Oct 18, 2005 1:35 PM
Subject: [EMAIL PROTECTED] 1.3.x release announcements?
To: users@httpd.apache.org
Some time ago, I subscribed to
Maxime Petazzoni wrote:
There appear to be some httpd processes spinning on cpu on ajax.
Attaching with gdb and asking for a backtrace gives me something
like this:
This email is 457 kbytes long, maybe it just take some time to iterate
through 450k+ characters. Maybe we could find a better
Justin Erenkrantz wrote:
--On October 21, 2005 12:49:48 AM +0200 Maxime Petazzoni
[EMAIL PROTECTED] wrote:
As you can see in the latest commit (r327019), we've set up a small
hack to avoid mod_mbox from wrapping messages larger than 50k.
I don't get it. Why is mod_mbox wrapping any text
Colm MacCarthaigh wrote:
I think the text Deny from all is a particularly dangerous thing to
have not work as advertised! No matter how well documented :/
Sure, but in truth, apache configuration is really complex and deny
from all doesn't always really mean what it says.
This
Justin Erenkrantz wrote:
In my performance analyses that I did when redoing mod_cache last year,
a substantial part of the time in httpd was spent in all of the hooks
prior to the handler. Things like BrowserMatch (which do regex's) are
ridiculously expensive.
Interesting to think,
Graham Leggett wrote:
The httpd cache is simply yet another cache in the chain of HTTP/1.1
caches that are typically present when a browser accepts a page from a
website. The authentication issue is handled by RFC2616 already, and as
long as httpd mod_cache conforms to the correct headers
Graham Leggett wrote:
Joshua Slive said:
I agree with you about 90%. The problem is that there are a very few
things that aren't accounted for in standard HTTP caching rules. One
example is Varying access by client IP address.
I can't see how you could have any meaningful caching at all
Sander Temme wrote:
On Oct 30, 2005, at 2:05 PM, Nick Kew wrote:
I'm just looking at docs/2.1 and noting some existing pages that
definitely
need updating. No reference to pages that need writing, or to non-
English
versions of anything. I might tackle some of these myself, but no
Justin Erenkrantz wrote:
On Tue, Nov 08, 2005 at 07:48:07AM +0100, Ruediger Pluem wrote:
So do you think that there is a todo for mod_authz_host to add such things
or should this be left to the administrator who can of course use
mod_headers in the first case to add Cache-Control: private?
Colm MacCarthaigh wrote:
if single-allow-from-all no-deny-rules:
no-header;
else
header;
I think that is probably reasonable and would catch 99.5% of real
configs. There is a silly case that I didn't mention:
Order deny,allow
Deny from all
Ruediger Pluem wrote:
http://httpd.apache.org/docs/2.0/mod/mod_proxy.html#access
suggests to secure a forward proxy by using mod_authz_host. Currently the
advice should be the
opposite: Yes, secure your forward proxy, but do *not* do this with
mod_authz_host as it
does not work as
Nick Kew wrote:
OK, I've made an effort at tackling filter.xml, one of the
documentation todos. Since it's pretty much a complete
rewrite, please review before I commit.
pOne of the major innovations in Apache 2 was the Filter Chain.
I think this historical approach to documentation is a
Nick Kew wrote:
This is basically
independent of the request processing axis./p
I don't really understand what you mean here. Perhaps the figure
explains it, but this statement doesn't really stand on its own.
The figure exists in a couple of places already. Checking my bookmarks,
Nick Kew wrote:
On Wednesday 09 November 2005 20:11, Joshua Slive wrote:
The figure exists in a couple of places already. Checking my bookmarks,
it's Figure 1 at
http://www.xml.com/pub/a/2004/12/15/apache-namespaces.html
So you are just trying to say that data and meta-data are processed
Justin Erenkrantz wrote:
Adding comments or better docs is always a good thing. One thing is
that these modules are *much* simpler than their 2.0 counterparts, so
the need for extensive documentation isn't as pressing - provided you
understand how they all fit together. =) -- justin
[EMAIL PROTECTED] wrote:
Author: jim
Date: Tue Nov 15 06:50:39 2005
New Revision: 344369
URL: http://svn.apache.org/viewcvs?rev=344369view=rev
Log:
Add in the UseCanonicalPhysicalPort directive, which
basically allows Apache to configurably ( :) )
use the physical port when constructing the
Justin Erenkrantz wrote:
-tdcode$ emPREFIX/em/bin/apachectl start/code
+tdcode$ emPREFIX/em/bin/apachectl -k start/code
Really? That'd be the right syntax for httpd, but not for apachectl.
