Re: [RELEASE CANDIDATE] libapreq2 2.12 RC1
Hi Joe, I think that I discussed the following issue with Issac, two years ago. Actually, the idea to have an interactive fallback for CGI, was mine, I was the sponsor, and Issac programmed it (very well!). Before getting any decision, I want to discuss it again with him, which can't be done before Sunday: Currently, is_interactive_mode() is based on GATEWAY_INTERFACE, which is defined by any CGI query from the webserver (RFC). The second case is when a user runs it manually, so GATEWAY_INTERFACE is undefined, and the fallback is to get the params interactively. But there is a third case - When the user wants to feed QUERY_STRING manually. So if we test QUERY_STRING (rather than GATEWAY_INTERFACE), we support all the three cases, because QUERY_STRING is defined by any CGI query (even in POST - but with an empty content). I think this is going to be the first stable version with interactive mode, so it's the last opportunity to change this behavior. I want to re-check it. Regards, -- Eli Marmor mar...@netmask.it CEO, Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-5237338 Kfar-Saba 44641, Israel
Re: new modules in trunk
Paul Querna wrote: ... If the core fully supported UDP and multicast listeners, it should be possible to write the heartmonitor module as just a protocol module, although heartbeat would still likely need its current structure. ... Issac Goldstand already developed UDP support, for the contributed mod_dns (both financed by my company, and contributed to the ASF). I believe that it's finally the time to add these things (together with mod_ftp) officially to the trunk, at least as experimental. Their place is there, and as low level modules, it's much more native to include them than some of mentioned modules. The current server, which was an HTTP daemon in the past, already supports various protocols (HTTPS, FTP in the proxy, etc.), si FTP and DNS will be great, especially when it's so hard to support them as external modules, contrary to some of the mentioned modules. Adding the SMTP module (as experimental, because it still needs many fixes) may close the circle and makes APACHE an all-in-one server, when many features (such as buckets-brigades, configuration, pools, MPM's, etc.) are reused in all of the protocols, and make APACHE a very elegant and smart server. -- Eli Marmor [EMAIL PROTECTED] CEO, Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-5237338 Kfar-Saba 44641, Israel
Re: Should we release 2.10?
Bojan Smojver wrote: On Fri, 2008-07-11 at 18:46 +0300, Eli Marmor wrote: DON'T FORGET TO MERGE THE ENHANCED-CGI !!! Do you have a link? http://svn.apache.org/viewvc/httpd/apreq/branches/enhanced-cgi/ -- Eli Marmor [EMAIL PROTECTED] CEO, Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-5237338 Kfar-Saba 44641, Israel
Re: Should we release 2.10?
Joe Schaefer wrote: --- On Thu, 7/10/08, Bojan Smojver [EMAIL PROTECTED] wrote: Is there anything that needs to be addressed still before we roll this? It's been a long time since the last stable release, I think we should go ahead and get something out the door... Sounds good. AIUI Issac was going to RM but had difficulty getting the docs to generate. Are you willing to give it a shot? [Sorry for the shouting letters:] DON'T FORGET TO MERGE THE ENHANCED-CGI !!! [Sorry also if it was already done...] -- Eli Marmor [EMAIL PROTECTED] CEO, Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-5237338 Kfar-Saba 44641, Israel
Re: Call for Papers Opens for ApacheCon US 2007
On *April 16*, Rich Bowen wrote: Call for Papers Opens for ApacheCon US 2007 The Call for Papers is now open for ApacheCon US, to be held November 12-16 at the Peachtree Westin, Atlanta. The conference will consist of two day of tutorials (November 12-13) and three days of regular conference sessions (November 14-16). ... The paper submission deadline is Monday, 28 April 2007, Midnight GMT. ^ Considering the short time till the deadline, is it possible to give an extension? (let's say - May 16, a month from now). -- Eli Marmor [EMAIL PROTECTED] Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-5237338 Kfar-Saba 44641, Israel
Re: protocol module ?
Gregory Nicholls wrote: I've been looking at mod-ftpd and mod-pop3 with a view to writing a protocol module. What I haven't been able to work out from reading these, is how a particular protocol module 'registers' its interest in specific connections. eg. Assume there's 2 protocols being used and we have Listen 8080 http and Listen 1234 foo. I use ap_hook_process_connection to insert mod_foo into the chain. So far so good but I only want to process connections coming on port 1234. Neither mod-ftpd or mod-pop3 seem to have any code that examines the connection with a view to declining those they can't process. So I'm guessing that there's some mechanism for assigning protocols/ports to a specific module. I just don't know how to do it. Can some kind soul point out what I've missed please ? Thanks, Gregory Nicholls I don't know if it will help you, but Ryan Bloom dedicated a chapter for that in his book (Using Apache to Serve Different Protocols, pp. 383-401). In addition, mod_ftpd and mod_pop3 are not the only non-httpd protocol modules, and there are some else, such as mod_smtpd. I wish there was a mod_named (or mod_dns or mod_bind, I don't care). One day, maybe I'll write one... -- Eli Marmor Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-5237338 Kfar-Saba 44641, Israel
Re: svn commit: r467655 - in /httpd/httpd/trunk: CHANGES docs/manual/mod/mod_cache.xml modules/cache/mod_cache.c modules/cache/mod_cache.h
Graham Leggett wrote: We have significant contributions from two people - Davi Arnaut and Niklas Edmundsson, and I've been integrating the issues fixed by both these contributions into a coherent workable whole, so that the effort spent by these people isn't wasted. Both of their efforts have focused on different aspects of the cache, making this workable. Some parts are not RFC compliant, other parts are not implemented elegantly enough, but these are details that need to be raised, addressed and fixed, not used as a feeble excuse to abandon the effort and return to some cache code that nobody wants to use. I'm afraid that your count is wrong - the significant contributions came from THREE people, not TWO: Issac, Davi and Niklas. -- Eli Marmor [EMAIL PROTECTED] Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-5237338 Kfar-Saba 44641, Israel
Re: [PATCH] proposal to add interactive CGI module
+1 ;-) (for honesty sake, I asked Issac to code it, after I did a similar thing to another CGI library...) I want to add a temporary README (i.e. Executive Summary for busy people...): WHAT: A patch against module_cgi.c, that causes any apreq-based CGI program to become interactive when run by the user and not by a web server. ORIGINAL BEHAVIOR: Such CGI programs require a user running the program from an interactive shell to manually populate the local environment with the appropriate (QUERY_STRING, HTTP_COOKIE, CONTENT_LENGTH, etc) variables and prepare a properly formatted POST body; Otherwise, apreq fails to work. NEW BEHAVIOR: If the CGI was invoked not by a web server, it will prompt the user with the needed parameter names upon demand, and read the typed-in values (note: the original behavior is kept if QUERY_STRING is defined). AFFECTED APIs: * cgi_body(_get) * cgi_args(_get) * cgi_jar(_get) * cgi_param(s) * apreq_handle_cgi EFFECT: If interactive_mode has been detected, the above APIs will type a prompt on stdout and await parameter values to be entered on stdin (lazily), rather than parsing the appropriate brigade/environment variables. WHY: 1. Save the need to write 2 programs for each purpose (one CGI and one interactive). The same program will handle both cases. 2. Allow easier debugging of CGI, by gdb etc. 3. Easier CGI-based scripting (one may write echo joe | mycgi rather than: export QUERY_STRING='name=joe'; mycgi). 4. Extra behavior for existing programs without recompiling them. 5. Because it's cool ;-) DEMO: Just run module/test_cgi.c with the the modified libapreq2. -- Eli Marmor [EMAIL PROTECTED] Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-5237338 Kfar-Saba 44641, Israel
Re: [PATCH 40026] ServerTokens Off
Sorry for joining the discussion so lately. This issue was raised several times in this list. It was voted off in all of them, because of several reasons, one of them was not mentioned this time: Apache's strongest marketing point has been always its dominance among the web servers. With about 70% in all of the market researches, from netcraft.co.uk to securityspace.com, Apache became the first option for almost everybody. It's sure that the Off option will hurt the statistics of Apache. Many of us will love to see this option going away, because everybody can do it very easily through the source code, as Yahoo! and others already did. But if this option is a so strong dream for somebody, the minimum that can be done to help a little, is a strong recommendation against using this option, in the documentation. My English is not great, so I leave the exact words for somebody else, but this recommendation should say that using the Off option is not social, pays bad for the great efforts that Apache's developers put into this project, and should be used only in closed networks or if there is no other choice. Something like use it only if you know what you are doing. After all, people don't pay anything for the great efforts of the Apache's developers, and crediting Apache is the only nominal thank that they can do. Of course, the statistics of Apache is going to suffer even with this warning, but without it - it is going to be even worse. I also think that adding this option requires a new license (2.1?) stating that You must mention Apache in this HTTP header, so technically it will be possible to use Off, but not according to the license. -- Eli Marmor [EMAIL PROTECTED] Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-5237338 Kfar-Saba 44641, Israel
2.2.3
Hi, 3 months have passed since the last release; Is 2.2.3 expected soon? Thanks to your great efforts, there are exciting new features in the trunk, and it would be great to bring them to the masses... Thanks, -- Eli Marmor [EMAIL PROTECTED] Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-5237338 Kfar-Saba 44641, Israel
Re: Environment Variable Interpolation in ProxyPass/Reverse
I'm not a member, and I can't vote but only express my own needs, but this is something that I've waited for a long time, and I even planned to implement it, but Nick was faster... Nick Kew wrote: This is a topic that's been discussed occasionally, though not (AFAIR) on this list. A few weeks back, I implemented a patch to support interpolating per-request environment variables in reverse proxying directives. Note that this goes beyond what mod_rewrite already supports, because it also interpolates response headers per ProxyPassReverse and family. Do we want this in /trunk/ ? -- Eli Marmor [EMAIL PROTECTED] Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-5237338 Kfar-Saba 44641, Israel
Re: [RT] what's the roadmap?
