be overshadowed by the log write itself.
Rick Houser
Web Engineer
> -Original Message-
> From: Stefan Eissing
> Sent: Thursday, September 20, 2018 09:57
> To: dev@httpd.apache.org
> Subject: Re: minor nit in mod_ssl
>
> EXTERNAL EMAIL
>
>
> > Am 20.09.2018
: Re: minor nit in mod_ssl
>
> EXTERNAL EMAIL
>
>
>
> > Am 19.09.2018 um 17:17 schrieb William A Rowe Jr clan.net>:
> >
> > On Wed, Sep 19, 2018 at 6:39 AM Stefan Eissing
> wrote:
> >
> > > Am 18.09.2018 um 15:44 schrieb Houser, Rick
> :
> Envision a TCP load balancer routing TLS-crypted traffic across a number
> of internal hosts, with each of the named virtual hosts presenting the correct
> certificate, and known to httpd by their ServerAlias on the outer-facing
> interface.
> Not terminated at the edge balancer.
We are using
In the same vein, I’ve been running this patch on our builds to get around a
warning for certificates not matching the hostname. Certificates are not
expected to match the hostname with many load balancing/uptime detection
schemes, and this one logs a LOT when it trips on every vhost. Perhaps
> I may be an odd-ball that I want to manage this kind of a setup but I
> think that if you can build one application, you can build more. They
> happily live separated into /usr/local on RHEL7...
Can, does not necessarily imply should.
From an end-user perspective, the less work I need to do
> "2:20:33.1h" is 140 minutes, 33 seconds and 100ms.
This one seems very backwards to me, as leading zeros could change the meaning.
Ex. 0:1:15h vs 1:15h. If allowing combination units like that (personally, it
seems overkill), I think it would be much safer to require an explicit
I agree with a lot of what Daniel says, and I'm in a similar role with
maintaining my organization's httpd RPM packages.
However, I don't look at this suggestion so much as a replacement, but rather
an additional option end users can use if they aren't up to the challenge of
using sources, but
Personally, I'd rather have XML, but it may make sense to support multiple
machine readable formats down the line. As such, using a new parameter for
every possibility gets messy. If this gets implemented as a get parameter, how
about making one parameter with multiple potential values down
Forward doesn’t mean dynamic, however, and using one particular solution like
that is misleading, IMO. Using “forward-dns” makes more sense to me.
That said, how would you intend to handle multiple A records for the same name:
look them all up and store in a table, or support only one A record
I think this just needs clarification in the documentation, but I'd appreciate
a confirmation that I undertstand this all before I create a bug and attach a
patch.
I'm running a series of web servers fronting a bunch of backend appservers.
Many of those are accessed via mod_proxy in some
An async mod_proxy backend would be huge for my workloads. In the JEE space I
deal with, much more time is spent waiting on the application backends then
with the clients, especially now that we have the event mpm. Something like
this would allow me to drastically reduce thread counts and
wishlist
>
> Thx! assuming slow backends, how would you like httpd to
> handle it: should it just slurp in the data from the backend
> and buffer it and send it to the client all in one go? Should
> it instead forward data as soon as it gets it?
> > On Dec 3, 2015, at 12:36
; To: Apache HTTP Server Development List <dev@httpd.apache.org>
> Subject: Re: reverse proxy wishlist
>
> On Thu, Dec 3, 2015 at 12:36 PM, Houser, Rick <rick.hou...@jackson.com>
> wrote:
> > An async mod_proxy backend would be huge for my workloads. In the JE
Some time back, I turned on HSTS for our sites with something like this:
Header always set Strict-Transport-Security max-age=###
As near as I could tell, everything was working correctly (2.4.12 presently -
will be on 2.4.16 shortly). However, one of our development teams recently
added a
Mageia:
Mageia 3 released with Apahe 2.4 in April 2013
Apache 2.2 (via Mageia 2) reached EOL in November 2013
It's a bit heavy, but perhaps use PhantomJS as a non-default test?