(Looking at apachectl, it looks like it'd just happen to work though.)
It works by
I'm trying to wrap my head around the new auth system.
All the Auth*Authoritative directives seem to have copied their docs
content from someplace that refers to lower level modules (as defined
in the modules.c files). What the heck does that mean in an httpd 2.x
context? Isn't the ordering
Justin Erenkrantz wrote:
The ordering/implications is now governed by either the provider lists
(as specified in the Auth*Provider directives) or the hooks (as per
Auth*Authoritative if a module doesn't participate in the new provider
scheme).
The provider system is, IMHO, a far cleaner
From a quick reading of the code,
AuthBasicProvider Off
and
AuthBasicProvider On
have exactly the same effect. This is silly. Off should probably be
removed and On renamed to default.
Joshua.
Justin Erenkrantz wrote:
On Wed, Nov 16, 2005 at 10:55:03AM -0500, Joshua Slive wrote:
From a quick reading of the code,
AuthBasicProvider Off
and
AuthBasicProvider On
have exactly the same effect. This is silly. Off should probably be
removed and On renamed to default.
Oh. I see
Corentin CHARY wrote:
Hi,
I needed a simple way to user different Uid/Gid for my vhost, without cgi, and
with a not-threaded mpm (php is not realy threadsafe ...).
I discover mpm-itk (based on mpm-prefork)
http://home.samfundet.no/~sesse/mpm-itk/ and mpm-peruser (based on mpm-metux)
Corentin CHARY wrote:
I read the code, it seems that it kill the process ...
The configuration is not the main problem ... i know how to do that, but it
means 2 process per request (with prefork, and i need to use prefork
with php ...).
I haven't tested, but I can almost guarantee
Justin Erenkrantz wrote:
--On November 17, 2005 6:29:43 PM + [EMAIL PROTECTED] wrote:
* Deprecate AddOutputFilterByType
I disagree. IMHO, recommending switching to mod_filter is like telling
people to switch from Alias to mod_rewrite.
As I said when this was discussed on the list,
Olaf van der Spek wrote:
On 11/3/05, Olaf van der Spek [EMAIL PROTECTED] wrote:
Joe Orton wrote:
All versions need unclean shutdown at least, not sure about keepalive. If you
have new data to provide on this front that's great and very welcome, please
send it to [EMAIL PROTECTED] bugzilla
Olaf van der Spek wrote:
On 11/21/05, Joshua Slive [EMAIL PROTECTED] wrote:
Olaf van der Spek wrote:
On 11/3/05, Olaf van der Spek [EMAIL PROTECTED] wrote:
Joe Orton wrote:
All versions need unclean shutdown at least, not sure about keepalive. If you
have new data to provide
Paul Querna wrote:
Joshua Slive wrote:
I've already posted this on infrastructure@, but I thought I should
mention it here as well because it might have an effect on the release
decision. We have at least 3 core dumps from 2.1.10 on minotaur. They
are in /x1/coredumps, but none seem
Paul Querna wrote:
Joshua Slive wrote:
Interestingly, the
core files are all almost exactly the same size (538 MB) which, along
with the malloc failure, points strongly to hitting a resource limit
someplace. Any freebsd gurus want to comment?
FreeBSD has a default memory resource limit
Joost de Heer wrote:
access control:
is this request permitted, based on where it is being made from
In other words, is the host from which the request comes, authorised to
make this request? Hence mod_authz_host.
I tend to agree that the new name is confusing. It is theoretically
I hadn't checked in a while, but I now see we have lots of httpd-cores
related to mod_mbox on ajax. Most of them look like this:
#0 mbox_mime_decode_body (p=0x6042e508, cte=CTE_NONE, body=0x0,
len=0) at mod_mbox_mime.c:290
#1 0x2101ada0 in mbox_mime_get_body
Maxime Petazzoni wrote:
* Joshua Slive [EMAIL PROTECTED] [2005-11-25 15:04:51]:
I hadn't checked in a while, but I now see we have lots of httpd-cores
related to mod_mbox on ajax. Most of them look like this:
#0 mbox_mime_decode_body (p=0x6042e508, cte=CTE_NONE, body=0x0,
len=0
Paul Querna wrote:
I have run mod_mbox on 2.1 2.3-dev on my dev machine just fine.