Hi Joe, First, congrats and thanks for 2-2.07. Everything sounds great (well, maybe except for the words that may take some time doing ;-) My question: currently, there is one big libapreq2-2.07.tar.gz; Why don't we split it into two files, one for the C glue, a candidate for the integration into httpd (or apr/apr-util?), and the second, Perl glue, depnding on the former, a candidate for integration into mod_perl/CPAN? I believe that axing the Perl from the base library may clean the fears of the httpders, while having the C in httpd/apr and having only Perl in the Perl-glue (that depends on a standard stuff which was integrated into httpd/apr) may help the mod_perl guys to integrate it. -- Eli Marmor [EMAIL PROTECTED] Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-5237338 Kfar-Saba 44641, Israel
Re: [PATCH] Rename to Apache D
Brad Nicholes wrote: You're not really serious about this are you? It is a little premature to rename something to 'd' that is still very much 'httpd'. Get the code in place first and then see if it makes sense to worry about trivial things like renaming the binary. While I don't have vote rights, I have an idea for a compromise that will reflect the opinions of both sides: Since Ryan Bloom wrote his mod_pop3 as a proof of concept (where the concept was the independence of Apache on specific protocol, though - to be more precise - it still depended on HTTPD), several other non- HTTP protocols were implemented (mod_ftpd and mod_smtpd, to name the main ones). While the Apache server does support the ability to code such modules, it neither CONTAINS them, nor IMPLEMENTS them, but only the HTTP protocol. You can't omit the httpd name from a server as long as all it does (ignoring 3rd party modules and external ones) is HTTP. Once these modules are integrated into the Apache server, such a rename will make a lot of sense. And I want to use this opportunity to pass a message from me and other Apache users/developers/integrators I know: PLEASE consider the integration of these modules (ftpd and smtpd) into Apache, at least for the experimental directory. the current status is anomal for FTP: Proxying it is supported (mod_proxy_ftp), but the original service is not. And regarding smtpd: if mod_mbox will be integrated, its combination with mod_smtpd creates an end-to-end messaging solution, which is a great thing, at least IMHO. I don't see how inclusion of non-HTTP modules in the experimental directory, with a default exclusion from builds, will break anything, especially when the claim is that the Apache server is not HTTP-centric anymore, and especially^2 when this claim is followed by considering the rename from httpd to d. Thanks for taking the time to read me, -- Eli Marmor [EMAIL PROTECTED] Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-5237338 Kfar-Saba 44641, Israel
Re: A mod_mbox release ?
Maxime Petazzoni wrote: ... I'm not yet used to release management (even for a small module like mod_mbox), so I'll be very pleased to get some feedback, comments and pointers if we decide to make a 0.2 release for mod_mbox ! I think Sam (=Maxime) is too modest to ask for the inclusion of mod_mbox in the modules/experimental directory httpd; I think that this was the original purpose of giving it to SoC, wasn't it? And I'm sure that Sam will agree to promise to agree for future axing of his module, IF it will not prove the benefit and quality that are expected from a standard module of Apache. In any case, thank you Sam! -- Eli Marmor [EMAIL PROTECTED] Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-5237338 Kfar-Saba 44641, Israel
monitor hook not working since 2.1.9?
I'm using Nick's hook monitor, called by ap_run_monitor() from mpm_common.c. It worked flawlessly under 2.1.4. It doesn't work with 2.1.9. Somewhere in the middle, between 2.1.4 and 2.1.9, something went wrong. It seems that ap_wait_or_timeout() was run at least once per a second under older versions, but not anymore. Does anybody know anything? Thanks -- Eli Marmor [EMAIL PROTECTED] Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-5237338 Kfar-Saba 44641, Israel
Re: monitor hook not working since 2.1.9?
I'm not sure this is a problem; maybe only MY mistake. I'm still investigating. Meanwhile, please don't spend time for that. I wrote: I'm using Nick's hook monitor, called by ap_run_monitor() from mpm_common.c. It worked flawlessly under 2.1.4. It doesn't work with 2.1.9. Somewhere in the middle, between 2.1.4 and 2.1.9, something went wrong. It seems that ap_wait_or_timeout() was run at least once per a second under older versions, but not anymore. Does anybody know anything? Thanks -- Eli Marmor [EMAIL PROTECTED] Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-5237338 Kfar-Saba 44641, Israel
Re: Press release for httpd 2.2 (was Re: OT: performance FUD)
Let my try to contribute my $.02: Usually, a PR item which tells about company X delivered product Y to customer Z, is signed by both - X and Z. Since most of the organizations don't exist for charity but for business, Z must earn something out of this PR. Sometimes, the fact that Z agreed to be an early adopter and even to put its name on the PR, gives Z a small discount (irrelevant in our case). But the usual case is that only by using the product Y, customer Z succeeded to execute its extraordinary service, and here come some impressive numbers which could not be achieved without Y, and so on. In other words, while the interest of X is clear, the interest of Z is more tricky, and usually Z uses this opportunity to tell the world how great he is. We owe Brian something, not only to pay him for putting the name of CNN here, but also to help him pass his legal staff. So this is, more or less, how I see the PR (not the announcement about 2.2, but specifically the CNN case) (and excuse me for my bad English...): -- Just an example, only to demonstrate what I mean -- After gaining more than 70% of the market (according to market research companies such as NetCraft and Security-Space), the future of the Apache web server looks brigher than ever, and it seems that it has no competitors anymore. But there is still one huge competitor that even Apache can't beat: Previous versions of Apache. It just works, 7 days a week, 24 hours a days, serving millions of requests, without losing even one says John Doe, a webmaster with the moc.com, which is ranked #0 among the hosting providers: After all, even Steve Ballmer said 'Apache is simply better', so why should I upgrade?! If it ain't broken, don't touch it!. But now, with Apache 2.2 coming soon, more and more people argue: We succeeded to hire the best reporters and journalists, but in order to keep our status as the most popular news site, it is not enough to create the best content, but we must find creative ways to deliver the enormous load required by our on-line readers says Brian Akins of CNN. Apache 2.2 allowed us the break even our own records, and reach an amazing number of 77 billion hits, although we started to use it only several days ago. I know no other way to deliver one billion pages per day summarizing Akins. This is the message that the Apache Software Foundation tries to make these days: Apache 1.3 is still the power behind most of the leading websites, but the new release combines the advantages of the old one with new fabulous features and abilities says XXX, a member of the Apache Software Foundation, and as an Open-Source product, it's free, so why not upgrade?!. What are these new features and abilities? XXX tries to shorten his answer, but the new release is so revolutionary, so the list looks infinite: (and here comes an infinite list of the goodies of Apache 2.2). The Apache web server is available for download from httpd.apache.org, free of charge. --- This was only an example, but I hope you got the idea. The only problem with this direction is that some of the newspapers and TVs which should publish it, are direct competitors of CNN, and may prefer to edit it (bad) or even to ignore this PR (bad too). -- Eli Marmor [EMAIL PROTECTED] Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-5237338 Kfar-Saba 44641, Israel
Summary: [apache-modules] Session/Cookie-Based Authentication Library
[cross posting to two mailing lists] So far I've received two recommendations about a C library to help authenticate users based on cookies (and optionally IP/URL/etc.): Reginald De Crombrugghe recommended mod_auth_tkt (one of the libraries which were mentioned in my original question), and Ian Holsman (core developer of Apache httpd) recommended mod_auth_mda. There are many alternatives, but the amazing point that I found out immediately after looking at these two libraries, was that they are a fork of the same base (which was called mod_auth_tkt). Meanwhile, since the fork, both have added features and changes, so I'll have to investigate these changes and adopt the better one. By the way, both support only cookies based sessions. If anybody else has anything to add about the differences between these library, or even about another library which does the work, please speak now or forever hold your peace ;-) (just kidding...) As for the long run, I plan to write my own piece of code, based on libapreq2; I plan to open it, of course. Meanwhile, I want to thank Ian and Reginald for their generous help! -- Eli Marmor [EMAIL PROTECTED] Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-5237338 Kfar-Saba 44641, Israel
Re: Session/Cookie-Based Authentication Library
Max Kellermann wrote: On 2005/09/22 14:11, Eli Marmor [EMAIL PROTECTED] wrote: By the way: it may be based on libapreq2. And if I come into it, then what about the following idea: to add some authentication functions to libapreq2; In any case, it already does most of the work, including GET/POST parameter manipulation, as well as cookie manipulation. I believe we should not add anything about authentication to libapreq. It is currently a generic request parser, and should stay so. Adding authentication would require to make assumptions about the authentication procedure, which in turn forces users to follow our assumptions. There is no disadvantage in implementing authentication in an additional library. Sorry for being not enough clear: I didn't speak about HTTP authentication, and even not about a library doing the authentication for you. All I spoke was about some convenient routines that may save 80% of the work for people who implement cookies-based or session-based authentication. And I'll add a brief explanation for people who don't control exactly how this authentication works: The username and the password are received from the user by a POST request, optionally encrypted (by SSL, or by JavaScript, etc.). From now on, the programmer marks the session, so following requests will be identified as coming from this specific user. This can be done in two ways: by setting a unique cookie (usually temporary), or by adding a unique hidden arg=val to following requests/responses (sessionization). There must be a special URL/module/whatever for logout. Cookies may be not temporary, so following accesses to the site, will cause the username field of the login form to be initialized with the value from the previous time (of course, this is optional). While it's easy to describe this mechanism, its implementation (without the help of any library) is hard. Implementation based on a library like libapreq2 saves the effort by at least 50%. All I suggested was to add some convenient routines that will ease this effort further. For example, a function to create an encrypted code to be used as the unique cookie or session-id. Or obtaining the code from a request. Or getting the username out of a request struct. Or using the input filter to consume the session-id from the QUERY_STRING (or the POST params) so filters/modules following in the chain will not see it. This extra API is so thin, and will be very easy to code, because most of its work is already done by lower level functions of libapreq2. -- Eli Marmor [EMAIL PROTECTED] Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-5237338 Kfar-Saba 44641, Israel
Re: mod_mbox bug squashing
Maxime Petazzoni wrote: 5) If you know that the AJAX view only works in Gecko based browsers do you plan on sniffing the browser type and redirecting to the non-AJAX view in that case? This is probably a bit of a controversial subject, but it seems like the kind of thing that would have to be resolved before the ASF could roll something like this out. I'll try to make the AJAX view work on as many browser as possible. I'd like it to work on Konqueror and Opera. The IE problem does not seem to be fixable. I agree that it is better to dedicate the time to support more browsers, than to invest too much in cases where AJAX is not supported. However, what is this problem with IE that doesn't seem to be fixable? If it was discussed here and I missed it, I apologize, but please give me a pointer to that discussion. P.S. It's cool. Thanks, -- Eli Marmor [EMAIL PROTECTED] Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-5237338 Kfar-Saba 44641, Israel
Re: mod_cache wishlist
Parin Shah wrote: I have fixed that memory leak problem. also added script to include libcurl whenever this module is included. I hope that it doesn't mean that libcurl is going to be a permanent solution, when subrequests (with minor changes) could serve the same purpose. BTW: if subrequests are refactored, isn't it better to move them to APR/APR-UTIL? In any case, thanks for the great contribution! -- Eli Marmor [EMAIL PROTECTED] Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-5237338 Kfar-Saba 44641, Israel
Re: howto retrieve request URI args and request body within an output filter module?
