I'm trying to make ProxyPassReverseCookieDomain understand two things it
apparently does not understand at the moment: accept 1) balancer names and
2) variables as arguments. For the first problem I was able to come up with
a patch based on the code for the ProxyPassReverse directive (see below).
To make the directive more useful I suggest the attached patches.
The first one will make the directive use balancer ids to look up matching
worker names instead of just dumping the balancer name into the cookie -
which is obviously never useful at all.
The second one will default an empty
, Apr 4, 2013 at 10:43 AM, Nick Kew n...@webthing.com wrote:
On 3 Apr 2013, at 08:52, Thomas Eckert wrote:
I'm trying to make ProxyPassReverseCookieDomain understand two things it
apparently does not understand at the moment: accept 1) balancer names and
2) variables as arguments. For the first
Any news here ? I would like this to get included since it fixes what I
think is a real lack of usability - see my previous example as to the 'why'
and 'how'.
On Thu, Apr 4, 2013 at 11:34 AM, Thomas Eckert
thomas.r.w.eck...@gmail.comwrote:
Suppose you have several balancers defined, each
Lately, I've been seeing httpd/mod_proxy seg faulting in reverse proxy
setups, frequency increasing.
#0 apr_palloc (pool=0x8b52518, in_size=16) at memory/unix/apr_pools.c:684
#1 0xf756fc10 in apr_pool_cleanup_register (p=0x8b52518, data=0x8b52528,
plain_cleanup_fn=0xf756edb0
is redundant anyway) and have
mod_proxy insert the correct value by itself.
On Mon, Apr 22, 2013 at 10:33 AM, Thomas Eckert thomas.r.w.eck...@gmail.com
wrote:
Any news here ? I would like this to get included since it fixes what I
think is a real lack of usability - see my previous example
eaiser in the
future. It's really only 2 lines that have to be edited.
On Sat, May 4, 2013 at 8:20 PM, Micha Lenk mi...@lenk.info wrote:
Hi Stefan,
Am 03.05.2013 14:09, schrieb Stefan Fritsch:
On Thursday 02 May 2013, Thomas Eckert wrote:
Lately, I've been seeing httpd/mod_proxy seg faulting
However, looking at your patch, having to lock the mutex for
ap_proxy_get_worker() looks wrong. I think it should be passed r-pool
instead of conf-pool.
I checked how ap_proxy_get_worker() is used in other places and also what
is done with the pool inside and you are right. It really shouldn't
Attached patch contains a directive to improve the error marking of
workers. Basically, some errors will cause a worker to be marked as in
error while others don't. I can't see a reason for this so I added a
directive to have all errors mark the error correctly - especially useful
for automated
, Daniel Ruggeri drugg...@primary.net wrote:
On 5/7/2013 2:00 PM, Jim Jagielski wrote:
Agreed... An all or nothing setting will likely create more
trouble than not.
On May 7, 2013, at 8:08 AM, Eric Covener cove...@gmail.com wrote:
On Tue, May 7, 2013 at 6:24 AM, Thomas Eckert
BTW: I ask myself why we need a global mutex to protect a pool. Wouldn't
a thread mutex be sufficient?
I figured accessing a pool inside a module config is something that needs
to be protected across process boundaries, hence the global lock. Are
module configs not globally unique in the sense
Just wondering if we also have a problem with the pool
as well... if base doesn't have a proxy, we don't have
the subpool.
Looks like it. At least I don't see a reason why Nick's reasoning would
apply to the mutex but not to the pool.