I just compiled mod_mbox and httpd 2.1.10 in my home directory on
Ajax... seemed to compile fine.
I get undefined references to core apache functions. Can you tell me
how you do it? (I can probably just
Justin Erenkrantz wrote:
On Sat, Nov 26, 2005 at 06:32:59PM -0500, Joshua Slive wrote:
I get undefined references to core apache functions. Can you tell me
how you do it? (I can probably just steal the one from your home
directory anyway.)
Sounds like you're probably getting bit
Olaf van der Spek wrote:
Hi,
I've been wondering, do the Apache developers plan to develop and/or
include an official FastCGI-like module in Apache?
I know there's for example AJP but that appears to be aimed
specifically at Java.
An official module would be handy so that PHP can be run in
Nick Kew wrote:
minotaur has been down for six hour now, perhaps longer.
Given how many critical things live there, this is a problem.
From discussion on #asfinfra (IRC), it seems (correct me if
I'm wrong) that it can be accessed remotely by sufficiently
privileged users even when down, but
Justin Erenkrantz wrote:
It'd be nice to
complement that information with other sites who have far more
complicated setups. -- justin
This could also be part of a press release announcing 2.2. Just between
Brian and Colm we could have a couple impressive-sounding quotes.
Joshua.
Paul A Houle wrote:
Don't make it a fudbusting site, make it a apache performance
tuning site.
There are all of these statements in the apache docs that
* .htaccess is slow
* ExtendedStatus on reduces performance
We did a round of performance testing on a server that we
Brian Akins wrote:
I have been given word that our statements can appear in a press release
or testimonial, it just has to be passed through legal here. So what
type of statements are we looking for?
Let's bring the Apache Public Relations Committee into this to see what
advice they have.
William A. Rowe, Jr. wrote:
With this single change, there is now a source package available at;
httpd.apache.org/dev/dist/httpd-2.2.0-win32-src.zip
However, without this single change it was impossible for nmake -f to run
to completion.
Is it unreasonable to publish this .zip if we
This is really an infrastructure topic, not an httpd-dev one, but I'd
like the caching experts to look over this to make sure this simple
configuration looks reasonable. (The main issue being, it is almost
impossible to get a mirror to change its configuration after they've
been accepted into
[ This really should be on infrastructure; oh well.]
Perhaps I should have mentioned off the top that I envision setting 30+
day expiry times on all .gz/.zip/.msi/.jar/etc files under dist/. These
files should never change without being renamed.
Colm MacCarthaigh wrote:
* It's
Maxime Petazzoni wrote:
* It's been running on mail-archives.apache.org with fewer than X
cores (with X tending to 0)
I don't know if I'm able to check this point on my own : where do
coredumps go ? Do I have enough access rights to check for them ?
Anyway, since my last fixes against core
[Looks like this didn't go through the first time. Do we still have
active moderation on this list?]
-- Forwarded message --
From: Joshua Slive [EMAIL PROTECTED]
Date: Jan 1, 2006 5:28 PM
Subject: Re: svn commit: r360207 - in /httpd/httpd/branches/authz-dev:
include/http_core.h
On 1/6/06, Brad Nicholes [EMAIL PROTECTED] wrote:
The Authz refactoring in /branch/authz-dev is basically done and I am
about ready to merge the branch back into trunk. Before I do that, I
would like to describe the impact that the Authz change will have going
forward, as well as the
[Your merge today prompted me to dig out a response I started but
never finished.]
I am still worried that we are underestimating the pain that this will
cause. In my opinion, a config change that requires substantial
changes to every httpd.conf and many .htaccess files requires a major
version
On 1/12/06, Brad Nicholes [EMAIL PROTECTED] wrote:
OK, try this on for size. Since Order,Allow,Deny are all hooked at
the access_checker stage, we should be able to add these directives back
in and allow them to function normally. The real problem is 'Satisfy'
because it had its fingers
On 1/17/06, Ruediger Pluem [EMAIL PROTECTED] wrote:
A short time ago there had been a discussion on the security list(s)
if bug report 38123 (Apache stops receiving new connections) is a new
and unknown vulnerability or not.