Have you checked libapreq2? By the way, if I recall correctly, it is a candidate for integration into httpd (or APR/APR-UTIL). Christian Parpart wrote: Hi all, I was looking for a module which I can use for publishing my XML/XSLT based web application on; That means, simple static transformation are not enough, as *EVERY* new request to the same .xml file may potentially change the result; finally, I found mod_transform[1] somewhat usefull, but it - obviousely - doesn't fit all the needs I have to have as it (e.g.) does not pass request arguments from GET and PUT to the XSLT stylesheet :( though, my question: how do I get these from within that .xml output filter? Thanks in advance, Christian Parpart. -- Eli Marmor [EMAIL PROTECTED] Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-5237338 Kfar-Saba 44641, Israel
Re: Missing Features of htdigest.c
Geoffrey Young wrote: only? you can certainly add a new user via use Digest::MD5; my $user = 'user'; my $realm = 'realm'; my $pass = 'pass'; print $user:$realm:, Digest::MD5::md5_hex($user:$realm:$pass), \n; once you know the algorithm, parsing the file and changing passwords with perl is just as simple :) Well, maybe I explained it bad, so I'll try again: In 2.1, the AAA was totally restructured, to separate the algorithm (BASIC or DIGEST or whatever) from the storage (FILE or DBM or a database), and to open the full matrix of options to users. However, even if it was done in the server (which I didn't check), there is no way to use it, because the supporting programs have never fixed or changed to support it: Nothing was added to dbmmanage or to htdbm or to htpasswd to support different algorithms, or at least DIGEST. Moreover, the only program which still supports DIGEST - htdigest - does almost nothing - no DBM, no database support, and even the minimal features - such as non-interactive mode (-b) so other programs or CGIs can call it - are not supported. Has anybody here ever user DIGEST not in a FILE but in DBM or a database? How did he do it? Is there any code sample? Why don't we just fix dbmmanage and htdbm? And of course, finally finishing htdigest? Or add DIGEST as an option to htpasswd? (which is better?) If I do any of the above things, will it be committed? (assuming it's written according to the guidelines) Does anybody have existing code or patches to save me time? Will there be anybody else to help me? I know that there are tricks to do everything in Perl, but if this is the way to go - then remove htpasswd/htdigest from the distribution and ask people to write Perl scripts instead... ;-) (I'm not serious, I'm just trying to illustrate why solutions like the responder suggested are not practical; if the supporting programs lack minimal and basic features, we must fix them. If htdigest is useless, either remove it or fix it. And if there is no way to use DIGEST but only BASIC, then return to the old structure of AAA, because there is no need to separate the algorithm - there is only BASIC). Thanks, -- Eli Marmor [EMAIL PROTECTED] Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-5237338 Kfar-Saba 44641, Israel
Re: Missing Features of htdigest.c
Responding to myself, I want to go on: May we add [-D realm] to the command options of htdbm? I believe it will not take more than 20 lines, is anybody expect any problem with it? Has anybody done a similar thing in htdbm in the past? And last thing before we add it: Is the new structure of AAA ready to support it in the server? I don't want to waste time in the side of the supporting programs, just to find out that the server lags behind and is not ready to support what it supposed to do when it was restructured... Thanks, -- Eli Marmor [EMAIL PROTECTED] Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-5237338 Kfar-Saba 44641, Israel
Re: Post-2.2 Thoughts
Paul Querna wrote: Ben Collins-Sussman wrote: On May 8, 2005, at 3:15 PM, Olaf van der Spek wrote: On 5/8/05, Phillip Susi [EMAIL PROTECTED] wrote: ... ... ... I had a hacked up 'mod_svnserve' several months ago, and got it to the level of speaking a little bit to clients I will look at posting it sometime. What about adding mod_svnserve, mod_pop3, and mod_ftp to modules/experimental with default configuration as no even when the most flag is used? -- Eli Marmor [EMAIL PROTECTED] Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-5237338 Kfar-Saba 44641, Israel
Re: [PATCH] mod_cache, expand impact of CacheIgnoreCacheControl
Joshua Slive wrote: Justin Erenkrantz wrote: --On Tuesday, March 8, 2005 9:38 PM +0200 Eli Marmor [EMAIL PROTECTED] wrote: It depends if you need it only for the server configuration, or for dir_config; In the latter case, you don't have another choice, you just NEED the +- Actually, cache can't respect any dir config's (because it is a quick handler) so Joshua is right - we shouldn't follow the +-. -- justin I don't think it matters anyway. Note that AllowOverride handles dir configs. All the +/- syntax buys you is being able to write Directive Foo Bar Baz Directory /foo Directive -Bar +Boo /Directory Instead of Directive Foo Bar Baz Directory /foo Directive Foo Baz Boo /Directory Both of you are right; What I meant to say was that in dir config, you MUST have +-; In server config, you MAY have +-. Time to define the exact directive and names? -- Eli Marmor [EMAIL PROTECTED] Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-5237338 Kfar-Saba 44641, Israel
Re: [PATCH] mod_cache, expand impact of CacheIgnoreCacheControl
Justin Erenkrantz wrote: --On Wednesday, March 9, 2005 9:47 AM +0200 Eli Marmor [EMAIL PROTECTED] wrote: Time to define the exact directive and names? I'd start with all of the directive that mod_cache currently exposes that are binary (on/off). At a quick glance, that looks like CacheIgnoreCacheControl, CacheIgnoreNoLastMod, CacheStoreNoStore, CacheStorePrivate. For a first cut, it probably just makes sense to drop Cache from the prefix and see how it goes. -- justin That's all?! Let me quote myself (and this is not the complete list): If I recall correctly, there were MANY conditions in mod_cache that prevented caching (like checking for a POST method, no-store, no-cache, auth, GET args, private, public, must-revalidate, maxage, etc.). The complete list may be long, but if we want to allow offline caching, we must precede a condition before any rule of mod_cache.c that prevents caching in any case, and I don't see any serious difference (performance, code size, memory size) between if (conf-something!=0) and if (conf-something SOMETHING != 0). So we don't need to have one directive/bit for many conditions, as long as it is done in a friendly way for the users (i.e. there are 3-4 pre-defined constants which mean cache nothing, default cache, and cache everything - for offline browsing). In addition, the entity must be updated to contain more attributes of the request (args, POST args, cookies, etc.). And to find it fast, the key generated by cache_generate_key must be based on more things (such as args). Because sometimes a dynamic site may have thousands pages, all of them with the same URL but with different args. By the way: the whole concept is not according to RFC 2616, but you can't do offline caching without contradicting the RFC, and we already have a lot of other directives that allow the users to be incompatible with the RFC, *IF THIS IS WHAT THEY WANT AND THEY KNOW WHAT THEY ARE DOING*. -- Eli Marmor [EMAIL PROTECTED] Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-5237338 Kfar-Saba 44641, Israel
Re: [PATCH] mod_cache, expand impact of CacheIgnoreCacheControl
[EMAIL PROTECTED] wrote: Eli Marmor wrote: [..cut..] In addition, the entity must be updated to contain more attributes of the request (args, POST args, cookies, etc.). And to find it fast, the key generated by cache_generate_key must be based on more things (such as args). Because sometimes a dynamic site may have thousands pages, all of them with the same URL but with different args. The args are already used by cache_generate_key (see cache_storage.c lines 301 till 310, code from 2.0.53): apr_status_t cache_generate_key_default( request_rec *r, apr_pool_t*p, char**key ) { if (r-hostname) { *key = apr_pstrcat(p, r-hostname, r-uri, ?, r-args, NULL); } else { *key = apr_pstrcat(p, r-uri, ?, r-args, NULL); } return APR_SUCCESS; } Oops, you're right... But yet, POST args are not used (it requires an input filter BTW), as well as other parameters which may affect dynamic caching (cookies etc.). People may be afraid of a total caching and/or input filter, so these options will be turned off by default, but we still owe them for the rest. -- Eli Marmor [EMAIL PROTECTED] Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-5237338 Kfar-Saba 44641, Israel