BTW, wondering if instead of leaking proxy_mutex we
I'm trying to investigate some core dumps in mod_security and currently
face this
(gdb) bt
#0 0xf6efc232 in create_tx_context (r=0x1eac8ed0) at mod_security2.c:325
#1 0xf6efc606 in hook_error_log (file=0x80a51bd http_filters.c,
line=493, level=3, status=104, s=0x18144178, r=0x1eac8ed0, mp=0x0,
and updating it is - unfortunately - also
out of question :-/
On Fri, May 24, 2013 at 10:46 AM, Graham Leggett minf...@sharp.fm wrote:
On 24 May 2013, at 10:38 AM, Thomas Eckert thomas.r.w.eck...@gmail.com
wrote:
Why would the per_dir_config be NULL here ? I don't think that should
ever be encountered
Downloading a .docx file through a HTML rewriting reverse-proxy suddenly
increased file size by 5 kB. So looking at
modules/filters/mod_xml2enc :: static apr_status_t
xml2enc_ffunc(ap_filter_t* f, apr_bucket_brigade* bb)
I saw the following
/* only act if starts-with text/ or contains xml
You do not need to expose pools to users through your API to make their
usage thread safe. Identify the spots which can trigger pool access and
wrap some thread safety mechanism around them, e.g. mutexes. APR does
supply you with good means to get your code thread safe - just use it ;-)
Look up
On Wed, May 29, 2013 at 8:20 PM, Nick Kew n...@webthing.com wrote:
On 29 May 2013, at 14:28, Thomas Eckert wrote:
I saw the following
/* only act if starts-with text/ or contains xml */
if (strncmp(ctype, text/, 5) !strstr(ctype, xml)) {
ap_remove_output_filter(f
2013, at 14:31, Thomas Eckert wrote:
mod_xml2enc_ctype.patch
Thanks.
Looks a lot like the patch I hacked up but have yet to test or commit :)
--
Nick Kew
the problem isn't the same for you.
True but one is still better then none ;-)
Cheers,
Thomas
On Fri, May 24, 2013 at 11:12 AM, Graham Leggett minf...@sharp.fm wrote:
On 24 May 2013, at 11:03 AM, Thomas Eckert thomas.r.w.eck...@gmail.com
wrote:
How did you investigate into this ? I'll
Looking at the code for creating sub requests (ap_sub_req_lookup_* and
ap_sub_req_method_uri) I get the impression sub requests always have to
remain inside the path of their original request's URI. That is, the path
specified as the new URI for the before mentioned function calls is
appended to
In a reverse proxy scenario, I want to do the following
1) read incoming request A and keep it on hold
2) set up connection to backend for (new) request B
3) send request B and read response over that backend connection
4) bind that backend connection to request A so that mod_proxy will use
that
So I've been seeing lots of proxy: error reading status line from remote
server by mod_proxy lately. Usually this is caused by the race condition
between checking the connection state and the backend closing the
connection due to the keep-alive timeout. As Covener pointed out to me in
IRC, using
:
+1 for the theory, but I'm not sure if it's feasible or not.
On Aug 2, 2013, at 5:28 AM, Thomas Eckert thomas.r.w.eck...@gmail.com
wrote:
So I've been seeing lots of proxy: error reading status line from
remote server by mod_proxy lately. Usually this is caused by the race
condition
One could do an 'OPTIONS *' request. But I am not sure if that is any
better than proxy-initial-not-pooled in terms of performance.
I don't see why an OPTIONS request should not encounter problems where a
GET request will. After all, the problem is on the transport layer, not on
the application
I'm facing the problem that I have to use ProxyPassReverse inside a
LocationMatch container, which is not really supported as documented in
the last paragrpah at
http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassreverse
I find the 'workaround' mentioned in the docs quite useless:
].fake, url[l2],
NULL);
I'm using ProxyPassReverse in a rather limited fashion. Do you see
situations where the above fails ?
On Wed, Sep 25, 2013 at 12:31 PM, Nick Kew n...@webthing.com wrote:
On 25 Sep 2013, at 10:06, Thomas Eckert wrote:
I'm facing the problem that I have to use
Yann, although I do expect it to solve the issue discussed here, I don't
think simply flushing everything instantly is the right way to go. For
example, how do the proposed changes work with modules which scan the
request body like mod_security ? A lot of scanning/parsing can only be done
in a
Sorry for the delayed reply. At the moment I don't have time to look at the
patch proposal in detail, sorry about that too. I'll get back to it soon, I
hope.