If you want to attract lazy people to the topic, you should provide
On 1/17/06, Joshua Slive [EMAIL PROTECTED] wrote:
2. There should be a section on the Security Tips page that mentions this
issue and makes some remarks on it.
Since we really need a place to point everyone who rediscovers this
issue and thinks they've found something original, I started
On 1/17/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Author: rpluem
Date: Tue Jan 17 08:08:28 2006
New Revision: 369827
URL: http://svn.apache.org/viewcvs?rev=369827view=rev
Log:
* Add some remarks how to mitigate the risk of DoS attacks by setting
proper values for the Timeout and
On 1/19/06, Praveen Bhaniramka [EMAIL PROTECTED] wrote:
Hi all,
We are developing a custom module for Apache using mod_gsoap over Linux.
However, our software currently does not work very well in a
multi-process environment as it was designed primarily for a
multi-threaded environment.
Is
On 1/19/06, Praveen Bhaniramka [EMAIL PROTECTED] wrote:
Hi Joshua,
Thanks for your reply. I tried setting the parameters suggested by you.
But when I re-run httpd2, I see that it is still creating 3 processes.
Three processes is normal. One is the control process, one is the cgi
daemon and
On 1/24/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
There should be feature to dynamically update configuration ( module
configurations ) at runtime and no connection should break. I am looking at
apache code and could not get any clue. Can anyone suggest me where to start
for this?
I haven't done any of this work myself, but...
On 1/26/06, Ian Holsman [EMAIL PROTECTED] wrote:
Hi.
It looks like recently some people have changed how authorization is
working on the trunk.
Could those people please
1. add a note to docs/upgrading.html to document what us idiots need to
On 1/26/06, Ian Holsman [EMAIL PROTECTED] wrote:
Hi Joshua:
httpd.conf.in has the new structure
httpd-std.conf (the one I was looking at) didn't ;(
Hmmm... httpd-std.conf doesn't exist in trunk.
Joshua.
On 2/5/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Author: niq
Date: Sun Feb 5 11:30:29 2006
New Revision: 375083
URL: http://svn.apache.org/viewcvs?rev=375083view=rev
Log:
PR#38521 - fix link.
-liYou may use the a
href=http://httpd.apache.org/docs/apache_pb.gif;'Powered by
I hadn't checked in a while, but there seem to be lots of mod_mbox
cores on ajax again. Here's one backtrace:
#0 mbox_cte_escape_html (p=0x60343ca8,
s=0x602f5a68
--_=_NextPart_001_01C3C08D.F854E1E0\nContent-Type:
text/html;Content-Transfer-Encoding:
On 2/10/06, David Reid [EMAIL PROTECTED] wrote:
Joshua Slive wrote:
On 1/26/06, Ian Holsman [EMAIL PROTECTED] wrote:
Hi Joshua:
httpd.conf.in has the new structure
httpd-std.conf (the one I was looking at) didn't ;(
Hmmm... httpd-std.conf doesn't exist in trunk.
Just ran
On 2/16/06, David Reid [EMAIL PROTECTED] wrote:
Rather than try and piece it together, can someone simply answer this
simple question? Maybe then this mail and your reply will help other
poor souls trying to make the change.
Convert this
Order deny,allow
Deny from all
Require all denied
On 2/16/06, Graham Leggett [EMAIL PROTECTED] wrote:
Ian Holsman wrote:
maybe if mod_access_compat is included by default statically into httpd
itself? (unless explicitly disabled)
we could make it optional in 2.6 (and remove docs on it), and remove in
2.8 or something. this will give
On 2/17/06, Joost de Heer [EMAIL PROTECTED] wrote:
'Breaking a config file' is IMO that you can't just copy your 2.0 config file
and it works. And the new mod_auth(n|z) structure just did that: A 2.0 config
file needed changes to work in 2.2.
Only if you are using dynamically loaded modules.
On 2/25/06, Arshad Ahamad [EMAIL PROTECTED] wrote:
Hello all,
I have configure Apache-2.0.48 successfully.Now I would like to
integrate Apache-2.0.48 and existing server. So I am unable to start this
work ,I am too much confused either Apache embedded into the existing server
OR
On 3/6/06, Graham Leggett [EMAIL PROTECTED] wrote:
Hi all,
I have just tried to convince httpd v2.2.0 to password protect a single
file on the filesystem, but without any success.