Rick Houser
Web Administration
(517)367-3516
-Original Message-
From: Jim Jagielski [mailto:j...@jagunet.com]
Sent: Thursday, July 17, 2014 5:30 PM
To: dev@httpd.apache.org
Subject: Re: Question about async
That would be at least half my fault for responding off-list... Here it is:
Thanks -- I went with ^
Shouldn't have much worry about responding to dev@
On Tue, Jul 15, 2014 at 9:42 AM, Houser, Rick rick.hou...@us.pgds.com wrote:
New to this list, so responding
We have an external load balancer handling client-facing SSL sessions, and
Apache httpd uses a single x509 cert for receiving traffic from those load
balancers. As such, the Host field in the received content does not match the
CN in the certificate the load balancers see when contacting
This is a known issue in IBM's 2.0.47 port of Apache (IHS), which was
fixed in a later upstream version (possibly by the 2.2.8 port, but I
really can't say for sure). It would take a lot of digging for me to
locate the specific version, so I'm going to pass on that one. At least
in my case, this
However, I would suggest that connections are better dropped at
IP-level (by firewall rules/iptables) or by using
I agree for blocking access, however a module that was to add something
like a per-IP connection-rate or simultaneous connection limit could be
a nice gem for the toolbox, too :).
There's a hook for processing your configuration and making any changes
(offhand, post-config?). If any of this is done on a file or directory
level, you can do that in your configuration merge callbacks. I have to
do something similar where a forwarding capability might be enabled, but
the
I don't understand why standard mod_deflate functionality won't work.
If you violate the specs and muck with content-length, it's not going to
work right in a browser, anyhow.
Thanks,
Rick Houser
Auto-Owners Insurance
Systems Support
(517)703-2580
-Original Message-
From: Anthony J.
I'm not familiar with the CDN acronym. I could be mistaken, but I'm
fairly certain that HTTP 1.1 required support for chunked transfer
(which implies Content-Length would NOT be required for anything HTTP
1.1 compliant). Additionally, I thought the content-length referenced
the contents of the
You realize that you could trivially handle most related issues without
changing Apache at all just by prioritizing your backend work, right?
For example, put your higher priority work in a faster server process
than the low priority work.
If your applications are written according to best
I'm newbie in APR ... the same in mod_rewrite with flag [P].
If the mod_rewrite does what you need, you should use that rather than
re-writing an alternate version on your own.
Thanks,
Rick Houser
Auto-Owners Insurance
Systems Support
(517)703-2580
-Original Message-
From: ricardo13
I'm facing a situation where we may be required to handle multi-megabyte
POST submissions from dial-up users. We want to avoid tying up the
backend servers for long periods of time if possible. Does anyone know
of either built-in support for pre-buffering complete POST request
bodies (i.e. avoid
@httpd.apache.org
Cc: modules-dev@httpd.apache.org
Subject: Re: POST Body Buffer?
Are your multi-megabyte submissions going to use multipart/form-data
encoding? If so, ModSecurity does exactly what you need when you enable
request body buffering.
Ivan
On 19 Jun 2009, at 21:01, Houser, Rick
Not entirely. You could also either use a wildcard certificate
(although IE doesn't support dots in the wildcard portion) or
exclusively support the vhosts on modern browsers running TLS.
Thanks,
Rick Houser
Auto-Owners Insurance
Systems Support
(517)703-2580
: Houser, Rick [mailto:houser.r...@aoins.com]
Sent: Wednesday, April 22, 2009 1:49 PM
To: modules-dev@httpd.apache.org
Subject: RE: Location of Apache Modules
Folks I've talked to just don't try to get htaccess to work with
ajax
for the most part. They rely on php security.
That's
Folks I've talked to just don't try to get htaccess to work with ajax for the
most part. They rely on php security.
That's probably because on the backend, they still need to handle
authorization. Unless all users to your backend should have equal access to
all associated data, you're
Is there a reason you can't just change your rewrite rule to a [R=301]?
Thanks,
Rick Houser
Auto-Owners Insurance
Systems Support
(517)703-2580
-Original Message-
From: Anthony J. Biacco [mailto:abia...@formatdynamics.com]
Sent: Thursday, March 19, 2009 4:53 PM
To:
Sounds like a badly broken application to me. If the data is truly
cacheable, the application shouldn't be taking explicit steps to try to
prevent just that. Depending on what the backend system is, you might
be better off using some kind of a filter to just remove that killCache
parameter in
Is this the only child process, or do you have 3+?
Thanks,
Rick Houser
Auto-Owners Insurance
Systems Support
(517)703-2580
-Original Message-
From: Anthony J. Biacco [mailto:abia...@formatdynamics.com]
Sent: Friday, February 20, 2009 6:12 PM
To: us...@httpd.apache.org
Cc:
, Inc.
303-573-1800x27
abia...@formatdynamics.com
http://www.formatdynamics.com
-Original Message-
From: Houser, Rick [mailto:houser.r...@aoins.com]
Sent: Tuesday, February 10, 2009 2:24 PM
To: modules-dev@httpd.apache.org
Subject: RE: cache POST requests
Is this a little clearer? Notice
, IT Operations
Format Dynamics, Inc.
303-573-1800x27
abia...@formatdynamics.com
http://www.formatdynamics.com
-Original Message-
From: Houser, Rick [mailto:houser.r...@aoins.com]
Sent: Tuesday, February 10, 2009 2:24 PM
To: modules-...@httpd.apache.org
Subject: RE: cache POST requests
then maybe the limit
wouldn't be affected a redirect? That gets a little off-topic.
Thanx,
-Tony
---
Manager, IT Operations
Format Dynamics, Inc.
303-573-1800x27
abia...@formatdynamics.com
http://www.formatdynamics.com
-Original Message-
From: Houser, Rick
You really shouldn't be trying to cache responses to post requests.
Completely from memory, but the HTTP spec says not to cache post
responses. The URI is the base key to any caching implementations (with
the addition of a select few vary headers, etc.), and your post data
really doesn't factor
...@formatdynamics.com
http://www.formatdynamics.com
-Original Message-
From: Houser, Rick [mailto:houser.r...@aoins.com]
Sent: Tuesday, February 10, 2009 11:37 AM
To: modules-...@httpd.apache.org; us...@httpd.apache.org
Subject: RE: cache POST requests
You really shouldn't be trying
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sam
Carleton
Sent: Monday, November 24, 2008 11:23 AM
To: modules-dev@httpd.apache.org
Subject: Re: Setting a handler within a configuration directive
On Mon, Nov 24, 2008 at 10:52 AM, Houser, Rick [EMAIL
part #2 sounds more like the kind of a task you would want to use at
least an external process, if not a separate physical machine for.
Basically, you are looking for an intelligent load balancer, correct?
Thanks,
Rick Houser
Auto-Owners Insurance
Systems Support
(517)703-2580
-Original
Given what I learned writing my module, that would certainly work. I
think you'd be hooking check_user_id with the very first call that
happens in that phase. That said, I don't know if there might be a
better way to handle this...
Thanks,
Rick Houser
Auto-Owners Insurance
Systems Support
in
the configuration and if the proprietary module declines non-saf
authentication types. Hopefully you're lucky, I have never tried the
solution I'm proposing.
--
S
On Fri, Oct 3, 2008 at 17:11, Houser, Rick [EMAIL PROTECTED]
wrote:
I'm relatively new to module development, but I have a need to wrap
an existing hook (2.0)
On Fri, Oct 3, 2008 at 11:11 AM, Houser, Rick [EMAIL PROTECTED]
wrote:
I'm relatively new to module development, but I have a need to wrap a
function in a proprietary module (no source) registered via a
check_user_id hook in a proprietary module (mod_auth_saf
I'm relatively new to module development, but I have a need to wrap a
function in a proprietary module (no source) registered via a
check_user_id hook in a proprietary module (mod_auth_saf). Basically, I
need to detect an expired password condition. I've already tried to use
the normal pre/post
44 matches
Mail list logo
