Re: what to expect from fcgid

2014-02-24 Thread Lazy is quite easy to configure, unfortunetly it is abandoned 2014-02-21 17:56 GMT+01:00 Антон Панков Dear All. Please, explain what functionality now in trunk and what plans for mod_fcgid. I miss FastCGIExternalServer feature.

Re: Adding AddHandler support for mod_proxy

2014-02-16 Thread Lazy
2014-02-06 ryo takatsuki Hi, I have an improvement request to suggest but I would like to first provide some background to justify it, I apologise for the long email :). I'm actively using mod_proxy to forward PHP files requests to PHP-FPM. My current approach is to

Re: URL scanning by bots

2013-04-30 Thread Lazy
2013/4/30 Graham Leggett On 30 Apr 2013, at 12:03 PM, André Warnier wrote: The only cost would a relatively small change to the Apache webservers, which is what my suggestion consists of : adding a variable delay (say between 100 ms and 2000 ms) to any

Re: [patch] Fix cross-user symlink race condition vulnerability

2012-11-04 Thread Lazy
2012/10/31 Eric Jacobs On 10/31/2012 06:00 AM, Eric Covener wrote: In general that is the proper form -- but this particular issue is documented as a limitation: Omitting this option should not be considered a security restriction, since symlink testing is subject to

Re: Re: Re: Re: mod_fcgid concurrency bottleneck, issue#53693

2012-08-28 Thread Lazy
. Is it necessary to call procmgr_init_spawn_cmd() from inside the for loop ? I took a brief look, it seems not necessary. I will move it out of loop and test. 2012-08-28 pqf 发件人:Lazy 发送时间:2012-08-27 21:47 主题:Re: Re: Re: mod_fcgid

Re: Re: Re: mod_fcgid concurrency bottleneck, issue#53693

2012-08-27 Thread Lazy
procmgr_init_spawn_cmd() from inside the for loop ? 2012-08-16 pqf 发件人:Lazy 发送时间:2012-08-16 16:47 主题:Re: Re: mod_fcgid concurrency bottleneck, issue#53693 收件人 抄送: 2012/8/16 pqf Hi, Michal

Re: Re: mod_fcgid concurrency bottleneck, issue#53693

2012-08-16 Thread Lazy
2012/8/16 pqf Hi, Michal My solution do add availability to each class, which is the procmgr_post_spawn_cmd() call in each loop do. The sleep() call is intrudused for a stress test without warm up time, in this case, mod_fcgid will create more processes than a slow start

Re: mod_fcgid concurrency bottleneck, issue#53693

2012-08-15 Thread Lazy
2012/8/15 pqf Hi, all I prefer the following solution, can anyone review it? procmgr_post_spawn_cmd() will be blocked until process manager create a new fcgid process, the worst case is someone else take the new created process before I do, and I have to post another spawn

mod_fcgid graceful restarts

2012-04-10 Thread Lazy
Hi All, Currently graceful restart while using mod_fcgid just kill all subprocesses, this is not sefe for applications and slows down reloads. John Lightsey provided a patch to make real graceful restarts on mod_fcgid, now graceful part is separated as requested in the bug report

long timeout on overloaded mod_fcgid

2011-12-29 Thread Lazy
Hi, When some vhost's scripts exhaust all process slots available to it (FcgidMaxProcessesPerClass), next requests are waiting for over 60 seconds before issuing 503 error. I came across this while modifying suexec to use cgroups to provide better resource separation for use in our shared

Re: PATCH mod_fcgid compile fails

2011-10-05 Thread Lazy
2011/10/5 stefan novak Hello! When you want to compile mod_fcgid als build in static module it fails with: modules/fcgid/.libs/libmod_fcgid.a(fcgid_mutex_unix.o): In function `fcgid_mutex_create': fcgid_mutex_unix.c:(.text+0x65): warning: the use of `tmpnam' is

Re: PATCH mod_fcgid compile fails

2011-10-05 Thread Lazy
2011/10/5 stefan novak this is only a warning, are You sure httpd fails to build ? yes, httpd fails to build with this lines :( maybe another compile flag will help, i'm not sure... i ran similar test on my system without problems (only this warning) # ./configure

mod_fcgid gracefull restart with mpm worker

2011-09-26 Thread Lazy
Hi, I think this is related to mpm worker, httpd 2.2.21 and mod_fcgid 3.3.6 Sometimes after graceful restart fcgi processes are left behind. In error log [Sun Sep 25 10:47:25 2011] [notice] SIGUSR1 received. Doing graceful restart [Sun

Re: DoS with mod_deflate range requests

2011-08-23 Thread Lazy
2011/8/23 Stefan Fritsch I haven't looked into it so far. And I am not sure I will have time today. it is sending HEAD requests with lots of ranges HEAD / HTTP/1.1 Host: Range:bytes=0-,5-1,5-2,5-3,. the code in

Apache stuck on sendmsg() and recvmsg()

2011-06-30 Thread Lazy
Hi, I'm trying to fix an issue in a custom mpm. It's called peruser. More or less it's a prefork with pools of processes running on different users. Additional pool of processes called Multiplexers is accepting connections and sending them to workers. Each worker pool has it's own pair of sockets

Re: [RFC] A new hook: invoke_handler and web-application security

2009-04-12 Thread Lazy
__ Lazy

Re: [VOTE] Release Apache HTTP server 2.2.11

2008-12-07 Thread Lazy
2008/12/6 Ruediger Pluem [EMAIL PROTECTED]: Test tarballs for Apache httpd 2.2.11 are available at: builds/runs (default config) on OSX 10.5.5 -- Michal Grzedzicki

AllowOverride Options vs AllowOverride Options= reloaded

2008-05-11 Thread Lazy
Hello to all, in I was told to ask about this issue on [EMAIL PROTECTED] Long talk short (i gues my last mail was to long to be comprehensible ;) In apache 1.3/2.0 there was no selection of whitch options can or can't be set in .htacess

Re: User/group security without CGI (SuEXEC)

2008-05-05 Thread Lazy
2008/5/5 Jille Timmermans [EMAIL PROTECTED]: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello hackers! I was thinking of creating a more secure environment for running webscripts (mod_php in my case), I want to run php scripts as their owner. I tought of the following scheme's:

AllowOverride Options= vs Options issues see bug 44262

2008-05-03 Thread Lazy
see The docs for 2.0 say about AllowOverride Options: ( Options Allow use of the directives controlling specific directory features (Options and XBitHack). and for 2.2