Re: [PATCH] mod_cache, expand impact of CacheIgnoreCacheControl
Justin Erenkrantz wrote: On Tue, Mar 08, 2005 at 06:01:35PM +0100, Sander Striker wrote: While I think this is a good idea, I'd like to consider renaming this particular directive as I think the name is really confusing. Does that mean you want me to hold off on committing this patch pending a directive rename? Isn't that a seperate issue? Nah, go ahead and commit if you like. It's just that you brought up the point of making the directive more intuitive - and I have problems from the word go on this particular directive being intuitive. It's not. In order to understand what this directive does, you need to know what Cache-Control from the RFC means - and that's not intuitive. I'd like something that expresses the concept that we will serve cached content even if the client asks for 'fresh' content. The closest I can come up with is 'CacheServeStale' - but that's not quite right or even precise either. CacheForOffline? (or Cache4Offline) Offline browsing is the main case where you need such absolute caching. But it requires you to cache EVERYTHING. Including dynamic content, and even different content according to different POST input. Maybe two directives are needed, one for using the cache only if the cookies are the same. All of that requires changing the caching mechanism to keep POST input, cookies, etc. I started to do it in the past, and planned to contribute it when it would be ready, but held on when the major modifications of mod_cache started. I think that Brian Akins made a similar patch too, and wanted to contribute it, but failed to pass CNN's lawyers. If I recall correctly, he volunteered to give tips. -- Eli Marmor [EMAIL PROTECTED] Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-5237338 Kfar-Saba 44641, Israel
Re: [PATCH] mod_cache, expand impact of CacheIgnoreCacheControl
Sander Striker wrote: Eli Marmor wrote: [...] CacheForOffline? (or Cache4Offline) Offline browsing is the main case where you need such absolute caching. But it requires you to cache EVERYTHING. Including dynamic content, and even different content according to different POST input. Maybe two directives are needed, one for using the cache only if the cookies are the same. All of that requires changing the caching mechanism to keep POST input, cookies, etc. I think you just proved Justins point. Above is all about response Cache-Control. The current CacheIgnoreCacheControl only affects request Cache-Control. Confuzzled yet ;) :) Sander If I recall correctly, there were MANY conditions in mod_cache that prevented caching (like checking for a POST method, no-store, no-cache, auth, GET args, private, public, must-revalidate, maxage, etc.). My idea was to have one directive, with an option for each of them, including the conditions that are already supported, plus two special options - one that represents the empty set of options, and one that turns on all of the options. -- Eli Marmor [EMAIL PROTECTED] Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-5237338 Kfar-Saba 44641, Israel
Re: [PATCH] mod_cache, expand impact of CacheIgnoreCacheControl
Justin Erenkrantz wrote: --On Tuesday, March 8, 2005 8:12 PM +0200 Eli Marmor [EMAIL PROTECTED] wrote: If I recall correctly, there were MANY conditions in mod_cache that prevented caching (like checking for a POST method, no-store, no-cache, auth, GET args, private, public, must-revalidate, maxage, etc.). My idea was to have one directive, with an option for each of them, including the conditions that are already supported, plus two special options - one that represents the empty set of options, and one that turns on all of the options. Hmm. That's an interesting approach. How about an ITERATE directive with a bit-wise field that represent their value in the config structure? I sort of like that... =) To be clear, something like: CacheOptions +StorePrivate +IgnoreClientControl +IgnoreServerControl +CachePOST +CacheAuth CacheOptions +all CacheOptions -all Feel like writing a patch? =) -- justin Exactly. This is what I started to code (using an ancient release...). I stole some code from Options. -- Eli Marmor [EMAIL PROTECTED] Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-5237338 Kfar-Saba 44641, Israel
Re: [PATCH] mod_cache, expand impact of CacheIgnoreCacheControl
Eli Marmor wrote: Justin Erenkrantz wrote: --On Tuesday, March 8, 2005 8:12 PM +0200 Eli Marmor [EMAIL PROTECTED] wrote: If I recall correctly, there were MANY conditions in mod_cache that prevented caching (like checking for a POST method, no-store, no-cache, auth, GET args, private, public, must-revalidate, maxage, etc.). My idea was to have one directive, with an option for each of them, including the conditions that are already supported, plus two special options - one that represents the empty set of options, and one that turns on all of the options. Hmm. That's an interesting approach. How about an ITERATE directive with a bit-wise field that represent their value in the config structure? I sort of like that... =) To be clear, something like: CacheOptions +StorePrivate +IgnoreClientControl +IgnoreServerControl +CachePOST +CacheAuth CacheOptions +all CacheOptions -all Feel like writing a patch? =) -- justin Exactly. This is what I started to code (using an ancient release...). I stole some code from Options. I.e. from set_options() of server/core.c -- Eli Marmor [EMAIL PROTECTED] Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-5237338 Kfar-Saba 44641, Israel
Re: [PATCH] mod_cache, expand impact of CacheIgnoreCacheControl
Joshua Slive wrote: Justin Erenkrantz wrote: CacheOptions +StorePrivate +IgnoreClientControl +IgnoreServerControl +CachePOST +CacheAuth CacheOptions +all CacheOptions -all I suggest avoiding the +/- syntax which has proven confusing to many users and adds very little in functionality. Just use CacheOptions StorePrivate IgnoreClientControl IgnoreServerControl CachePOST CacheAuth CacheOptions All CacheOptions None Use AllowOverride as your example rather than Options. It depends if you need it only for the server configuration, or for dir_config; In the latter case, you don't have another choice, you just NEED the +- -- Eli Marmor [EMAIL PROTECTED] Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-5237338 Kfar-Saba 44641, Israel
Re: using xerces-c in Apache2 module
Paul Querna wrote: Laszlo wrote: Hi all Have somebody used xerces-c in an apache2 module? My files contain XML data and I want to handle them with an Apache2 module. How is it possible? I only have personal experience on handling XML with libxml2 in apache modules. The only module that I know of that used Xerces-c was an old version of mod_xml: http://apache.webthing.com/mod_xml/ I don't think Nick maintains it anymore, but if you ask him, he might have the source around if you just want an example. Nick can also compare libxml2 and Xerces-c, especially as a library for an Apache module. -- Eli Marmor [EMAIL PROTECTED] Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-5237338 Kfar-Saba 44641, Israel
Re: mod_status idea
Nice idea. Please check, before adding dependencies on internal data of mod_status, if APR_OPTIONAL_HOOK can help here; mod_status.c defines a status_hook, and maybe it can be used to help. Brian Akins wrote: I think this has been proposed before, but I wanted to see if there was interest before I started coding. Currently, there is a static list of states that mod_status can report. What if we extended this so modules could add there own state. Perhaps use something similar to calls to ap_get_request_note? Pseudo code: mod_foo has the foo state: in it's post_config: int foo_state; foo_state = ap_register_state(Doing foo); then in it's handler (or filter, or wherever): ap_set_state(foo_state). Then mod_status would have an array (or hash) of int's to strings and report them: 5494 in state: Doing foo The catch is we expect there to be a one character state. This would allow a module to have multiple states (like a handler and a filter). This would also make the state registration/setting voluntary. Thoughts? -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: transcode data before them are sent back to client...