Does anybody know whether this is possible?
I tried
Location /cgi-bin/dir/file.cgi
and
Files
On 4/18/06, Matthias Behrens [EMAIL PROTECTED] wrote:
hi
is there a way to overwrite the HTTP_X_FORWARDED_FOR instead of adding to
it?
the problem is that the content of this headerline is sometimes totally
chaotic so its very difficult to parse.
other possible solutions would be:
- to
On 4/20/06, Matthias Behrens [EMAIL PROTECTED] wrote:
thx
doesnt seem to work on 2.0
its a 2.2 feature isnt it?
The early option, which may be necessary here, is a 2.2 feature.
Joshua.
On 4/21/06, Roy T. Fielding [EMAIL PROTECTED] wrote:
I don't know of any reason to hurry a 2.0.x release (heck, I don't
know of any reason to continue its development), but I also don't think
releasing one with modified copyright years is any more or less legal
than continuing to distribute
On 4/24/06, Swapan Gupta [EMAIL PROTECTED] wrote:
Hi,
I am using Apache 2.0.53. I am observing that when a 304 Not Modified
response is returned accompanied by the Location header, the
Location does not reach the user.
I could see that this header is not mentioned in the RFC for 304
This type of request is becoming more and more common.
Although mod_mbox obscures the basic to and from address, there are
still two problems:
1. It doesn't obscure email addresses in the body of the message
(which could be from forwarded/quoted messages).
2. The raw link still gives access to
On 4/28/06, Justin Erenkrantz [EMAIL PROTECTED] wrote:
On 4/27/06, Joshua Slive [EMAIL PROTECTED] wrote:
I know there are people who still hold the idealistic view that we
shouldn't be obscuring email addresses at all. Although I agree in
principle, I think the world has passed that view
On 5/3/06, Joe Orton [EMAIL PROTECTED] wrote:
On Wed, May 03, 2006 at 02:39:33PM +0200, Niklas Edmundsson wrote:
I've run into apr_brigade_insert_file() creating brigades that's not
possible to sendfile() (EINVAL), this is with httpd-2.2.2 on Ubuntu
Breezy Linux amd64 (64bit). The file in
On 5/8/06, Joseph Dane [EMAIL PROTECTED] wrote:
Joshua Slive [EMAIL PROTECTED] writes:
In very early versions of the Apache HTTP Server, the
directiveAddType/directive directive was also used to activate
special server-side processing (such as modulemod_include/module
or PHP) by assigning
On 5/10/06, Tiago Semprebom [EMAIL PROTECTED] wrote:
Hello,
I'm developing a new handler module in apache, in this module I need to do
some changes in the incoming requests, like change the request priority, for
example: I need to intercept the request and in some away to change or set a
On 5/18/06, pradeep kumar [EMAIL PROTECTED] wrote:
Hi,
Is there any other way of getting PATH_INFO without using mod_include?
More details please. PATH_INFO works find in 2.x. Perhaps you need
to look at the AllowPathInfo directive.
Joshua.
On 5/25/06, Rich Bowen [EMAIL PROTECTED] wrote:
The folks at Drupal have apparently just discovered that
something.php.bar is executed as PHP, and, thus, checking to see if a
file ends with .php is not sufficient to ensure that their file upload
feature can't be exploited.
In fact, they have a
On 6/1/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Add example/default allow-from for localhost, please???
Location /server-status
SetHandler server-status
Require host .example.com
+Allow from 127
/Location
I think you are looking for
Require ip 127
or something like
On 6/1/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Ewww... can't we be consistant with our workfiles paths?
-DavLockDB @@ServerRoot@@/var/DavLock
+DavLockDB @exp_runtimedir@/DavLock
I believe the issue here is that exp_runtimedir is writable only by
root, while DavLockDB needs to be
On 6/1/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Author: wrowe
Date: Wed May 31 22:42:13 2006
New Revision: 410761
URL: http://svn.apache.org/viewvc?rev=410761view=rev
Log:
That's the point, isn't it? All mpm's in one basket?
Sure, but windows has its own config file where we left
101 - 200 of 597 matches
Mail list logo
