Re: httpd 2.4.25, mpm_event, ssl: segfaults

On Mon, 6 Feb 2017, Jacob Champion wrote: Considering the massive amount of caching that's built into the entire HTTP ecosystem already, O_DIRECT *might* be an effective way to do that (in which we give up filesystem optimizations and caching in return for a DMA into userspace). I have a

Re: httpd 2.4.25, mpm_event, ssl: segfaults

Here is how cache page replacement is done in Linux: https://linux-mm.org/PageReplacementDesign On Tue, Feb 7, 2017 at 5:32 AM, Niklas Edmundsson wrote: > On Mon, 6 Feb 2017, Jacob Champion wrote: > > > > Considering the massive amount of caching that's built into the entire

mood_remoteip ProxyProtocol addition

Hi guys, I am trying to have haproxy added in front of our Apache servers, for SSL termination. This is not hard to do, and especially with the recent addition of ProxyProtocol support to mod_remoteip it works almost as we need it. Unfortunately we have a lot of users that use things like:

Re: mod_http2 and Frequent wake-ups for mpm_event

Hi, got this one today with both patches applied: Core was generated by `/usr/local/apache/bin/httpd -DFOREGROUND'. Program terminated with signal SIGSEGV, Segmentation fault. #0 allocator_free (node=0x0, allocator=0x7f350405e030) at memory/unix/apr_pools.c:381 #0 allocator_free (node=0x0,

Re: mood_remoteip ProxyProtocol addition

On Tue, Feb 7, 2017 at 10:14 PM, Jordan Gigov wrote: > On 7 February 2017 at 22:33, Yann Ylavic wrote: >> I'm a bit reluctant with these patches, and probably need to be >> convinced this isn't an application issue in the first place (why not >> use

Re: mood_remoteip ProxyProtocol addition

On Tue, Feb 7, 2017 at 7:03 PM, Jordan Gigov wrote: > On 7 February 2017 at 18:08, Sander Hoentjen wrote: >> >> I am trying to have haproxy added in front of our Apache servers, for >> SSL termination. This is not hard to do, and especially with the recent

Re: mood_remoteip ProxyProtocol addition

On 7 February 2017 at 22:33, Yann Ylavic wrote: > I'm a bit reluctant with these patches, and probably need to be > convinced this isn't an application issue in the first place (why not > use X-Forwarded-Proto or alike to achieve the same? i.e. generate > https links...), or

Re: Build-tree testing is now in trunk

On 01/24/2017 07:01 AM, Luca Toscano wrote: Just tested with trunk, works fine for me! I haven't done anything special though, will try to do more testing during the next days.. Awesome, thanks for the testing! I have merged a fix for the MPM-DSO ServerName warnings, so Yann, if you want to

Re: mood_remoteip ProxyProtocol addition

On Wed, Feb 8, 2017 at 12:01 AM, Reindl Harald wrote: > > how can you trust as a php application developer that "X-Forwarded-Proto" is > trustable and not from the enduser client at all - for REMOTE_ADDR you don't > consider "X-Forwarded-For" exactly for that reason I'm

Re: mood_remoteip ProxyProtocol addition

On Wed, Feb 8, 2017 at 12:25 AM, Yann Ylavic wrote: > On Wed, Feb 8, 2017 at 12:01 AM, Reindl Harald wrote: >> >> how can you trust as a php application developer that "X-Forwarded-Proto" is >> trustable and not from the enduser client at all - for

Re: mood_remoteip ProxyProtocol addition

On Tue, Feb 7, 2017 at 11:34 PM, Reindl Harald wrote: > > Am 07.02.2017 um 22:53 schrieb Yann Ylavic: >> >> I mean the application can know about "X-Forwarded-Proto or whatever" >> header, it could act with it like it does with HTTPS=on (if it >> wishes) > > for that you

Re: mood_remoteip ProxyProtocol addition

Am 07.02.2017 um 23:50 schrieb Yann Ylavic: On Tue, Feb 7, 2017 at 11:34 PM, Reindl Harald wrote: Am 07.02.2017 um 22:53 schrieb Yann Ylavic: I mean the application can know about "X-Forwarded-Proto or whatever" header, it could act with it like it does with

Re: mood_remoteip ProxyProtocol addition

Am 07.02.2017 um 21:33 schrieb Yann Ylavic: My point is that we are not changing/masquarading something which is remote here (like the client IP address), we are making so that the applications and httpd itself think they are locally talking SSL/TLS. Thus they will send things like "; Secure"

Re: mood_remoteip ProxyProtocol addition

Am 08.02.2017 um 00:44 schrieb Yann Ylavic: On Wed, Feb 8, 2017 at 12:25 AM, Yann Ylavic wrote: On Wed, Feb 8, 2017 at 12:01 AM, Reindl Harald wrote: how can you trust as a php application developer that "X-Forwarded-Proto" is trustable and

Re: mood_remoteip ProxyProtocol addition

Am 07.02.2017 um 22:53 schrieb Yann Ylavic: On Tue, Feb 7, 2017 at 10:14 PM, Jordan Gigov wrote: On 7 February 2017 at 22:33, Yann Ylavic wrote: I'm a bit reluctant with these patches, and probably need to be convinced this isn't an application

Re: Build-tree testing is now in trunk

On Tue, Feb 7, 2017 at 8:51 PM, Jacob Champion wrote: > > I have merged a fix for the MPM-DSO ServerName warnings, so Yann, if you > want to give that a shot and confirm it works for you, I will propose for > backport after I feel relatively certain I haven't broken

Re: mood_remoteip ProxyProtocol addition

On 8 February 2017 at 01:44, Yann Ylavic wrote: > Actually, I'm not really opposed to set HTTPS=on (according to > mod_remoteip) in the environment *given to the script/CGI* only, if > that's the trigger for it to do the desired thing, this won't be used > by httpd

Re: svn commit: r1707087 - /httpd/httpd/trunk/modules/debugging/mod_bucketeer.c

On 10/06/2015 09:30 AM, yla...@apache.org wrote: Author: ylavic Date: Tue Oct 6 16:30:53 2015 New Revision: 1707087 URL: http://svn.apache.org/viewvc?rev=1707087=rev Log: mod_bucketeer: cleanup properly on EOS and write. Hey Yann, I've started testing reallyall builds of trunk, which are

Re: mood_remoteip ProxyProtocol addition

On 7 February 2017 at 18:08, Sander Hoentjen wrote: > Hi guys, > > I am trying to have haproxy added in front of our Apache servers, for > SSL termination. This is not hard to do, and especially with the recent > addition of ProxyProtocol support to mod_remoteip it works