Manos Moschous wrote: I am very new in this field and i need some directions. What am i want to do is to change the mod_proxy, so as i say in the subject to transcode(i have the code for the transcoding) the data in the proxy (mod_proxy) module before them are sent back to client. Client --- PROXY --- SERVER Here--SERVER So, i need to know where exactly(inside the code of proxy_http.c) the data are recieved(for example the index.html), before they send back to the client. Do the module store the data somewhere temporarily(in a file) or send them immediately to the client? I think that everything is happening in the ap_proxy_http_process_response() function. You go in the wrong direction. Please read about Apache2 filters. You will find a lot of information and examples in many articles, docs, guides, and even books (such as Ryan's). In addition, I suggest to subscribe to the modules mailing list, where your question really belongs. Good luck, -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: mod_cache performance
Graham Leggett wrote: Brian Akins wrote: On an OS that supports sendfile, a disk based cache will almost always bury a memory based one. Quite probably. But on a system without a disk, chances are it won't. :( It will. Unless mod_disk_cache + ram-disk + sendfile doesn't outperform mod_mem_cache. -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: Ideas for Smart Filtering
Great idea, Nick. By the way: Is it possible to integrate it with mod_rewrite, of course after extending mod_rewrite a little? This may save us the need to invent new directives (e.g. FilterProvider, FilterDispatche, etc.). After all, mod_rewrite has a very sophisticated system to define conditions. Please ignore me if it is a stupid idea (or if RSE is not available... ;-) -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: Apache config
was not written in XML, I used it to learn more about each resource (for example, when the user asked for context-sensitive-help about a specific resource, its doc was displayed automatically). 6. Save anomaly and double configurations (for example, no need to configure things twice - in the DOC and in the module). 7. Elegance. /LOONG TEXT -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: Apache config
Andre Malo wrote: Eli Marmor wrote: 7. Elegance. I tend to disagree. XML configuration is not elegant. Especially when you need to start quoting shell stuff and regexps for XML. XML configs are huge. This will blow up a typical 8k configuration file at least to 32k or more. XML is slow and less powerful compared to the current system. Anyway, I'm willing to get convinced when I see a new configuration system which (a) maps the current behaviour and complexities (b) does more than that and (c) make configuration of the httpd on a server system (no gui!) easier. Otherwise it's wasted time. Good luck! I agree, and the word elegance (like all the other benefits that I listed) was not written about XML, but about the idea to make the config bi-diretional, stored in a central tree accessible to the core too, with a syntax/format defined in a standard way (independent on specific module procedures to parse RAW_ARGS...), and re-using any possible data, including the XML DOC definitions of the directives. However, you have no choice but choosing a bi-directional format. XML is bad, but common. I prefer other formats (such as the X Resources format), but XML is what everybody and his dog uses these days... Thanks! -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: mod_deflate updates
Wow... In was the last minute before I did it myself... Great! If I could vote, I would put 1 (or even +404 ;-) Thanks! -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Making _ of mod_vhost_alias.c Configurable
Hi, When the %N or %-N of VirtualDocumentRoot (or one of its friends) in mod_vhost_alias.c doesn't exist, mod_vhost_alias.c puts _ instead of it. I want to add a directive that when being defined, will replace this _ by another string, or by an empty string. An empty string (or .) can be good for the following case: You want to allow different domains with different depth of names (i.e. level2.com vs. levelD.levelC.levelB.com) to live together, in a reversed order of directories, i.e. level2.com under /var/com/level2 and levelD.levelC.levelB.com under /var/com/levelB/levelC/levelD. The problem is that there is no condition directive that examines the NUMBER of levels (let's ignore mod_rewrite and its options...). So all you can do is: VirtualDocumentRoot /var/%-1/%-2/%-3/%-4 In the case of levelD.levelC.levelB.com it's perfect; You get what you asked for (/var/com/levelB/levelC/levelD). However, in the case of level2.com you get /var/com/level2/_/_ (instead of /var/com/level2). If it was possible to replace _ by or by ., you could get what you wanted. While it's ugly to replace the _ in the code, and may break the compatibility with old versions, an optional directive is elegant. Such a directive should check that there is no .. or other hacks in the string, because sometimes the webmaster gives partial permissions to the specific webmaster of this specific virtual host, and we don't want to break the security of the server by letting that sub-webmaster to reach areas which he shouldn't reach. My question: if I send a patch, is there any interest in adding it to the code? Otherwise, it will be easier for me to replace the _ in the code. P.S. the source of the problem is a limitation of the wildcards in named; you can't define *.mydomain.com and *.*.mydomain.com, but only *.mydomain.com. And there is no ? that means 1-level-wild- card. So all the names that ends by .mydomain.com will translate to the same IP. Thanks, -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Spam Using SMTP Over HTTP-Proxy
Hi, According to research companies, most of the current spamming is done using HTTP proxies. Spammers assistant scripts scan the net 24 hours a day, looking for open proxies, and then use them to spread the spam. Now everybody asking: how can an HTTP proxy used for sending e-mail ?! The answer is simple: today, more than 99% of the mail servers are closed against relay, and open only for incoming messages (for internal recipiants) or outgoing messages (sent by internal users). Most of the mail servers, including all of the ISPs, recognize internal users as users who connect to the mail server from IP classes that belong the organization (for example, IPs that belong to the ISP in the case of an ISP). So theoretically, a spammer can't use a mail server of a foreign ISP, unless he connects to it from an IP that belongs to this ISP. An open HTTP proxy that belongs to a customer of this ISP can help the spammer to cheat the mail server of that ISP and let it believe that this e-mail is sent from an innocent customer of that ISP, and this is how most of the current spamming is done. But HTTP proxy is educated to forward HTTP content, not SMTP ?! This is resolved easily by using POST; As you probably know, wrong headers are ignored by most of the mail servers (including sendmail); So the spammer connects to port 25 of the mail server as an HTTP service through the open proxy, send a POST request, and hides the SMTP content in the body of the posted data. The sendmail ignores the HTTP headers (and only reports warnings to the sender), and accepts the rest (i.e. the SMTP commands + the body of the e-mail). It is VERY easy for mod_proxy of Apache to recognize such sessions and block them. Before I'm starting such a project, I'd like to know: 1. Is there any existing code and/or module that implements this? 2. Is there any plan to add this to Apache / mod_proxy? My plan will take a long time... 3. Is there anything that can be learned from other proxies (e.g Squid) regarding this issue? 4. Can anybody add anything to the details that I wrote or has anything else to contribute to the effort? Thanks, -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: Offering modules for core httpd distro
Nick Kew wrote: In the course of a brainstorming session on #apache-modules (IRC) last night, it was suggested that some of my modules might be of interest for the Apache core distro (mod_diagnostics was specifically identified). I have compiled a list of four filter modules that are opensource and sufficiently general-purpose that they could be of interest. They are all open source, and can be licensed under the Apache license if you are interested in adopting them. Specifically: 1. mod_diagnostics ... 2. mod_upload ... 3. mod_xml_gnome_xslt ... 4. mod_proxy_html (NEW!) ... Any interest? Although my humble opinion doesn't play any role here, I must say that all of the four modules look COOL in my eyes. I believe that these 4 are the pieces that are missing from the puzzle which is called Apache 2. I, personally, would love to see them as an integral part of Apache. By the way: what is the difference between mod_xml_gnome_xslt and mod_xslt? -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: [PATCH] readme (was:Re: mod_pop3)
Although I've never used your MOD-SNMP, I'm curious to know if you are porting it to 2.0... Thank you for any response, -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: [PATCH] readme (was:Re: mod_pop3)
I wrote: Although I've never used your MOD-SNMP, I'm curious to know if you are porting it to 2.0... Thank you for any response, Oops... It was intended for Harrie Hazewinkel [EMAIL PROTECTED]... Sorry, -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: Group not working properly
Graham Leggett wrote: Hi all, While testing mod_ldap, I noticed it was creating a shared memory file like so: [minfrin@jessica httpd-2.0]$ ls -al /tmp/mod_ldap_cache -rw-r--r--1 nobody 42949672954 Jan 22 14:09 /tmp/mod_ldap_cache The groupid is set to 4294967295 - which is bogus. The default config file says (said) this: User nobody Group #-1 I am not sure whether #-1 is being interpreted as 4294967295, or if this figure comes from some area of not-previously-initialised variable. -1, when assigned to unsigned int of 32 bit, is indeed interpreted as 4294967295 (i.e. 2^32=4294967295+1). May be the result of a wrong cast of signed to unsigned. -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: 2.0.44 release?
