Lese selbst:
http://www.auslaenderstopp.net/aktuell/rente-fur-alle.htm
FYI - on http://www.apache.org/~dirkx/oscon2002 is my talk on apache
modules from Oscon 2002.
Feel free to use/rip it for your own presentations. The presentation and
the two modules are under an ASF license and/or can be donated to the ASF
on request.
Also there is a copy of a 2.0 version of
> note that this situation is a bit different from the others since the
> apache core will pass ALL requirements (limited or not) to every auth
> module. Each individual auth module can make its own decision in this
> case (i.e. there are requirements for some methods and no requirements
> for o
> > -> If we have for example a (Group,..)File but opening it failes
> > then we ignore any 'require group' and DECLINE to other modules.
>
> I don't find those surprising at all; they're what I would expect.
Hmm - but that means that if someone edits the group files, saves it as
ro
> DON'T second-guess them. Since no restrictions have been put in place,
> don't try to apply any. There may be Auth*File and Require directives
> in .htaccess files within the above scope -- you don't know.
Good point - I'll change that in the version I have now.
Dw.
> having different orderings/groupings for different parts of the server.
> But true - My proposal above would be to elminate any dependency on
> module load order and remove all the Authoritative stuff.
Aye - something like
AuthOrder mod_auth_db, mod_auth_cookie, mod_auth
> I have often spoke of having a per directory/location ordering of auth
> handleres. This would allow you to load a bunch of auth handler modules,
> then in a given directory elect which ones are run, and what order they
> run in (and the last one would be assumed authoritatve perhaps).
That w
> I have often spoke of having a per directory/location ordering of auth
> handleres. This would allow you to load a bunch of auth handler modules,
> then in a given directory elect which ones are run, and what order they
> run in (and the last one would be assumed authoritatve perhaps).
Actual
Is there a simple example as how to read 'across' bucket brigades.
I.e. looking at mod_include I do not quite understand what happens if
something matches partially at the last bucked of a brigade - and sits
across the next call to the filter.
Or is there some reason this never happens ?
Dw
-
Pier,
What version of macos 10.1.4 sed do you have ?
-r-xr-xr-x 1 root wheel 31804 Jul 10 02:19 /usr/bin/sed
I just tried on another machine with
-r-xr-xr-x 1 root wheel 31200 Feb 3 03:59 /usr/bin/sed
and that machine seems happier.
Dw
--
Dirk-Willem van Gulik
On Thu, 11 Jul 2002, Rodent of Unusual Size wrote:
> "William A. Rowe, Jr." wrote:
> >
> > But not by default. That would be the exception, not the rule.
> > The idea is to avoid namespace recursion, and unlike CGIs, most
> > folks don't look at PATH_INFO in their SSIs.
>
> This smacks of a 'fa
On Wed, 10 Jul 2002, William A. Rowe, Jr. wrote:
> On Wed, 10 Jul 2002, Pier wrote:
>> ...
> Very cool.
>
> Are you also considering multiple 'user' identities? E.g., If I'm using client
> cert ssl auth [one identity], with basic encryption [a different identity], it
> would be nice to walk the
Opinions - not on what happens to day in 1.3 but what should happen in a
perfect world:
Given a config like this:
AuthTypebasic
AuthNameRestricted area
What should happen ? Allowed in with, or without a password ? What would
users feel as most
On Wed, 10 Jul 2002, Pier Fumagalli wrote:
> Dirk, since you're working on a patch for Auth, would it be possible to have
> the groups list somewhere in the request structure? It would be great with
> web applications, where we can match groups with roles (therefore allowing
> authentication to
On Wed, 10 Jul 2002, Jim Jagielski wrote:
> Have there been any complaints about how 1.3 has been doing it for
None seen here.
> ages? A 'make install; /bin/apachectl start' no matter who does
> the building has "always" resulted in at least a somewhat functional
> server. I don't see the reas
On Wed, 10 Jul 2002, Bill Stoddard wrote:
> > What Theo is after with Monolithic is just the current fad-du-jour;
...
> I had to laugh at the 'fad-du-jour' comment. This is very old hat with the
> IBM OS/390 crowd. They've been doing that since the time the birds and trees
L'Histoire se repete
While doing this patch (and ending up with 3 very small modules); I found
the following legacy behaviour. Any feels as to if we shall kill these
surprizing behaviourisms in 2.0 or stay as close to 1.3 as possibe ?:
-> if there are no requires - but there is Auth happening
we activel
What Theo is after with Monolithic is just the current fad-du-jour;
separation of priv's like recently done in SSH.