Pre-fetching 16K (or waiting for input filters to provide these) is not
always a fast operation, and the case where the backend closes its
Hey folks,
there's been quite a few issues with the scoreboard is full, not at
MaxRequestWorkers error log message. From what I've found all of them
involved some sort of heavy traffic. I've been wondering about the root
cause for this but now I have a reverse proxy showing this message right
= ap_daemons_limit * threads_per_child)
which is only worried about if:
(idle_thread_count min_spare_threads)
On Oct 18, 2013, at 10:22 AM, Thomas Eckert thomas.r.w.eck...@gmail.com
wrote:
Hey folks,
there's been quite a few issues with the scoreboard is full
As of late I'm seeing a lot of
AH01179: balancer slotmem_create failed
error messages which prevent apache2 from starting. I do have
DefaultRuntimeDir /var/run/apache2
set. For some reasons there appear to be left-over .shm files in the
DefaultRunTimeDir between stop-starts/restarts which
only stick around if we want to
persist state across restarts.
On Nov 6, 2013, at 8:39 AM, Thomas Eckert thomas.r.w.eck...@gmail.com
wrote:
As of late I'm seeing a lot of
AH01179: balancer slotmem_create failed
error messages which prevent apache2 from starting. I do have
Thanks for the patch, so far it's looking good. I'll get back to you once I
have more information.
On Wed, Nov 6, 2013 at 4:09 PM, Jim Jagielski j...@jagunet.com wrote:
try this:
On Nov 6, 2013, at 9:59 AM, Thomas Eckert thomas.r.w.eck...@gmail.com
wrote:
It is not mentioned
I'm looking at an issue with this log message
AH00526: Syntax error on line 6 of myconfig.conf: BalancerMember worker
hostname (---dd-eee-ff.us-east-1.elb.amazonaws.com)
too long
with the root cause being (modules/proxy/mod_proxy.h)
#define
...
On Nov 8, 2013, at 5:17 AM, Thomas Eckert thomas.r.w.eck...@gmail.com
wrote:
I'm looking at an issue with this log message
AH00526: Syntax error on line 6 of myconfig.conf: BalancerMember
worker hostname (
---dd-eee-ff.us-east-1.elb.amazonaws.com) too long
Switching mailing list from users to dev becazse to me this does not appear
to be a configuration problem. Anyone care to give a hint ?
-- Forwarded message --
From: Thomas Eckert thomas.r.w.eck...@gmail.com
Date: Mon, Nov 18, 2013 at 9:36 AM
Subject: Re: unsetting encrypted
Leggett minf...@sharp.fm wrote:
On 25 Nov 2013, at 2:43 PM, Thomas Eckert thomas.r.w.eck...@gmail.com
wrote:
Switching mailing list from users to dev becazse to me this does not
appear to be a configuration problem. Anyone care to give a hint ?
and redirecting the user back to the form page
:
On Mon, Nov 25, 2013 at 1:34 PM, Thomas Eckert
thomas.r.w.eck...@gmail.com wrote:
Thanks but I'm no sure if that's what I am looking for. I want to get
rid of
the old sessions (with the old key) and replace them with new ones (with
the
new key).
Firstly, (ISTM) you want to preserve
I've been debugging some problems with incorrectly reverse mapped Location
headers and found some backend servers (e.g. OWA for Exchange 2013) to give
headers like
Location: https://myserver:443/path/file?query
which I think are perfectly fine. mod proxy fails to do the trick because
matters ?
On Tue, Nov 26, 2013 at 5:14 PM, Plüm, Rüdiger, Vodafone Group
ruediger.pl...@vodafone.com wrote:
IMHO this should be fixed in the configuration with an additional
mapping that has the port in. In many cases the port matters.
Regards
Rüdiger
*From:* Thomas Eckert
matters.
Fix for your issue:
ProxyPassReverse / https://mybackend.local
ProxyPassReverse / https://mybackend.local:443
Regards
Rüdiger
*Von:* Thomas Eckert [mailto:thomas.r.w.eck...@gmail.com]
*Gesendet:* Mittwoch, 27. November 2013 11:20
*An:* dev@httpd.apache.org
*An:* dev@httpd.apache.org
*Betreff:* AW: ap_proxy_location_reverse_map()
What location would you expect? I agree that the result you see is not
correct.
BTW: ProxyPassReverse does not change anything to your balancer setup.
Regards
Rüdiger
*Von:* Thomas Eckert
is wrong.