By the way, the RC of Open SSL 0.9.7 was released yesterday, and the final is planned before the end of the month. It's important to test it with 2.0.44 before both are released, on as many as possible platforms. It's called 0.9.7, but it's a major version, after years of development. Contrary to all of the previous versions, this is the first to combine the usual OpenSSl with OpenSSl Engine (the library for SSL cards/accelerators/engines). With the same package, it's possible to run both - CPU-based calculations, AND special-hardware-based calculations. -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: Mod_auth_digest URI Mismatch
Andr Malo wrote: * Rob Emanuele wrote: Any suggestions for a workaround? forms: use POST simple URLs: use mod_rewrite or something to provide the browser a URL without query strings. (client-side: use another browser ;-) Or, if you really really want to touch only Apache, and are willing to take the responsibility, do the following VERY CAREFULLY: off the record patch mod_auth_digest.c: d_uri.path[0] == '*' d_uri.path[1] == '\0')) + #ifdef NOT_FOR_ME /* check that query matches */ || (d_uri.query != r_uri.query (!d_uri.query || !r_uri.query || strcmp(d_uri.query, r_uri.query))) + #endif ) { /off the record And remember: you haven't heard it from me! ;-) -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: Html content modify
Brian Pane wrote: Ah, that case you may want to use the 1.3 version of mod_include as a reference. Brian On Wed, 2002-12-18 at 10:22, fabio rohrich wrote: OPs, I forgot it! I implement mod_blanks in Apacahe 1.3.x I think that mod_layout (or mod_gzip) is a better option, since it does exactly what he needs. -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: BUG: http_vhost.c:fix_hostname
Brian Pane wrote: On Sat, 2002-06-22 at 13:56, Perry Harrington wrote: There is a bug in fix_hostname. The comment above function says that the hostname is lowercased, but it's not. the line which reads: *dst++ = *src++; ... should read: *dst++ = tolower(*src++); Thanks, I'll commit a change to convert to lowercase. All the virtual hosting code that uses r-hostname is case-insensitive, but IMHO it's better to normalize the case early to avoid surprising anyone who later tries to write, for example, a custom vhosting module based on a case-sensitive hash table. The patch is needed, but I'm afraid it will be a bad idea to insert ++ into tolower(), since under some platforms it is a macro (AND NOT A FUNCTION!) defined by ctype.h, with more than 1 instance of the parameter, so src ends up being incremented by 2, or 3, or even 4. Maybe the following will be better: *dst++ = tolower(*src); ++src; -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: 2.0.37-dev/Solaris-8/sparc-v9
Aaron Bannert wrote: BTW.. you do know that 64bit programs take a ~10% hit in performance don't you? Why's this? Because of various reasons. Maybe the major of them, is the size of used memory: Memory usage is higher, because of default sizes of various types, alignments, etc. I/O is heavier too, because swapping needs to write/read larger memory areas. In specific cases, the performance may be improved by using 64bit. For example, in programs that heavily use long long arithmetic. -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: Repeating Calls to apr_dso_load()
Aaron Bannert wrote: [copying the APR dev list] [I'm not subscribed to APR, and this message will probably be refused, so please forward it to them] On Tue, May 28, 2002 at 04:55:14AM +0300, Eli Marmor wrote: Can it be assumed that calling apr_dso_load() twice for the same shared object, will not re-open that file, but just returns the same handle? LoadLibrary*() on Windows does reference counting, and same goes for dlopen(). Thank you very much for the info about LoadLibrary(). Regarding dlopen(), I already mentioned it in my original question (well, you wouldn't expect me to raise a question without checking it first...). I think that assuming that most of the rest are not critical (NSLinkModule, load_add_on of BeOS, DosLoadModule of OS/2, dllload of OS/390), we have only to check what happens with shl_load() (HP-UX). If the behavior of shl_load() is similar, then it will not be wrong to say that more than 99% of the installations of Apache behave this way (the sum of dlopen() + shl_load() + LoadLibrary() ). -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: Modules using the input brigade calls directly
Justin Erenkrantz wrote: On Thu, May 30, 2002 at 07:34:00AM -, [EMAIL PROTECTED] wrote: jerenkrantz02/05/30 00:34:00 Modified:.CHANGES modules/proxy mod_proxy.c proxy_http.c Log: Switch mod_proxy to using the brigade/filter calls directly rather than the *_client_block calls. Okay, with mod_proxy and the cgi variants done, I think I've transformed the majority of our uses of ap_*_client_block to natively use the input filtering API. (And, mod_deflate's new filter follows a similar strategy.) In case you are interested, here's a summary of what/why I've done: ... ... Wow, great! (*) Finally, Apache completed the migration to the modular model of I/O filtering... A historical day that should be remembered! (*) (*) (The first and the last paragraphs are NOT sarcastic...) Thanks, Justin (I need no more patches in the core source of Apache... Now I can do everything cleanly...) -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: Modules using the input brigade calls directly
A small wish from the field: Will Justin's stuff be included with the RC3 of 2.0.37? -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Repeating Calls to apr_dso_load()
Can it be assumed that calling apr_dso_load() twice for the same shared object, will not re-open that file, but just returns the same handle? I know that under dlopen platforms (most of the UNIXes), it is true. If it isn't true under other platforms, then it may help to manage a list of the files that were loaded (e.g. in win32/dso.c), and before loading a shared object, to search for it there, and if it is there, return the original handle rather than re-loading it. I thing that double load of a shared object may cause crashes and other strange behaviors. If you can check the functionality of double call to apr_dso_load() under win32, DSO_USE_SHL platforms, etc., then please check it. You may use something like the following program: #include dlfcn.h main() { printf(%d\n, dlopen(/lib/libz.so.1, RTLD_NOW|RTLD_GLOBAL)); printf(%d\n, dlopen(/lib/libz.so.1, RTLD_NOW|RTLD_GLOBAL)); } Of course, you should put a shared object that you have in your system, and replace the dlopen by the appropriate function (e.g. shl_load). If there is an environment where the returned values are different, then this platform needs the patch I mentioned above. And if the conclusion is that such a patch is needed, then I'm willing to do it. -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: mod_rewrite improved?
Cliff Woolley wrote: ... So mod_include already does this, mod_rewrite should as well. Right now mod_rewrite does a big if/elseif/elseif/.../ set of strcmps. If it just did a hash table lookup instead, we'd be set! And of course, the best is to use it also for user defined functions as an alternative for external programs for rewrite_map. Exactly as you wrote - fabolous! -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: Roll of 2.0.36, WAS: RE: cvs commit: httpd-2.0/server/mpm/worker worker.c
Sander Striker wrote: I was going to roll 2.0.36, but I want to wait for this last worker change. Unfortunately I don't have the time to pursue the issue now, so if someone does, please feel free to take care of this annoying beast. BTW: Is there any problem with the CVS version of mod_cache? Accroding to the latest nightly build log of Chuck: Making in httpd-2.0-nightly In file included from mod_cache.c:61: mod_cache.h:213: syntax error before `apr_atomic_t' In file included from cache_storage.c:61: mod_cache.h:213: syntax error before `apr_atomic_t' In file included from cache_util.c:61: mod_cache.h:213: syntax error before `apr_atomic_t' -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: mod_auth_digest
Mohamed Aly wrote: i want to install apache with digest authentication so i enabled mod_auth_digest but i dont have /dev/random or /dev/urandom on my solaris machine and i even dont know what are they so from where can i get truerand library i think its the third option for compiling with mod_auth_digest .and what i need if i want to install apache with the diegest enabled on NT system ? Thanx alot for help A compressed tar is attached. I used it under Solaris, and it worked great. BTW: Is your name real? Or only a nick? (well, maybe a nick for Casius Clay... ;-) -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel truerand.tar.gz Description: Binary data
Re: mod_auth_digest
Justin Erenkrantz wrote: A better solution is to setup prngd. Once you've set prngd up, you can use --with-egd to point at its socket location. That is a much better solution than truerand. -- justin Agreed. However, the guy asked for truerand, so I supplied it... -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: Help Needed on Load Balancing using Apache Web server.
Read the following documents: http://httpd.apache.org/docs-2.0/misc/rewriteguide.html (written by the fabolous Ralf S. Engelschall) http://www.LinuxVirtualServer.org/ Note: I don't know of a way to decide redirections/rewritings according to cookies, so if there is really no existing way, you will have to code it in Apache source. -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: Help Needed on Load Balancing using Apache Web server.
P.S. I just now noticed that you mentioned also POST requests. Combinations of POST and rewritings/redirections have been always a mine field. You may even find that your plan is impossible (I don't have the exact details of your plan, so I can't be sure). -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Webmin
From the daily digest posting of freshmeat, I learned that a new version of Webmin (0.960) was released (contrary to most of the open source configuration GUI's, this one is webby, which may be important for some people). After downloading it, I saw that finally Apache 2.0 is supported. So anybody who has waited for this event before either adopting Webmin OR migrating to Apache 2.0, there is no excuse anymore... I hope that other projects that still don't support 2.0 (mod_perl, FastCGI, etc.) will do it soon. -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: Webmin
Daniel Lopez wrote: Comanche works fine with Apache 2.0 as well. mod_perl has supported 2.0 for as long as I can remember, in fact it was the first major module to do so and take advantage of the new threading capabilities. As far as I know, Comanche is not webby (i.e. web interface), but tcl/tk. As to mod_perl - I apologize if I was wrong (was I?). In general, I think it will be useful to map the status of migration of Apache add-ons and modules to 2.0 (including proprietary like FP). From the daily digest posting of freshmeat, I learned that a new version of Webmin (0.960) was released (contrary to most of the open source configuration GUI's, this one is webby, which may be important for some people). After downloading it, I saw that finally Apache 2.0 is supported. So anybody who has waited for this event before either adopting Webmin OR migrating to Apache 2.0, there is no excuse anymore... I hope that other projects that still don't support 2.0 (mod_perl, FastCGI, etc.) will do it soon. -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Apache 2.0.* and SSL
Hi mod_ssl users, As most of you probably know, the development efforts of Apache 2 are going to result in a product, soon. The current betas are already stable, mature, fast, portable than ever, strong, and support many features that we have dreamed about for years, like filtering (I mention this feature, and not zillion others, because it is important specifically for SSL). Yes, it's true that some of us didn't like various things, and that the development process was not optimal and took too much time. But this effort comes (finally...) to a successful end, and I believe that everybody who uses SSL (including myself...) should do the migration. Contrary to past versions, this one is a dramatic change in the integration of SSL. No more patches, no more re-compilations with -DEAPI, no more 3rd party modules which cause Apache to crash because these modules were not compiled using this flag, no more specific versions of mod_ssl per each version of Apache, no more repeating merges of the patches of mod_ssl. Now, thanks to the filtering feature, mod_ssl is separate, and doesn't depend on modifications in the core of Apache. Thanks to the White House, mod_ssl is not a national secret that can't be distributed, anymore. Thanks to the USPTO, mod_ssl doesn't depend on a protected patent anymore (it expired. RSA even gave up 2 weeks). And thanks to ASF, mod_ssl is a standard part of Apache. Any Apache that will be distributed in the future, will include SSL support (at least optionally), that can be enabled externally by installing OpenSSL and adding some directives to the httpd.conf. Ben did a great job by creating apache_ssl. Ralf did a great job too, by improving it, and his impressive efforts and skills that were invested in developing and maintaining mod_ssl. We all owe a great thank to Ralf for other Open Source projects that he does, or joins. Now it's time to make the next step, and migrate to Apache 2.0. It still requires some work and testing. It can happen if we all join this effort. I am not a member of ASF, but I'm convinced that everybody will accept you happily. -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: Patch: PR#7063