Our MPM's are a very cool starting point.
Dw
--
Dirk-Willem van Gulik
> > Ad **: Which of course would need another hook... and run method in
> > apache 3.0.
>
> There is no reason to wait for Apache 3.0 to add a new hook. The whole
> reason for the hook abstraction was to make adding hooks painless for
> module authors.
Well - but this is a rather fundamental AP
On Wed, 10 Jul 2002, Ryan Bloom wrote:
> > user foo" checks. 'require group' can stay in mod_auth or
> > go into a mod_auth_group.
>
> Didn't we decide to take this approach like a year ago?
Hmm - been asleep as usual - if so - I'd love to make that split right
away ! I feel a patch com
Right now there are zillions of 1.3 auth modules around which have a
check_auth() stage which essentially does:
for each require line
do
if require valid-user
return OK
if require user
then
one gets:
/foo/runtime/build/libtool --silent --mode=link cc -o
mod_auth_pam.la -rpath /Users/dirkx/ORA/runtime/modules -module
-avoid-version -I/usr/local/include -L/usr/local/lib mod_auth_pam.lo
-lpam
/foo/runtime/build/libtool: par
In apache 1.3 we had this little trick:
if [ "x`$aux/getuid.sh`" != "x0" -a "x$port" = "x" ]; then
conf_port="8080"
fi
to make the port 8080 when the user is not root - thus to reduce the
number of 'apache wont start' newby errors and be generally convenient for
the masses (and
Right now, as devlopers, we have a whole range of methods of adding in a
module; from hacking it in, copying it into an existing modules/*
directory (e.g. auth, mappers), APXS all the way, down to its own
directory with a little config.m4.
When documenting 'How to add your modules to apache 2.0
On Wed, 3 Jul 2002, Rodent of Unusual Size wrote:
>> Not acked (by me, at least). I can feel their pain..
..
> I am sure I am not the only one with this problem, as there are several
> socket tutorials and such that incorrectly say 'HTTP-1.0'.
Now he has a case - the above is true; I've corre
> > controlled/hosting environment, it is unlikely that their
> > hosts will allow unchecked patches to be applied to the server.
>
> Also, we rather violated the principle of 'be strict in what you
> send, liberal in what you accept.' We suddenly became 'strict in
> what you accept' without war
> 3. What if servers start supporting compressed headers. RFC 1144
The 'header' as refered to by the rfc 1144 is not the HTTP header but the
IP/TCP header.
Or in other words Van Jacobson Compression and other ethernet, IP, TCP
level compression techniques have fundamentally nothing to do with t
On Sun, 30 Jun 2002, Pier Fumagalli wrote:
> Rasmus Lerdorf <[EMAIL PROTECTED]> wrote:
>
> > I assume everyone has seen this?
> >
> > http://dammit.lt/apache-worm/
>
> Me and Fede are running through the decompiled assembly code right now...
> Will let you know what we find out (it looks kinda o
Anyone seen this (stock 2.0.36 compile on stock gcc 2.95.3) ?
/bin/bash /export/home/dirkx/httpd-2.0.36/srclib/apr/libtool --silent
--mode=compile gcc -g -O2 -pthreads -DHAVE_CONFIG_H -DSOLARIS2=8
-D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT -I../../include
-I../../include/arch/solaris_sparc -I
On Mon, 24 Jun 2002, Ben Hyde wrote:
> Some wrote...
> > ...
...
> Roy's patch is simple, safe, and reduces the exposure substantially to a
> known threat. I can't see any reason to defer letting it out;
> particularly now that people have been given a few days to give voice to
> any technical
> I cannot for the life of me get Apache to dump a core file.
..
> the abort doesn't trigger a core file.
What does ulimit give you ? and what does coreadm give you ?
Dw
On Thu, 20 Jun 2002, Jim Jagielski wrote:
> Is whitespace allowed after the value set in Content-Length? eg:
>
>Content-Length: 12344 \r\n
> ^^
We've allways followed the IETF dogma:
Be strict in what you send, but liberal in what you accept.
Looking at th
> OK. I'm convinced. At least three people have said they use this
> extensively, so we should continue to support it. Why don't we just keep
> the existing behavior and add "Include dir/*.conf" as an option. We can
> assume that people who are using recursively included directories are
> sma
On Tue, 28 May 2002, Joshua Slive wrote:
> Sure, I agree with all that. I'm just trying to figure out the use-case
> for having "Include dir/" recursively include subdirectories. If there is
> such a case, we should keep it, but I don't know if there is.
In my experience tremendously useful i
> the wrong pgrp later. So I think Aaron's right.
Ok - committed - please check that it matches people their consensus :-).
Dw
> What do you mean? At what point do we stop trying to detect errors
> and let the daemon go on its merry way?
Ideally once she says:
[Mon May 13 14:39:24 2002] [notice] Apache/1.3.25-dev (Unix) configured -- resuming
normal operations
which if I recall correctly is the moment after which you
> As long as you still do the fork(2) decision before the setsid(2) call,
> no. :)
Of course the real patch is to make the exit codes always reliable - even
when we fork and detach ;-)
Dw
On Mon, 13 May 2002, Aaron Bannert wrote:
> On Mon, May 13, 2002 at 03:15:44PM -0700, [EMAIL PROTECTED] wrote:
> > In that case I'd suggest we do
> >
> > if (setsid() fails)
> > always log error
> > exit(1) unless no_detach.
>
> should that be
> exit(1) if no_
> OTOH, simply calling httpd from the command line (or exec'ing it from
> a shell script) will usually mean that the process is the leader of a
> new process group, meaning setsid() will fail.
I had not considered that mode of use - should we allow for that ? It
would propably make sense - seems
On Mon, 13 May 2002, Justin Erenkrantz wrote:
> Unified diff, please. =) My brain can't parse that style of
> diffs. -- justin
Hmm - sorry - blame MacOS-X - somehow unified diffs break. Here is one
from a BSD box:
Dw
Index: src/CHANGES
==
> Hmm - not entirely trivial; it turns out that most unix-es do not take
> kindly to
>
> setsid()
>
> when not detached/non-root. So I changed Jos/Michaels patch. See below.
> Anyone any comments ?
The other obvious way is to make the error non fatal or do a (!geteuid())
to see if we are
Hmm - not entirely trivial; it turns out that most unix-es do not take
kindly to
setsid()
when not detached/non-root. So I changed Jos/Michaels patch. See below.
Anyone any comments ?
Dw
Index: CHANGES
===
RCS file: /home
Ok - massaged the right patch in - works perfectly on MacOS X. Testing
further.
Dw.
--
Dirk-Willem van Gulik
On Mon, 13 May 2002, Jim Jagielski wrote:
> Jim Jagielski wrote:
> >
> > At 12:25 PM -0701 5/13/02, Jos Backus wrote:
> > >Anyone interested in picking this up before the next (last?)
> http://www.catnook.com/patches/apache-1.3.24-daemontools.patch
>
> is valid. To the point, however, the bug says to simply place in
> ./patches, but I'm wondering whether we should just fold it into
> the official source. That's what I'm leaning towards... Any complaints
> if, after review and
On Fri, 3 May 2002, Rose, Billy wrote:
> Here is my initial beta release of the mod_auth_referer module. I'll be
> hosting it on my site soon as a 3rd party module. Any comments are welcome.
Some comments:
- You may want to use ap_set_flag_slot and XtOffsetOf to reduce some code.
-
David,
Could you (or someone else) who is on a legitimate platform which does
not support writev() check if this is functional ?
Note that I also found I had to make the #ifdef/#if defined()s to make
things comply across the board.
I've tried both with and without SSL and with/without WRITEV o
What platform does not have writev() at the moment ?
Dw.
--
Dirk-Willem van Gulik
> specific versions of APR that must be in-tree. Remember that people
> can only legitimately file bug reports off released versions. People
Ack - I had not thougd of that - that is perfectly true - so a release
version of Apache implies a single APR version - even across platforms.
Dw.
> Personally I just don't see what the big deal is. People like having ab
:-) :-) - I think that all that happened was that the #define in the 1.3
version unintentionally got translated during the 2.0 move to the
BASE_SERVER version; not realizing it had intentioanlly its own
version number dis
Just to have some fun - Below is the result of running a build of AB
against the same apache 1.3.0 (stock)
It is a simple loop - checkout against a tag; cd apache-1.3/src && cp
Configuration.tmp && Configuration && ./Configure && make && cd support &&
make) and then run 20 times ./ab -c 30 -n 10
On Wed, 1 May 2002, Sander Striker wrote:
> > -1 on anything which
> > -> shows in the output of AB of versions of AB which -can-
> >be compared different version numbers
> > or
> > -> which shows in the output of AB identical version numbers
> >even though the resu
> I'd like to see either the seperate version for ab
> patch reverted _or_ ab moved out of the tree. I
> feel very strongly about only having 'one'* version
> scheme to care about in the httpd tree.