Try either
ProxyPassReverse /path https://mybackend.local:443/path
ProxyPassReverse /path https://mybackend.local/path
Or
ProxyPassReverse / https://mybackend.local:443/
ProxyPassReverse / https://mybackend.local/
Regards
Rüdiger
*Von:* Thomas Eckert
Trying to add a hook to mod_auth_form via
diff --git a/include/mod_auth.h b/include/mod_auth.h
index 9b9561e..74e2dc6 100644
--- a/include/mod_auth.h
+++ b/include/mod_auth.h
@@ -134,6 +134,8 @@ APR_DECLARE_OPTIONAL_FN(void, ap_authn_cache_store,
(request_rec*, const
I have been having problems with mod_auth_form on returning DENIED from my
custom auth provider. This provider has it's own module-local session
cache, where stuff like accessible paths, credentials and the like are
stored to avoid having to query an external (and expensive) authentication
daemon.
:
On 03 Dec 2013, at 1:27 PM, Thomas Eckert thomas.r.w.eck...@gmail.com
wrote:
I have been having problems with mod_auth_form on returning DENIED from
my custom auth provider. This provider has it's own module-local session
cache, where stuff like accessible paths, credentials and the like
, the custom provider
should go on using the credentials it was given.
In the custom provider, is there a way to know about the difference with
currently existing means ?
On Tue, Dec 3, 2013 at 4:45 PM, Graham Leggett minf...@sharp.fm wrote:
On 03 Dec 2013, at 5:29 PM, Thomas Eckert thomas.r.w.eck
.
On Mon, Nov 25, 2013 at 6:55 PM, Graham Leggett minf...@sharp.fm wrote:
On 25 Nov 2013, at 7:30 PM, Thomas Eckert thomas.r.w.eck...@gmail.com
wrote:
If I have misunderstood, and you simply want all the old cookies
ignored and/or removed, then just list the new key by itself, the old
__declspec(dllimport)
#endif
Regards
Rüdiger
*Von:* Thomas Eckert [mailto:thomas.r.w.eck...@gmail.com]
*Gesendet:* Freitag, 29. November 2013 18:36
*An:* dev@httpd.apache.org
*Betreff:* adding hook into mod_auth_form
Trying to add a hook to mod_auth_form via
diff --git
on your ideas Yann, but I'm not sure if they address this particular
problem too.
Jan Kaluza
On 10/17/2013 04:52 PM, Yann Ylavic wrote:
On Thu, Oct 17, 2013 at 11:36 AM, Thomas Eckert
thomas.r.w.eck...@gmail.com mailto:thomas.r.w.eck...@gmail.com
wrote:
Hence,
why
.
Until then I'll just see this as declined.
On Thu, Dec 5, 2013 at 5:26 PM, Yann Ylavic ylavic@gmail.com wrote:
On Thu, Dec 5, 2013 at 5:04 PM, Thomas Eckert thomas.r.w.eck...@gmail.com
wrote:
It also seems that it adds more cycles to Apache on the front to
reduce a race condition
So it should work out of the box. I figured as much but was unsure whether
I hit a bug or forgot a configuration directive. Will look into it once I
have the time :-/
On Sun, Dec 8, 2013 at 2:42 PM, Graham Leggett minf...@sharp.fm wrote:
On 04 Dec 2013, at 11:53 AM, Thomas Eckert
.
On Sun, Dec 8, 2013 at 12:33 PM, Micha Lenk mi...@lenk.info wrote:
Hi Thomas,
Am 03.12.2013 18:04, schrieb Thomas Eckert:
Now suppose the following
[...]
32 user fills in and submits form
32 custom auth provider receives the user credentials
33 custom auth provider looks up it's
. Going to take another look at it tomorrow.
On Thu, Dec 12, 2013 at 12:25 AM, Graham Leggett minf...@sharp.fm wrote:
On 09 Dec 2013, at 10:50 AM, Thomas Eckert thomas.r.w.eck...@gmail.com
wrote:
So it should work out of the box. I figured as much but was unsure
whether I hit a bug or forgot
:
On Thu, Dec 12, 2013 at 7:30 PM, Graham Leggett minf...@sharp.fm wrote:
On 12 Dec 2013, at 16:57, Thomas Eckert thomas.r.w.eck...@gmail.com
wrote:
The patch does not help but I think it got me on the right track though
I'm a bit confused about the 'dirty' flag. Where is that flag supposed
Why offer an option to a directive which makes it behave differently AND
have an explicit directive for that exact behaviour ? I see no gain from
this but a lot of potential harm in terms of user confusion. Better be
explicit and unambiguous - 2)
On Mon, Dec 16, 2013 at 6:37 AM, Christophe
I've been over this with Nick before: mod_proxy_html uses mod_xml2enc to do
the detection magic but mod_xml2enc fails to detect compressed content
correctly. Hence a simple ProxyHTMLEnable fails when content compression
is in place.
To work around this without dropping support for content
...@webthing.com wrote:
On 17 Dec 2013, at 10:32, Thomas Eckert wrote:
I've been over this with Nick before: mod_proxy_html uses mod_xml2enc to
do the detection magic but mod_xml2enc fails to detect compressed content
correctly. Hence a simple ProxyHTMLEnable fails when content compression
:
On 18 Dec 2013, at 14:47, Thomas Eckert wrote:
No, yes and I tried but couldn't get it to work. Following your advice I
went along the lines of
Yes, I'd be trying something like that. You can insert inflate (and
deflate)
unconditionally, as they will check the headers themselves
IIRC the OP wants to decompress such contents and run them
through mod_proxy_html. I don't think that works with any sane
setup: running non-HTML content-types through proxy_html
will always be an at-your-own-risk hack.
What I want is a (preferrably as simple as possible) method of
I've had this deployed for some time now and it works just fine. Did this
just fall asleep or is further explanation desired ?
On Fri, Dec 13, 2013 at 9:10 AM, Thomas Eckert
thomas.r.w.eck...@gmail.comwrote:
Must have made some mistake when testing it yesterday because it works
like a charm
in your opinion ?
On Tue, Jan 14, 2014 at 2:08 PM, Thomas Eckert
thomas.r.w.eck...@gmail.comwrote:
IIRC the OP wants to decompress such contents and run them
through mod_proxy_html. I don't think that works with any sane
setup: running non-HTML content-types through proxy_html
Some time ago I put up HTTP to HTTPS redirects in place which now needed an
update so they would not only work for constant host names but use the
'Host' header information as target host.
So a simple
Redirect permanent / https://example.org/
wasn't enough. I wanted to avoid using mod_rewrite
on this front. Thanks !
On Wed, Jan 22, 2014 at 4:42 PM, Graham Leggett minf...@sharp.fm wrote:
On 22 Jan 2014, at 5:36 PM, Thomas Eckert thomas.r.w.eck...@gmail.com
wrote:
Some time ago I put up HTTP to HTTPS redirects in place which now needed
an update so they would not only work
When doing this please keep in mind there is a huge amount of users out
there who are not developers and who will struggle with something like
LocationMatch ^/foo/(?bar[^/]+)
Alias /var/lib/%{env:MATCH_BAR}/baz
…stuff...
/LocationMatch
As long as they are reusing the same code under the
good :-)
On Mon, Jan 27, 2014 at 9:29 AM, Graham Leggett minf...@sharp.fm wrote:
On 27 Jan 2014, at 9:58 AM, Thomas Eckert thomas.r.w.eck...@gmail.com
wrote:
When doing this please keep in mind there is a huge amount of users out
there who are not developers and who will struggle
is inspected before the session is decoded?
On Fri, Jan 24, 2014 at 5:11 AM, Graham Leggett minf...@sharp.fm wrote:
On 16 Jan 2014, at 5:15 PM, Thomas Eckert thomas.r.w.eck...@gmail.com
wrote:
I've had this deployed for some time now and it works just fine. Did
this just fall asleep
And it's also important to keep Apache httpd-x64 code current with the new
Windows Server + Visual Studio versions, since that's the most cases I
know
of around.
Let's not hijack the 2.4.8 TR thread for yet another round of this topic.
On Fri, Feb 7, 2014 at 1:18 PM, Eric Covener
Doesn't
+else {
+/* default - only act if starts-with text/ or contains xml */
+wanted = !strncmp(ctype, text/, 5) || strstr(ctype, xml);
+}
suffer from the same problem as the original code ? So if the user did not
give any xml2Types the default behaviour will hit the
69 matches
Mail list logo