Marc Slemko wrote: Isn't this a matter of IE incorrectly implementing the spec? I'm not sure that this is the famous incompatibility between IE and Apache. But I'm not sure it isn't, too. In any case, something in the current code looks strange, and doesn't make sense. Are you sure that the ifdefed code implements the RFC? Will making this change break browsers that do properly implement it? It is not obvious if or how we should attempt to cope with IE's brokenness, so it is not something that can just be blindly applied. Blindly ignoring the query string on a request can have security implications as well that need to be understood. I don't see any security problem with it. I suggest to consider Ian's suggestion: should we implement this kind of thing by way of a 'browsermatch ...' so that we could live in the best of both worlds? or is this still a security issue for IE users? (last quotation is from Ian) -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Patch: PR#7063
HTTP GET requests with parameters (? and something after it) don't work with mod_auth_digest of Apache 2.0 (I'm using CVS snapshot httpd-2.0_2002032321.tar.gz). It seems that the cause is PR#7063. With basic auth, everything works flawlessly, and the only problem is with digest. From looking at the source, it seems simple to resolve (please commit it): - --- modules/aaa/mod_auth_digest.bugMon Mar 25 06:37:39 2002 +++ modules/aaa/mod_auth_digest.c Mon Mar 25 06:38:19 2002 @@ -1771,10 +1771,12 @@ /* or '*' matches empty path in scheme://host */ !(d_uri.path !r_uri.path resp-psd_request_uri-hostname d_uri.path[0] == '*' d_uri.path[1] == '\0')) +#ifdef BUGGY_DIGEST /* check that query matches */ || (d_uri.query != r_uri.query (!d_uri.query || !r_uri.query || strcmp(d_uri.query, r_uri.query))) +#endif ) { ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, Digest: uri mismatch - %s does not match - Thanks, -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: Patch: PR#7063
Amaury Jacquot wrote: Quoting Eli Marmor [EMAIL PROTECTED]: HTTP GET requests with parameters (? and something after it) don't work with mod_auth_digest of Apache 2.0 (I'm using CVS snapshot httpd-2.0_2002032321.tar.gz). Note: I had the same problem in the 1.3 branch (patched and it worked) I had sent this same patche for it some time ago, but nobody noted It seems that the cause is PR#7063. With basic auth, everything works flawlessly, and the only problem is with digest. From looking at the source, it seems simple to resolve (please commit it): - --- modules/aaa/mod_auth_digest.bugMon Mar 25 06:37:39 2002 +++ modules/aaa/mod_auth_digest.c Mon Mar 25 06:38:19 2002 @@ -1771,10 +1771,12 @@ And a yet another note: It is not a bug that sometime causes problems; It is a bug that causes mod_auth_digest to fail ALWAYS (when there are parameters, of course). So it looks important for me to commit this patch. Especially when there is no need to dig into the source, find the problem, fix it, and test it, but everything is ready and you just have to commit. -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: Minor(?) style questions
Greg Stein wrote: On Mon, Mar 11, 2002 at 11:55:07AM +0100, Sander Striker wrote: 1) Can we decide on a standard style when it comes to using ++ or --? Example: lines++; vs. ++lines; I prefer the latter. The first thing your eye sees is the increment, then the variable. The *operation* is first, which is the most important. I'm very bad in styling, but I absolutely agree. ++something is simpler: 1. Increment something. 2. Use the result (in case it is a part of a bigger expression). While something++ is more complicated: 1. Keep the original value of something. 2. Increment something. 3. Use the original value, which was kept by rule #1 (in case it is a part of a bigger expression). Although under most hardware architectures, both expressions are compiled into the same number of instructions (even in case it is a part of a bigger expression), ++something should be the default, unless you specifically need something++. But again: I'm bad in styling, so this is only my humble opinion... And the whole issue is really minor... -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: Minor(?) style questions
Sander Striker wrote: 1) Can we decide on a standard style when it comes to using ++ or --? Example: lines++; vs. ++lines; I prefer the latter. The first thing your eye sees is the increment, then the variable. The *operation* is first, which is the most important. I'm very bad in styling, but I absolutely agree. Consider: lines += 1; Which is the same as: lines++; Personally I am slowed down when I see this: ++lines; Because I am used to seeing the op _after_ the variable. lines++ is NOT the replacement of lines += 1, but of (lines+=1)-1 Only ++lines is the replacement of lines += 1. For example, if you have to increment lines and after that insert 2 times of it into result, and you MUST do it in one instruction, then result = 2 * (lines += 1) can't be replaced by result = 2 * lines++ but only by result = 2 * ++lines. It's not styling; It's a totally different thing. What you are USED to see, is your own taste, but in this case, even the meaning is different. But again, the whole issue is minor... -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: mod_proxy Cache-Control: no-cache=directive support Apache 1.3
Let me try to contribute my $0.02 to the discussion: [Like Graham, I prefer to ignore the word 1.3 in the subject line...] Originally, there was a need to INTEGRATE two modules in order to enjoy the features of both. Later, thanks to the filtering infrastructure, it is possible to do without a real merge. You still need to change some things in the original module (and of course, to port the additional module to be a filter rather than a simple module), but the two modules/filters can live together, side by side. Then, integration with mod_proxy still needed, because the connection of mod_proxy with the backend server was still done directly, and not through the filtering infrastructure. Now, that this issue is being resolved too, it's the time to try to add features to mod_proxy WITHOUT modifying it (well, you still need some minor fixes in mod_proxy. For example, if it removes a header, no filter can do anything about it...). Trying to add so many features to mod_proxy, may meet the objection of members here, who want a simple and stable mod_proxy, and may fear that all of these additions may make mod_proxy a monster (even if it's not true). I think that the right way to advance this idea (to integrate both modules), is to make mod_accel a filter. I don't have any experience with mod_accel, so I can't promise that it's possible; However, in the worst case, we can add filters to both sides (between the client and the proxy, and between the proxy and the backend), plus some minor fixes to mod_proxy, the sky is the limit... Of course, you have to deal with many filtering chains, even 4 (2 types - input/output, in 2 sides - between the proxy and the client, and between the proxy and the backend), and even more (when headers can't be manipulated in the same filter as the input/output one). I, for myself, am going to play with adding filters to the sessions between the proxy and the backend; I think that some cool things can be done using it. -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: xml module docs
P.S. [please don't flame - just a crazy idea that may improve the procedure of parsing configuration directives] The next step, may be to start (incrementally) to port modules to a new model - where these XML files are used for the first phase of reading directives (mainly their parsing). Of course, the semantics and logics of applying the config directives (after reading and parsing them), will remain the same as today. Since a backword compatibility will be kept temporarily, this step will not be painful. This is like ap_set_..._slot: You can always use the less automatic way, and define your own function. -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: [PATCH] mod_deflate
Igor Sysoev wrote: On Sat, 16 Feb 2002, Zvi Har'El wrote: ... In my mod_deflate module (for Apache 1.3.x) I'd enabled by default text/html only. You can add or remove another type with DeflateTypes directive. Here are some recomendations: application/x-javascript NN4 does not understand it compressed. text/css the same. text/plain Macromedia FlashPlayer 4.x-5.x does not understand it compressed when get it with loadVariables() function via browser. text/xml Macromedia FlashPlayer 5.x does not understand it compressed when get it with XML.load() function via browser. application/x-shockwave-flash FlashPlayer plugin for NN4 for Windows does not understand it compressed. Although plugin for Linux NN4 work correctly. text/rtf MSIE 4.x-6.x understand correctly them application/msword when compressed. NN and Opera does not. application/vnd.ms-excel application/vnd.ms-powerpoint I want to add that these issues (what to compress and what to leave as- is), were discussed very deeply and heavilly in the mod_gzip list. If we don't adopt mod_gzip but develop our own mod_deflate (both are good, by the way), we should at least use the long experience that mod_gzip has had. After being used in so many installations, and even being included in leading Linux distros, there is almost no combination of format/browser that has not been tested yet. Your research, Igor, is very helpful (and Zvi's as well), but we can base more default definitions on the defaults (or conclusions) of mod_gzip. The list of default definitions may become quite long, but putting it inside an IfModule section, which separates it from the other parts of httpd.conf, may help. I believe that the improvement in bandwidth, deserves the price in size of httpd.conf. Just my 2C... -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: 2.0.32 as GA candidate? Re: [PROPOSAL] 2.0.32 beta announcement
Ryan Bloom wrote: I have a pretty major concern about releasing .32 as a GA product. We haven't had a whole lot of beta's. I would really like to get this beta into a lot of people's hands, and hopefully get our next release to be a GA release. I think that the best way to do this, is to send a message to [EMAIL PROTECTED] when we release .32. The message to krow should suggest that we believe that we are close to a GA product, but that we want to get this beta into as many hands as possible. Krow is the guy who posts Apache news to Slashdot. If he mentions that in the /. post, a lot of should download and test, and we can feel more confidant about the quality of this release. Being slashdotted, will be also a good heavy-load test for daedalus, which runs 2.0.32... ;-) -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: Interesting Apache 2.0 project...
Martin Kraemer wrote: On Tue, Feb 12, 2002 at 02:25:40PM -0500, Bill Stoddard wrote: ... Indeed -- but then it's no longer CGI (different interface), so you lose all the CGI applications. There has already been fcgi (in an attempt at providing almost source level compatibility, and winning speed by recycling processes instead of forking all the while). By the way: The main problem of Apache 2.0 (IMHO) is not stability (which is already higher than competing products), or performance (although it still keeps improving), or portability (which is excellent), or security (well, comparing to IIS...); The main problem is that most of the complementing tools, such as the fcgi you mentioned (FastCGI), or the Apache's WBM of Webmin, or the various building/packaging tools (e.g. Apacompile), etc., are not yet working with Apache 2.0, but only with 1.3.*. This is, from my impression, the main reason that stops people to move to Apache 2.0. -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: A question for the protocol gurus...