+0 to move it out of the tree.
+0 to restore the 1.3 versioning situation.
-1 o
On Fri, 26 Apr 2002, Joshua Slive wrote:
> 1. What if you want to log both the ident and the password? Your answer
> is probably "nobody uses ident anymore". In that case, we may eventually
...
> The environment approach just seems much cleaner to me.
When the module was created - the situati
+1 - especially for 2.0 where we do not care about breaking
processing scripts and what not.
Dw
--
Dirk-Willem van Gulik
On Fri, 26 Apr 2002, Thomas Eibner wrote:
>
> After a short discussion on #apache we came to the conclusion that the
> way mod_auth_anon logs the "passwd" used to acce
> Having it separated out like you have just changed it to is going
> to cause lots of problems for us maintaining it. While your
As to wether this is realistic: From apache-1.3/src/support/ab.c:
#define VERSION "1.3d"
which has been there for some XXX years and allowed us to compare
On Wed, 24 Apr 2002, Aaron Bannert wrote:
> Hmm..I don't see the VERSION symbol in the 2.0 version, and it looks
> like the comments in the header stop at Version 1.3e. I could start
> up at 2.0a, but would it be of much use to mention what has happened in
> the mean time? Also, I think we depen
Aaron,
Could you also ++i the version number ? I.e. in the past we changed the
VERSION string each time we made a change which made results of that
version of AB incomparable with previous ones. See comments in the header
of apache-1.3/src/support/ab.c.
Given that your change does that - might
+1 - works for me gov !
Dw.
--
Dirk-Willem van Gulik
Whoa ! That sort of a situation in in my experience extremely common; e.g.
a URL flashed in a TV or Advert - or during a soap/talk show to 'vote' or
something. Bazillions of people on crappy modem links going on line and
fetching too-big-an images as the producers of the TV show think that you
re
--
Dirk-Willem van Gulik
On Tue, 9 Apr 2002, Aaron Bannert wrote:
> On Tue, Apr 09, 2002 at 01:23:47PM -0400, Jim Jagielski wrote:
> > Ryan Bloom wrote:
> > >
> > > I would HAPPILY contribute to a project to re-write libtool. IMNSHO, it
> > > is the absolute worst tool ever created.
> > Sam
On 8 Apr 2002, Jeff Trawick wrote:
> Jeff Trawick <[EMAIL PROTECTED]> writes:
> Any Mac OS X folks watching now? Don't we need something like this in
> /dist/httpd/patches/apply_to_2.0.35/README.html?
>
> * OS X
> 1. up-to-date libtool needed
>
> Install libtool 1.4.2
On Mon, 8 Apr 2002, Jim Jagielski wrote:
> Most likely Nov 2002.
>
> Doesn't help out now, I know.
>
> Justin Erenkrantz wrote:
> >
> > On Mon, Apr 08, 2002 at 03:25:39PM -0400, Jim Jagielski wrote:
> > > Hopefully, the next ApacheCon will afford an op for mega signing :)
> >
> > *ahem* When wil
On the KEYS file do:
pgpk -ll [EMAIL PROTECTED] > tmp.txt
pgpk -xa [EMAIL PROTECTED] >> tmp.txt
(or use (better) your keyID as 0xCC8B0F7E).
Edit tmp.txt to make the header look like the rest of the entries in the
KEYS file; i.e. keyID, *fingerprint* and emails associate
+1 Nice -I can use that in some modules I have here as well.
Dw.
--
Dirk-Willem van Gulik
On Sat, 6 Apr 2002, Graham Leggett wrote:
> Hi all,
>
> In preparation for a bugfix to proxy and its broken chunking in v1.3, I
> need to make getline() and get_chunk_size() available to proxy.
>
> This
On Fri, 5 Apr 2002, Cliff Woolley wrote:
> In regard to that particular example: the bucket API is now stabilized.
> There are little tweaks I'd like to make, but I can live without them if
> need be.
... for the next 5 years :-). Cathargo should...
Dw.
On Sat, 6 Apr 2002, Sander Striker wrote:
> Only the APIs in httpd.
..
> > renamings in APR will be harder from hereon
> APR _shouldn't_ be affected by it. It is a seperate project.
I agree - it SHOULD. but it may - I am not too sure about the buckets and
how solid they are - and they cut dee
Yoo - good stuff !
... but you guys *DO* realize that this does carve your API's
in stone - renamings in APR will be harder from hereon
as will be, say, a change in some of the initial bucketeering
setups or whatever :-)
Hate to be a spoilfun - but this GA tendency feels a bit..
Or we just add an extra flag to not just have the FreeBSD md5 password
format - but also the generic one.
Dw.
--
Dirk-Willem van Gulik
On Mon, 1 Apr 2002, William A. Rowe, Jr. wrote:
> See the CPAN Perl module;
>
> search www.cpan.org for Crypt-PasswdMD5
>
> It has a supported 'apachified' p
Yes - our mails crossed - quite some change between earlier drafts and the
final RFC2616 which has little guidance for proxies.
Dw.
--
Dirk-Willem van Gulik
On Fri, 29 Mar 2002, Chuck Murcko wrote:
> For HTTP 1.1 you should use the Host: urlhost[:urlport] form. AFAICS
> these are the simples
Some advice needed on how to use the Host header when using a proxy and
confirming its limitations with respect to Host: based proxies.
- Consider a proxy proxy.com on port PA
- Consider an origin server or gateway on server.com on port PB
- Consider a URL: http://server.com[
Actually:
> The problem I'm encountering is that ab(1) generates Host: header
> pointing to proxy server instead of real destination host.
> Due to this behavior, proxy server (not mod_proxy, BTW) is failing
> to send a valid HTTP request to destintion webserver using name-based
> virtualhost, a
> The problem I'm encountering is that ab(1) generates Host: header
> pointing to proxy server instead of real destination host.
> Due to this behavior, proxy server (not mod_proxy, BTW) is failing
> to send a valid HTTP request to destintion webserver using name-based
> virtualhost, as it simply
Anyone think it is a good idea if I did a
s/@/_at_/g
on the email addresses in the Changes file ?
Dw.
--
Dirk-Willem van Gulik
On Thu, 14 Mar 2002, Martin Kraemer wrote:
> --snip--
> % netcat localhost 8080 << .
> HEAD http://apache.org/favicon.ico HTTP/1.0
>
> .
> HTTP/1.1 200 OK
> Date: Thu, 14 Mar 2002 11:20:48 GMT
> Server: Apache/1.3.24-dev (Unix)
...
> X-Cache: MISS from localhost
> Connection: cl
On Sat, 9 Mar 2002, Stas Bekman wrote:
> Sander Striker wrote:
> > Hi,
> >
> > Should we bump the copyright year on all the files?
> > Anyone have a script handy?
>
> find . -type f -exec perl -pi -e 's|2000-2001|2000-2002|' {} \;
>
Would be nicer to have a more 'correct' stript which would be
On Sat, 2 Mar 2002, Bill Stoddard wrote:
> Wouldn't just making ap_log_error() ap_run_log_error() solve a lot of
> these problems?
+1 - with perhaps something like an 'always pass through'. I.e. even if an
module provides an 'OK' it continues just as a 'DECLINE' so that certain
major failures c
On Thu, 28 Feb 2002, Pier Fumagalli wrote:
> "Ryan Bloom" <[EMAIL PROTECTED]> wrote:
>
> > Can we change the default log file names form _log to .log? I have
> > moved to Windows recently (work requires it), and on Windows, files must
> > have an extension in order to be able to associate the
Though I one 100% agree with the stance that a proper web server should..
well.. serve pages - It sure would be nice if we could have a logging
subsystem in apache 2.1 or higher which took care of some of the harder
things for us module/appserver developers when bouncing around
logging data.
I.e
On Tue, 26 Feb 2002, Lars Eilebrecht wrote:
> According to Justin Erenkrantz:
>
> > -0. I personally believe that this shouldn't be backported. If
> > you want this, you should use 2.0.
>
> I tend to agree. -0 from me as well.
>
> There will always be a nice feature which could be backported
On Tue, 19 Feb 2002, Greg Ames wrote:
> ...for about a week and a half, taking a 42' catamaran from Miami to the British
> Virgin Islands. httpd on daedalus shouldn't need much attention in the mean
> time. I have a lot of confidence in 2.0.32.
Let me know if you need to have it sailed back :
On Mon, 18 Feb 2002, Pier Fumagalli wrote:
> Does it make any sense? Is it already there (meaning, am I stupid not to see
> it?), and is something someone else wants/requires
Makes perfect sense - and blame me for not putting it in there - I've done
exactly this for customers abusing the r
81 matches
Mail list logo