Graham Leggett wrote: On the proxy list there is talk of support for transparent-proxy behaviour, and the question has come up what about HTTP/0.9?. Am I correct in saying it is not possible to find the destination server if the protocol is v0.9 or v1.0, and there is no host header, and there is no complete URL in the request (ie http://server.name/blah instead of just /blah)? Or is there some trick to do this? Let me add one more important detail: It is assumed that the packets were manipulated by a DNAT engine (such as iptables) to reach the proxy on this host, rather than just passing this host on their way to the original hosts. So I don't think it is possible to look at the destination IP address (unless the original one is kept somewhere else in the packets...) -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: API for runtime httpd config ?
ilker ARABACI wrote: Is there any API used or on progress to get httpd global and configuration values on runtime, (not an httpd.conf file parser), something and more detailed like info module does, And also it would be more helpful to manuplate what will httpd act as without restarting nor reloading, to keep the active (unrelated to changes) sessions and connections up. Your questions raised a serious drawback of Apache: on-the-fly administration/configuration. In my humble opinion, it's even the main drawback of Apache (and the only thing that stands between Apache and perfection). Historically, any module parses its directives. There are some public functions, but they are too basic, and each module decides what is valid and what is not, how to translate each string, and even where to store it. Some directives even use a raw parsing - i.e. no rules regarding how many flags the directive should have. Modules may even ignore directives. Asking Apache to re-read its configuration is problematic too; Even the primitive way, of killing it, is impossible, because a non-root user can't kill a root user, even if it is its parent. Also, there is no mechanism for transferring messages from the children to the parent initiated by the children, but only vice versa (e.g. scoreboard). There are some creative alternatives, like exiting with codes that the parent will understand as requests to do specific things (like stop/ restart/graceful), but this method is too tricky, doesn't work in 100% of the cases and the platforms, limited (you can't pass more details), and has a lot of other problems. These problems makes the mission of developing a GUI for Apache almost impossible, and the results - although should be admired considering the tight constraints - are very disappointing. Some solutions for both problems were discussed in the past. A *MAJOR* change in the format of httpd.conf and its handling could help. For example, migrating to XML, and replacing the conf structures by structures with offsets to the member in another structure where the module stores its attributes, plus functions for validation/conversion /reverse-conversion for each type, could resolve almost everything. It helped X (although the syntax was a little different - not XML), and there is no reason why Apache should differ. Of course, adding a pre-processor which will convert XML syntax to the current syntax, doesn't solve anything... Unfortunately, Apache is the most popular web server, and millions sites are already powered by it. It means that millions configuration files will not be compatible with the new syntax. In addition, there are hundreds of modules, and all of them will not be compatible with the new syntax and C structures, unless ported to them. This is why the revolution will never happen, so your questions will remain unanswerred forever. Note: We are trying to add functions to meet your second need - apr_stop(), apr_restart(), apr_graceful(). When one of these functions is called by the parent, it will stop/restart/graceful itself. When it is called by a child, it will inform the parent in a special pipe that will be listened by the parent. Once the parent receives anything in this pipe, it will decode it, and call anything needed. If it works perfectly with all the MPMs, we will probably contribute it. -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Documenting the Internals
Hi, A new employee of us researches the internals of Apache2 (issues like MPM, POD, some APR stuff, specific MPMs like prefork and NT, etc.). He decided to document everything he learns. Before he spends time, I'd like to know: 1. Are there already documents about these issues? 2. If there is no documentation yet, and he writes his own, is there any need from the public for such documentation? (note: our English is BAD...). -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: httpd.conf Qs
Dale Ghent wrote: Hey, I have two questions here: 1) I'm working on making sure that directives in the Apache 1.3.x httpd.conf are sync'd to the 2.0 httpd.conf. Can anyone confirm a need for this? If so, I'll send a patch that does this. httpd.conf of 2.0 is not backward compatible with 1.3; For example, Port is not there anymore. The best way to learn the differences, is to look at the following Covalent's script: http://apache.covalent.net/tools/downloads/convconf.pl -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: Duplicating POST data between modules?
Robert Mooney wrote: Is there any way to peek at client data from a module? I.e. read without removing it? Specifically, I want my module to be able to read any POST data, and allow mod_cgi to process normally. Using the sample code below, mod_cgi does not read any input from STDIN. ... I was under the impression REQUEST_CHUNK_PASS did what I was looking for, but this is not the case. mod_cgi can read the POST data until I call ap_get_ client_block(), after which... nothing. I'm using Apache 1.3.22. That's the problem; Move to 2.0.28, and use Input Filters. -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: Help writing a filter
Dwayne Miller wrote: Where would I find examples and docs for writing a filter that could... Read Ryan's series: === http://www.onlamp.com/pub/a/apache/2001/08/23/apache_2.html http://www.onlamp.com/pub/a/apache/2001/09/13/apache_2.html http://www.onlamp.com/pub/a/apache/2001/09/20/apache_2.html There are attached samples: === http://www.onlamp.com/apache/2001/09/13/examples/mod_swap.c http://www.ntrnet.net/~rbb/mod_apachecon.c (the last one can't be followed from the link in the article; There is a broken link at onLamp, so you must use the URL I gave here) A reference about filters (!): == http://groups.yahoo.com/group/new-httpd/message/26052 Also, try to dig in http://httpd.apache.org/docs-2.0/developer/ And, the BEST resourse for filters, is... ...you guessed! The sources, of course! -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: CL for Proxy Requests
Chuck Murcko wrote: Also if the proxy is dechunking on its client side there will be no CL to send... This is obvious. But this is already included in the rule: there is no C-L when a filter that may change the size of the response is onvolved; After all, chunking is only a particular case of a filter... I think that we should supply a way (for a programmer) to tell Apache that a specific filter doesn't change the size of a response. Or doesn't change the size of specific reponses (using the contexts of the conf, such as DIRECTORY, etc.). Or the hack that Ryan mentioned. Because while browsers must support responses without C-L, they depend on it for some purposes (e.g. the % of download of a file). Especially in proxies, where the backend site is not aware that the C-L is removed by a proxy in the middle. -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
CL for Proxy Requests
Content-Length is not passed through proxy requests, when Apache 2.0 is used as the proxy. Is it a bug? Feature? Limitation? Or is it just me? My configuration? Many clients depend on this data, for example audio/video players, so it is quite bad to lack CL. Is there any way to tell the API that the filters don't change the response size so the original CL can be used? -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: cvs commit: httpd-2.0 STATUS
William A. Rowe, Jr. wrote: +* revamp the input filter syntax to provide for ordering of + filters created with the Set{Input|Output}Filter and the + Add{Input|Output}Filter directives. At minimum, some sort + of insert first v.s. append to end or 'relative to x' is + probably needed. What if... we were to make the syntax be filtername[{+|-}{0..10}]? Such that -10 (CONTENT-10 == 0) was closest to the handler, and +10 (CONTENT+10, HTTP) was closest to the network? Charset transliteration to a common denominator (e.g. utf-8) might happen at +9, while SSI scripts might operate at -9. Just a thought. Dunno if it makes any sense, but it would offer some level of control. As Bill (and the original sender) wrote, there is a clear need for such a mechanism, but the suggested ways don't meet it perfectly. Another way, a little similar to what other systems do (like X Windows in the case of layout wars between widgets in the same container), is to provide a new hook/callback. After a filter registered this callback, any filter which will register itself with the same AP_FTYPE, will trigger this callback, and then the callback can switch the order of these two filters, according to its preferences and logic. It's more complex, but clean, doesn't require hacks like [+-][1-9], and fully backward compatible (because it doesn't have any effect as long as the registration function is not used). Just a thought, too... In any case, even if you choose what Bill wrote, please avoid using both + and -. One of the is enough to generate any needed value, while a simultaneous usage of both may cause lower AP_FTYPE filters to be registered higher than higher AP_FTYPE filters and vice versa. P.S. [off-topic] Is there any documentation about SCOREBOARD? I want to exploit it not for mod_status, but for another purpose (triggering a function in the parent from a child), and it is almost impossible to understand the API from the sources. Or is there another suggestion how to do what I want? Thanks, -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: Another filter question
William A. Rowe, Jr. wrote: And 3. the impact of SetInput|OutputFilter and AddInput|OutputFilter on ordering, by virtue of their presense in different Location , Directory or Files containers. +1 ;-) -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: Another filter question
By the way: I didn't find anywhere in the docs, any documentation about the internal ordering (i.e. between different filters with the same AP_FTYPE). -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: [PATCH] Add mod_gz to httpd-2.0
Justin Erenkrantz wrote: mod_gzip implements the gzip algorithm. It also happens to be a 300k source file (~11,000 lines). mod_gz is a 14k file and is 446 lines and relies on zlib. Knowing the people on this list I will bet that the size of the file went a long way for us not accepting Remote Communications's version in the core distribution. My cause for not accepting mod_gzip would be that implementing the gzip algorithm is better left to someone else - like the guy who wrote gzip. I mean no offense to Remote Communications as I'm sure their implementation is sound. If I recall correctly, this "guy who wrote gzip" (or - to be precise - one of the two guys who wrote it) is working with Remote Communications. If it's true, it means that he feels OK with their implementation (maybe it's similar?). Having one less library to depend on, is an advantage and not a disadvantage, even if it requires mod_gzip to be 300K (I believe that the 2.0 version will be smaller, thanks to the I/O filtering). Maybe we should simply ask him; His name is Mark Adler, more details at: http://www.alumni.caltech.edu/~madler/ Note: I don't know mod_gz but only mod_gzip. -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel