Friday, 26 January 2007
|
| Apache 2.0.58 + Solaris 5.9: status "...reading..." & TCP state "FIN_WAIT_2" Chirouze Olivier 20:18:46 |
| | Hi all,
I'm facing a quite tricky situation with Apache 2.0.58 running on
Solaris 5.9.
Apache is running as a reverse proxy (mod_proxy + mod_rewrite).
The maximum concurrent connections is set to 150.
Because we reached the maximum a few times and got the reverse proxy
saturated, we started monitoring the Apache status page (/status).
We noticed that many requests were in the "..reading.." state (up to
40!), and they block a lot of slots.
At first, we upgraded from 2.0.47 to 2.0.58 because it seemed there was
a security hole in the earlier, fixed in 2.0.48.
I found some explanation here:
http://www.monkeybrains.net/~rudy/example/server_busy_state.html.
The thing is, the situation is starting to appear again with 2.0.58.
We've gone down to Unix and found that most of these requests were in
"FIN_WAIT_2" TCP state, and for a while (approx. 8min!!).
We found this: http://httpd.apache.org/docs/2.0/misc/fin_wait_2.html.
What it says, in a word, is that these things can happen and are
"normal": the connection stays in "FIN_WAIT_2" state until the timeout,
if clients do not close it properly. They just say it can be a problem
on the Unix point of view because.
I don't know if this is still true for 2.0 because the article was just
copied from 1.3. The thing is, it says that "The connections in
FIN_WAIT_2 do not tie up an httpd process". For us, IT DOES! Every
"..reading.." request happend to be in the "FIN_WAIT_2" state.
We have contacted Sun to get their opinion. The short answer is "you can
change the FIN_WAIT_2 timeout but be careful because wrong tuning will
have negative impact. Maybe you should wonder why these connections stay
alive". As far as I understood, the connection is not closed by the
client. The server (Apache) does nothing wrong. But maybe it does, as it
doesn't leave the process free?
My questions are:
Does anyone have heard about similar problems?
Why do these connections hold a process of Apache while the
documentation says it doesn't?
Do you recon tuning the Unix timeout would help? (current value of
tcp_fin_wait_2_flush_interval: 675000 ms - 11min!! This looks just
huge!)
Thanks in advance,
Olivier
Olivier CHIROUZE
I&0 Infrastructure
Volvo Information Technology
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
|
| |  3 answer | Add comment |
|
| special chars in URLS Octavian Rasnita 19:58:49 |
| | Hi,
I am trying to make a server side redirect using:
RedirectMatch ^/$ http://www.site.com/index.php/test%C4%83
But the server redirects to another address:
http://www.site.com/index.php/test%25C4%2583
So it replaces the % char with %25.
Is it possible to make a server side redirect to an address that contains
special chars?
Thanks.
Octavian
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
|
| | 2 answer | Add comment |
|
| 2007 DST changes, and a "non-issue" statement... Victor J. Orlikowski 18:23:19 |
| | Long time, no speak on my behalf. I hope to be changing that soon.
So - to de-cloak:
I've been getting some questions (from my new employer) on the
impact of the upcoming Daylight Saving Time issues for the httpd.
My natural response was: "There are none! It's an OS issue."
Whereupon, I was told that upper management would prefer to have
something rather more "official" than my word on it.
So - suspecting that this might become something of a FAQ in the
coming months, I figured that it might be helpful to post
something to the httpd site on the (non)impact to httpd/apr, if
only to save headaches.
Thoughts?
Thanks,
Victor
--
Victor J. Orlikowski <> victor.j.orlikowski@alumni.duke.edu
|
| | 9 answers | Add comment |
|
| is it possible ? (ssl-tunneling) Guest 15:40:16 |
| | Hi,
is it possible to have the connection between the client and the reverse proxy
encrypted with ssl and authorization basic ? smth like ssh-tunneling ?
example :
client <---- SSL ---- > Apache <-------------> origin server
reversed
proxy
thanks, appreciate it.
H.T.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
|
| | 3 answer | Add comment |
|
| Apache mod_dbd and Oracle Jeremie Garnier 14:24:42 |
| | Hi all,
I try to use connection pooling in apache using mod_dbd...
I test APR/APU and so the connection with the database is ok but I want to know how use mod_dbd?
I make all configurations in httpd.conf (DBDriver oracle,...). The module mod_dbd is well loaded ...
Now, I will use mod_dbd... Do you know how include mod_dbd API in a cgi script (or C program) as there no example or documentation of mod_dbd...
Thanks all for your help...
JИrИmie
***********************************************************************************
Information contained in this email message is confidential and may be privileged, and is intended only for use of the individual or entity named above. If the reader of this message is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify the postmaster@nds.com and destroy the original message.
***********************************************************************************
|
| | Add comment |
|
| Content negotiation with parameters in mimetype Richard Kaye 13:06:14 |
| | Hi,
I'm new to this list (hello!). Hope this is the right place to ask
my question. I have searched the web quite extensively for answers
but not got any.
I want to do Content Negotiation with a mime type (application/xhtml+xml)
using its "profile" parameter. My server is a Apache 2.2.3, and
currently I am using the +MultViews flavour of Content Negotiation.
I want to associate a filename extension .mhtml to
application/xhtml+xml;profile="FOO"
so that:
1. a web client requesting "...application/xhtml+xml;profile="FOO"..."
in its HTTP Accept header will receive such a file if it exists
but will NOT receive other application/xhtml+xml documents from
existing servers across the web unless that document has the
parameter value profile="FOO" explicitly set at the server.
2. a web client requesting plain old "...application/xhtml+xml..."
in its HTTP Accept header will also receive such a file if it exists
whatever the parameter values at the server are;
3. clients not asking for application/xhtml+xml or asking for
"...application/xhtml+xml;profile="BAR"..." will not get these files.
(If they ask for */* only I will provide a text/html file as the default
according to the usual Apache rules.)
My understanding of the specs (
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.1
and
http://www.rfc-editor.org/rfc/rfc3236.txt
) tells me that this should be possible and that it has already been
forseen that people like me would need this feature, but I can't
seem to configure my Apache to do it. All the obvious attempts
at an AddType directive fail. I'd be grateful for any pointers
or help, even (sadly) if you have to tell me that I have misread
the specs and what I want is not possible.
Many thanks
Richard
(Richard Kaye)
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
|
| | Add comment |
|
| Apache on Sun 10 Stefan Cobb 05:27:42 |
| | hey, newb here. Can Apache give me internet access on a sun 10 Os?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
|
| | 1 answer | Add comment |
|
| hello Naptime 04:23:01 |
| | Hello guys, im new to this list, I am curious on why this is occurring.
I have a simple file called stop.cgi in my dir .control:
#!/usr/bin/perl -w
#
# Description: Stop hlds server
print "Content-Type: text/html\n\n";
print "Your game server has been stoped, if it has not please email
support";
exec("./stop");
here is a copy of my config file for the virtual host.
<VirtualHost ip>
User todd
Group users
ServerAdmin noc@
DocumentRoot /home/todd/public_html
ServerName hlds.todd.domain.com
<Directory /home/todd>
Options +ExecCGI
</Directory>
Alias /server /home/todd/.control
ErrorLog logs/todd-error_log
CustomLog logs/todd-error_log common
</VirtualHost>
now for some odd reason this was working yesterday but when I installed
php, it's going weird on me again, right now it's giving me this error
when I attempt to run the cgi.
Internal Server Error
The server encountered an internal error or misconfiguration and was
unable to complete your request.
Premature end of script headers: /home/todd/.control/stop.cgi
What could be the problem? If I run stop.cgi from the shell it works, it
is also owned by todd.users, and the cgi is chmodded 755. thanks I
appreciate all the help.
j
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
|
| | 146 answers | Add comment |
|
| Re: piping logs in apache2.2 on windows 2003/XP Sai Koduri 00:41:04 |
| |
Does anybody know how we can use rotatelogs.exe to pipe logs for every day ???
Does any flags need to be turned on or do I need to include any modules?????
Thanks
sai
---------------------------------
TV dinner still cooling?
Check out "Tonight's Picks" on Yahoo! TV. |
| | 6 answers | Add comment |
Thursday, 25 January 2007
|
| Daylight Savings 2007 John Flores 22:12:32 |
| | Hi I have two verions of apache running 1.3 and 2.0. I am concerned about the change in Daylight Savings Times in 2007. Is there a patch that is needed to accomodate this change for my versions of apache. If so, can you tell me where I can find the patch and intallation documentation?
Thanks
John Flores |
| | 10 answers | Add comment |
|
| How to set environment variable from a LDAP attributes. Jean-Yves Avenard 18:55:38 |
| | Hi
I have recently upgraded to Apache 2.2 and while doing so, I now miss
some modules and I'm trying to find a replacement that runs in Apache
2.2
Currently, using the mod_authnz_ldap module, I'm able to authenticate
against a LDAP server. This will set the environment variable
REMOTE_USER.
Is there any way to set other environment variables based on some
attributes retrieved from LDAP?
I found that this module: mod_webauth (http://webauth.stanford.edu)
can do that, but as this was made for Apache 1.3 and 2.0 and with a
specific use in mind, Im not sure I'd like to risk it.
I was hoping that either mod_ldap or mod_authnz_ldap would allow me to
do this. That would be great as it will remove the need to log in
several times in various pages served by Apache.
Thanks in advance for any help or tips.
Cheers
Jean-Yves
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
|
| | Add comment |
|
| Custom indexing with autoindex Beginner 18:53:05 |
| | Hi,
I am trying to create a custom indexes for a Directory. One
requirement that has come up is the use of a hidden text field to
store a value in.
The docs mention that is HeaderName can refer to a CGI script but I
can't seem to make it work. FancyIndexing works fine with this
directive:
<Directory /data/www/*/html>
Options +Indexes
AddIcon /spl-icons/folder.png ^^DIRECTORY^^
IndexOptions FancyIndexing IgnoreCase SuppressHTMLPreamble
SuppressDescription SuppressSize
HeaderName /template/header.shtml
Order deny,allow
Allow from 195.222.242.128/25
</Directory>
However my efforts to make HeaderName a cgi-script are failing. Is
this because I would need to generate the entire index from CGI
rather than from mod_autoindex?
Is it possible to create a HeaderName that is a script and let
mod_autoindex perform the rest of the index? Any configuration tips
would be greatly appreciated.
Thanx,
Dp.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
|
| | 4 answer | Add comment |
|
| Web application for creating uml class diagrams Philip Mark Donaghy 13:50:21 |
| | Hello,
I'm creating a web application that uses a rich client interface for
creating uml class diagrams.
The basic design is to output xmi in standard and proprietory xmi formats.
The techno will be licensed Apache using dojo toolkit, and velocity templates.
Has anyone already seen this done? I don't want to reinvent the submarine.
Philip
--
Philip Donaghy
donaghy.blogspot.com del.icio.us/donaghy/philip
Skype: philipmarkdonaghy
Office: +33 5 56 60 88 02
Mobile: +33 6 20 83 22 62
|
| | Add comment |
|
| Stopping Apache if any services are dependent on it Shahid 11:54:55 |
| | Hi,
Can I stop Apache forcibly if any services are dependent on it ?
Is there any way ?
If any services are dependent on it , Apache shutdown fails.
Regards,
Shahid
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
|
| | Add comment |
|
| Fwd: Ordering like "%1$s" is unsupported in the format strings Cauchy Song 11:37:23 |
| | Mainly by:
/** Create an error structure with the given @a apr_err and @a child,
* with a printf-style error message produced by passing @a fmt, using
* apr_psprintf().
*/
svn_error_t *svn_error_createf(apr_status_t apr_err,
svn_error_t *child,
const char *fmt,
...)
__attribute__ ((format(printf, 3, 4)));
Is there any thing support format strings like "%1$s" in apr ?
---------- Forwarded message ----------
From: Kobayashi Noritada <nori1@dolphin.c.u-tokyo.ac.jp>
Date: 2007-1-25 2:23
Subject: Ordering like "%1$s" is unsupported in the format strings
To: subversion dev ML <dev@subversion.tigris.org>
Cc: dongsheng.song@gmail.com
Hi (mainly to zh_CN translators),
Recently revamped (Excellent!! :->) zh_CN.po contains many ordering
strings such as "%1$s". However, such ordering of words in the printf
format strings is not supported in Subversion (in APR?). Here I show
a test and its result with my ja.po.
Put a following entry into po.
#: svn/propedit-cmd.c:116
#, c-format
msgid "No changes to property '%s' on revision %ld\n"
msgstr "Revision %2$ld no zokusei '%1$s' ha henkou saremasendeshita.\n"
Then build and install po. After that, run propedit, and then just
close the editor without modification of the property:
nori1[14:40]% rev=163
saba:~/svnwc/deb/serf
nori1[14:40]% svn propedit --revprop -r $rev svn:log
saba:~/svnwc/deb/serf
[snip]
Revision %$ld no zokusei '%$s' ha henkou saremasendeshita.
The expected result is:
Revision 163 no zokusei 'svn:log' ha henkou saremasendeshita.
Yes, it's not supported.
Since orders of words are vastly different between English and
Japanese (For example, Subject-Verb-Object-Modifier is popular in
English, Modifier-Subject-Object-Verb is popular in Japanese.), I also
would like to use po's ordering framework. However, that framework is
dependent on implementation and currently unsupported in
Subversion. 
Thanks,
-nori
|
| | Add comment |
|
| Removing or overwriting "Server" header field. Simon Ashford 08:51:34 |
| |
Anyone know if it is possible to remove or completely
overwrite the "Server" HTTP header from Apache?
"ServerTokens" only allows it to be reduced somewhat.
"mod_header" doesn't seem to affect it.
We recently had a security audit done and one of the
points noted was that it was possible to identify the
web server software in use from the "Server" header.
So I would like to remove or completely overwrite
this header with something meaningless.
Simon Ashford.
-------------------------------------------------------------------
This e-mail and any attachments may contain confidential and/or
privileged material; it is for the intended addressee(s) only.
If you are not a named addressee, you must not use, retain or
disclose such information.
NPL Management Ltd cannot guarantee that the e-mail or any
attachments are free from viruses.
NPL Management Ltd. Registered in England and Wales. No: 2937881
Registered Office: Serco House, 16 Bartley Wood Business Park,
Hook, Hampshire, United Kingdom RG27 9UY
-------------------------------------------------------------------
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
|
| | 10 answers | Add comment |
|
| Why many redirects Tracy12 08:32:17 |
| |
Hi,
I have a Apache Authentication module defines as follows also I have
directoryIndex such that
if http://localhost/test will be redirected to
http://localhost/test/index.html as everyboy knows
also have the following block, but the problem is when I hit
http://localhost/test it hits the authentication handler many times, can
someone let us know why is this?
<Location /test>
PerlOptions +GlobalRequest
AuthType CAS
AuthName "AuthCAS"
PerlAuthenHandler AuthCAS->authen_handler
PerlSetVar casUrl "https://test:8443/cas"
PerlSetVar CAFile "/etc/pki/tls/certs/ca-bundle.crt"
</Location>
--
View this message in context: http://www.nabble.com/Why-many-redirects-tf3096290.html#a8596212
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
|
| | 1 answer | Add comment |
|
| problem running apache 2.2.4 on debian linux 3.0 Eric Johanson 08:26:43 |
| | i built apache 2.2.4 from source on debian 3.0 using gcc
i am running on debian 3.0 which has libc 2.2
when i install it on the machine i build on, it works
however i need to install it on another debian 3.0 machine
on the alternate machine, httpd will only server files smaller than 256
bytes
files of size 255 bytes always get served properly
with files of size 256 bytes and larger, httpd just closes the socket
connection and the client recieves nothing
there are no messages in the logs indicating a problem
this problem did not happen with apache 2.0 series on these same
machines
what does apache do differently when the file size reaches 256 bytes?
how can i diagnose what is happening since there is nothing in the log
files?
thanks very much for any help you can provide.
-eric johanson
newpoint technologies, inc.
|
| | 1 answer | Add comment |
|
| [STATUS] (apr-util) Wed Jan 24 23:46:31 2007 Rodent of Unusual Size 07:46:31 |
| | APACHE PORTABLE RUNTIME UTILITIES (APR-util) LIBRARY STATUS -text-*-
Last modified at [$Date: 2007-01-19 16:28:08 -0500 (Fri, 19 Jan 2007) $]
Releases:
1.3.0 : in development
1.2.9 : in development
1.2.8 : released December 4, 2006
1.2.7 : released April 14, 2006
1.2.6 : released March 25, 2006
1.2.5 : not released
1.2.4 : not released
1.2.3 : not released
1.2.2 : released October 11, 2005
1.2.1 : released August 18, 2005
1.2.0 : not released
1.1.2 : released March 17, 2005
1.1.1 : not released
1.1.0 : released January 25, 2005
1.0.1 : released November 19, 2004
1.0.0 : released September 1, 2004
0.9.14 : in development
0.9.13 : released December 4, 2006
0.9.12 : released April 13, 2006
0.9.11 : released March 30, 2006
0.9.10 : tagged March 22, 2006, not released
0.9.9 : tagged January 30, 2006, not released
0.9.8 : tagged January 27, 2006, not released
0.9.7 : released October 11, 2005
0.9.6 : released February 7, 2005
0.9.5 : released November 20, 2004
0.9.4 : released September 25, 2003
0.9.3 : tagged March 30, 2002
0.9.2 : released March 22, 2002 (alpha)
0.9.1 : released September 11, 2002 (alpha)
0.9.0 : not released
Bundled with httpd:
2.0a9 : released December 12, 2000
RELEASE SHOWSTOPPERS:
RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP:
* Solaris's Sun Freeware (sfw) package has a busted gcc/ld setup.
This gcc passes -L/opt/sfw/lib to /usr/ccs/bin/ld, but does not
pass -R. Therefore, when trying to run the code using a
library from /opt/sfw/lib (say, libdb), the run-time linker
will not look in /opt/sfw/lib and the program will die.
Status: Workaround is to add "-R/opt/sfw/lib" to LDFLAGS.
Should check latest sfw package set and see if Sun
may have fixed this.
* GDBM usage of errno is not-thread-safe. Fix.
* Expat 1.99.2 is getting stale, 1.99.8 for sanity's sake, and
push to Expat 2.x for apr-util 2.0
* http://www.ibm.com/software/globalization/icu/downloads.jsp
(under an X-style license) for an apr_xlate alternative to iconv
Other bugs that need fixing:
Other features that need writing:
* possibly move test/testdbm* to util/dbu
Justin says: Do we still want to do this? testdate is now in test.
Status: Greg +1 (volunteers)
* unify parsing of prepared statements in DBD
Status: patches exist, awaiting review
format of arguments (i.e. %s, %d etc.) needs to be agreed upon
* add binary argument functions to DBD
Status: patches exist, awaiting review
API needs to be agreed upon
Documentation that needs writing:
* API documentation
Status:
* doc the lifetimes of apr_dbm return values
Available Patches:
Open Issues:
|
| | Add comment |
|
| [STATUS] (apr) Wed Jan 24 23:45:22 2007 Rodent of Unusual Size 07:45:22 |
| | APACHE PORTABLE RUNTIME (APR) LIBRARY STATUS-text-*-
Last modified at [$Date: 2007-01-24 09:30:55 -0500 (Wed, 24 Jan 2007) $]
Releases:
1.3.0 : in development
1.2.9 : in development
1.2.8 : released December 4, 2006
1.2.7 : released April 14, 2006
1.2.6 : released March 25, 2006
1.2.5 : not released
1.2.4 : not released
1.2.3 : not released
1.2.2 : released October 11, 2005
1.2.1 : released August 18, 2005
1.2.0 : not released
1.1.2 : no such version
1.1.1 : released March 17, 2005
1.1.0 : released January 25, 2005
1.0.1 : released November 19, 2004
1.0.0 : released September 1, 2004
0.9.14 : in development
0.9.13 : released December 4, 2006
0.9.12 : released April 13, 2006
0.9.11 : released March 30, 2006
0.9.10 : tagged March 22, 2006, not released
0.9.9 : tagged January 30, 2006, not released
0.9.8 : tagged January 27, 2006, not released
0.9.7 : released October 11, 2005
0.9.6 : released February 4, 2005
0.9.5 : released November 19, 2004
0.9.4 : released September 25, 2003
0.9.3 : released April 3, 2003
0.9.2 : released March 22, 2003
0.9.1 : released September 11, 2002
0.9.0 : released August 28, 2002
Bundled with httpd:
2.0a9 : released December 12, 2000
2.0a8 : released November 20, 2000
2.0a7 : released October 8, 2000
2.0a6 : released August 18, 2000
2.0a5 : released August 4, 2000
2.0a4 : released June 7, 2000
2.0a3 : released April 28, 2000
2.0a2 : released March 31, 2000
2.0a1 : released March 10, 2000
RELEASE SHOWSTOPPERS:
CURRENT VOTES:
CURRENT test/testall -v EXCEPTIONS:
Please add any platform anomilies to the following exception list.
* various tests fail on Unix in VPATH builds.
* 'testipsub' will tickle an Solaris 8 getaddrinfo() IPv6 bug,
causing the test to hang. Configure with --disable-ipv6 if
using an unpatched Solaris 8 installation.
* The 'testdso' tests will not work if configured with
--disable-shared since the loadable modules cannot be built.
* 'testdso' fails on older versions of OpenBSD due to dlsym(NULL,
...) segfaulting.
* BUG: Win32 fails test in File Info: test_stat_eq_finfo
apr_stat and apr_getfileinfo differ in protection ... wrowe
guesses that we are checking the handle objects' permissions
rather than the filesystem objects' permissions.
* Win32 Not Implemented tests
Pipes: set_timeout/read_write; can't timeout blocking pipes
Socket Creation: tcp6_socket and udp6_socket (at least by default)
Socket Options: corkable: TCP isn't corkable
Users: username: Groups from apr_uid_get not implemented
RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP:
* Someone needs to port testucs to Unix. Right now it only works
on Windows.
OtherBill asks; should we have a test/arch/xxx tree?
The ucs implementation is an internal for
unicode/utf-8 win32isms.
* The return type of a thread function (void *) is inconsistent with
the type used in apr_thread_exit()/apr_thread_join() (apr_status_t).
The thread function's return type should be changed to apr_status_t
so that a return from the thread main function has the same effect
as apr_thread_exit().
See Message-Id: <E16JjZA-0007hg-00@zakath.apana.org.au> for thread
discussing this.
+1: BrianH, Aaron, david, jerenkrantz
Status: Will Rowe was working on this.
* Need some architecture/OS specific versions of the atomic operations.
progress: generic, solaris Sparc, FreeBSD5, linux, and OS/390 done
need: AIX, AS400, HPUX
* The new lock API is a full replacement for the old API, but is
not yet complete on all platforms. Components that are incomplete
or missing include:
Netware: apr_proc_mutex_*() (Is proc_mutex unnecessary on Netware?)
* proc_mutex is not necessary on NetWare since the OS does
not support processes. The proc_mutex APIs actually
redirect to the thread_mutex APIs. (bnicholes)
OS/2: apr_thread_cond_*(), apr_proc_mutex_*()
Less critical components that we may wish to add at some point:
Beos: apr_thread_rwlock_try*lock()
apr_proc_mutex_trylock()
Unix: apr_thread_rwlock_*() for platforms w/o rwlocks in pthread
Win32: apr_thread_cond_timedwait(), apr_proc_mutex_*()
(Is proc_mutex unnecessary on Win32?)
* Need to contemplate apr_strftime... platforms vary. OtherBill
suggested this solution (but has no time to implement):
Document our list of 'supported' escapes.
Run some autoconf/m4 magic against the complete list we support.
Move the strftime re-implementation from time/win32 to time/unix.
Add some APR_HAVE_STRFTIME magic to use the system fn, or fail
over to time/unix/strftime.c.
Message-ID: <025e01c1a891$bf41f660$94c0b0d0@v505>
* Using reentrant libraries with non-threaded APR
- Anecdotal evidence exists that suggests it is bad to
mix reentrant and non-reentrant libraries and therefore
we should always use the reentrant versions.
- Unfortunately, on some platforms (AIX 4.2.1) defining
the reentrant flag (-D_THREAD_SAFE) causes builds to fail,
and so one would expect --disable-threads to fix this.
Although this has been fixed for that particular version
of AIX, it may be useful to only enable the reentrant
versions when threads are enabled.
How will we deal with this issue once APR becomes a standalone
library? It is perfectly legitimate to have apps needing
both versions (threaded/reentrant and non-threaded/non-reentrant)
on the same machine.
* Pools debugging
- Find a way to do check if a pool is used in multiple
threads, while the creation flags say it isn't. IOW,
when the pool was created with APR_POOL_FNEWALLOCATOR,
but without APR_POOL_FLOCK.
Currently, no matter what the creation flags say, we always
create a lock. Without it integrity_check() and
apr_pool_num_bytes() blow up (because they traverse pools
child lists that possibly belong to another thread, in
combination with the pool having no lock). However,
this might actually hide problems like creating a child pool
of a pool belonging to another thread.
Maybe a debug function apr_pool_set_owner(apr_thread_t *) in
combination with extra checks in integrity_check() will point
out these problems. apr_pool_set_owner() would need to be called
everytime the owner(the thread the pool is being used in) of
the pool changes.
- Implement apr_pool_join and apr_pool_lock. Those functions
are noops at the moment.
- Add stats to the pools code. We already have basic stats
in debug mode. Stats that tell us about wasted memory
in the production code require more thought.
Status: Sander Striker is looking into this (low priority)
David says this is a 1.1 issue.
* Get OTHER_CHILD support into Win32
Status: Bill S. is looking into this
* Win32 apr_proc_create fails to create 16 bit apps detached
(a win32 bug.) The question - test in advance (slow) or
recover gracefully from failure and try again? Only the test
method will work on Win9x, since it will appear to work, only
to encounter mangled pipes. Win2K (NT?) simply fails.
* SysV semaphore support isn't usable by Apache when started as
root because we don't have a way to allow the semaphore to be
used by the configured User and Group. Current work-around:
change the initial permissions to 0666. Needed code: See
1.3's http_main.c, SysV sem flavor of accept_mutex_init().
Status: Jim will look into this
Update: Apache deals with this itself, though it might be nice
if APR could do something.
* Build scripts do not recognise AIX 4.2.1 pthreads
Justin says: "Is this still true?"
* FirstBill says we need a new procattr, APR_CREATE_SUSPENDED (or
something similar) to direct ap_create_process to create the
process suspended. We also need a call to wake up the suspended
process. This may not be able to be implemented everywhere though.
Status: OtherBill asks, why? What is the benefit, how is it
portably implemented? Unless this creates some tangible that
mirrors another platform, then I'm -1.
* Replace tables with a proper opaque ADT that has pluggable
implementations (including something like the existing data type,
plus hash tables for speed, with options for more later).
Status: fanf is working on this.
* add a version number to apr_initialize() as an extra failsafe against
(APR) library version skew.
MsgID: <Pine.LNX.4.10.10005231712380.31927-100000@nebula.lyra.org>
Status: Greg -1, Jeff +1, Ryan +1, Tony -0(?), david +1
* add apr_crypt() and APR_HAS_CRYPT for apps to determine whether the
crypt() function is available, and a way to call it (whether it is
located in libc, libcrypt, or libufc)
Justin says: Should apr_crypt() be in apr-util?
Status: Greg +1 (volunteers)
* use os_(un)cork in network_io/unix/sendrecv.c for FreeBSD's
sendfile implementation.
david: The socket options stuff is now in and using it should
reduce the number of syscalls that are required for
os_cork and uncork, so the code should be reviewed to
make use of the new calls. If no-one beats me to it I'll
get around to it soonish...
* toss the per-Makefile setup of INCLUDES; shift to rules.mk.in
rbb: This is a bad thing IMHO. If we do this, then we
can't use these makefiles for anything else. For example,
apr-util
* add the rest of the pool accessor declare/impl macros.
Justin says: Both thread and file have the accessors now. Any others?
Status: Greg volunteers
* I think apr_open_stderr() and friends *should* dup() the
descriptor. That would allow the new/returned file to be closed
(via pool cleanup or manually) without accidentally closing
stderr/out.
* need to export (in code, not just build scripts) the shared
library extension (e.g. ".so") for the platform. clients need to
use this to construct filenames to pass to apr_dso_load()
-- note on Win32 we distinguish 'apache module' names from other
'loadable module' names, so be careful with Apache's directive.
* Possible gmtime_r replacement in explode_time
On Solaris (and possibly others), the gmtime_r libc function obtains
a mutex. We have seen 21/25 threads being blocked in this mutex on
a threaded httpd MPM when requesting static pages. It may be worth
it to hand optimize this since there is no real need for a mutex at
the system level (straight arithmetic from what I can tell). If you
have access to the Solaris source code:
osnet_volume/usr/src/lib/libc/port/gen/time_comm.c.
* Add a way to query APR for what features it has at runtime (i.e.
threads).
Justin says: I'm not completely sold on this, but it has been mentioned
before and at least added to STATUS.
* apr_xlate.h generates a bunch of compiler warnings.
Jeff asks: which platform?
Justin says: Solaris with Forte 6.1.
* fcntl() oddness on Solaris. Under high loads, fcntl() decides to
return error code 46 (ENOLCK).
httpd (prefork MPM) error log says (predictably):
(46)No record locks available: couldn't grab the accept mutex
All of the children report this and subsequently exits. httpd is now
hosed. AFAICT, this does not look to be an out-of-fds error.
Solaris's man page says:
ENOLCK
The cmd argument is F_SETLK, F_SETLK64, F_SETLKW, or
F_SETLKW64 and satisfying the lock or unlock request
would result in the number of locked regions in the
system exceeding a system-imposed limit.
Justin says: What is this system-imposed limit and how do we change it?
This gives me more rationale for switching the default
interprocess lock mechanism to pthread (if available).
Explanation (from Kristofer Spinka <kspinka@style.net>):
============
The system imposed default limit of outstanding lock requests is
512.
You can verify this by, in a contemporary version of Solaris:
# mdb -k > tune_t_flckrec/D
tune_t_flckrec:
tune_t_flckrec: 512
This can be increased by adding the following to /etc/system:
set tune_t_flckrec=1024
and rebooting.
Of course "1024" can be any reasonable limit, although we do not know
what "reasonable" should be, so be conservative, only increase this as
necessary.
* Generate a good bug report to send to the FreeBSD hackers that details
the problems we have seen with threads and system calls (specifically
sendfile data is corrupted). From our analysis so far, we don't think
that this is an APR issue, but rather a FreeBSD kernel issue. Our
current solution is to just disable threads across the board on
FreeBSD.
MsgID: <20010828091959.D17570@ebuilt.com>
Status: Fixed in -CURRENT. MFC in about a week. Continuing
testing with threads on FreeBSD.
FreeBSD PR kern/32684:
http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/32684
* There are some optimizations that can be done to the new
apr_proc_*() functions (on UNIX). One that may reduce pointer
indirection would be to make the apr_proc_mutex_unix_lock_methods_t
first-class members of the apr_proc_mutex_t structure.
* Condition variables are tricky enough to use, and even trickier
to implement properly. We could really use a better test case
for those subtle quirks that sometimes creep into CV implementations.
* Once we are fully satisfied with the new lock API, we can
begin to migrate the old API to be implemented on top of the
new one, or just decide to get rid of it altogether.
* FreeBSD returns 45 (EOPNOTSUPP) when the lockfile is on a NFS
partition when you call fcntl(F_SETLKW). It may be good if we
can somehow detect this and error out when creating the lock
rather than waiting for the error to occur when acquiring lock.
* Fix autoconf tests for strerror_r on BeOS and remove the hack in
misc/unix/errorcodes.c to get error reporting working. Committed as
the solution is elusive at present.
* implement APR_PROGRAM_ENV and APR_PROGRAM_PATH on BeOS, OS/2,
Netware, and Win32.
* stat() on a few platforms (notably Solaris and AIX) succeeds for
a non-directory even if a trailing '/' was specified in the
name. APR should perhaps simulate the normal -1/ENOTDIR
behavior in APR routines which retrieve information about the
file. Note: Win2K fails GetFileAttributesEx in this scenario.
See OtherBill's comments in this message to dev@httpd.apache.org:
Message-Id: <5.1.0.14.2.20020315080852.00bce168@localhost>
Documentation that needs writing:
* API documentation
Ian Says: APR Stuff in now in Doxygen format, which is the first step.
David says: are we planning on doing any more? I'm tempted to remove this
item.
* apr-site needs to be revamped with Anakia/XHTML.
* Identify and implement those protection bits that have general
usefulness, perhaps hidden, generic read-only [immutable],
effective current user permissions, etc.
* Maybe make the following functions return void instead of
apr_status_t, as they cannot ever error:
apr_md5_init()
apr_md5_update()
apr_md5_final()
apr_md5_encode()
apr_md5() /* plus make the obvious code tweak in this one */
(Volunteer: Karl Fogel <kfogel@collab.net>.)
However, don't do this until after apr and apr-util offer
library version numbers, and httpd uses those numbers to
indicate which version it needs. Until the libraries are
versioned, this api change is [somewhat] painful for httpd.
Status: Still in discussion, current leanings appear to be
Bill Stoddard -0.5 (?)
Sander Striker +1
Greg Stein +1
Karl Fogel +1
david: This was rejected for 1.0 following Ben L's comment that
should we ever start using any other form of md5 (e.g.
openssl) then errors would become a distinct possibility.
API Changes Postponed for APR 2.0:
* apr_atomic_casptr() has the volatile qualifier in the wrong
place: should take "pointer to volatile pointer to void", not
"pointer to pointer to volatile void".
* apr_socket_sendfile(): the offset parameter should not be
pass-by-reference, or it should be updated to do something
useful.
* apr_password_get(): the bufsize parameter should not be
pass-by-reference.
* apr_allocator.h: apr_memnode_t's use of uint32_t's doesn't match
well with allocation sizes being apr_size_t, possibly this can
be improved by using apr_size_t throughout.
* apr_hash_count() should take a const apr_hash_t * argument.
* apr_ino_t should be an ino64_t in LFS builds.
* possible type renames:
apr_file_info_t from apr_finfo_t
apr_file_attrs_t from apr_fileattrs_t
apr_file_seek_where_t from apr_seek_where_t
apr_lock_mech_e from apr_lockmech_e
apr_time_interval_t from apr_interval_time_t
apr_time_interval_short_t from apr_short_interval_time_t
* wrowe writes:
Looking at bug 32520, it occurs to me that exploding times using the
apr_time_exp_* functions; it would make more sense to split ->tm_usec into
->tm_msec thousandths (milleseconds)
->tm_usec millionths (microseconds)
for most display purposes. It's trivial to roll them together with the
format string %03d%03d if that's what's desired, or display simply
%02d.%03d if millisecond resolution is desired. It would also shrink
the fields to int's so unpacking would be slightly slower, using them
would be slightly faster, for what's likely to be little impact on
performance.
* The other-child API doesn't allow the apr_exit_why_e to be passed to the
application's maintenance function. The expected usage is that the
application calls apr_proc_wait[_all_procs]() and is given back
apr_exit_why_e and exit_code_or_signal_num, thus losing the original
(on Unix, at least) representation which held both pieces of information
in an int. Both pieces of data should be available to the maintenance
function so that it has the opportunity to take different actions. An
example would be to issue messages about probable misconfiguration when
receiving a certain exit code and trying to restart otherwise. Thus,
apr_proc_other_child_alert() should take an additional apr_exit_why_e
parameter, as should the application-provided maintenance function. The
exit-why value would be ignored in the same circumstances as the existing
status parameter: reason != APR_OC_REASON_DEATH.
Stuff for post 1.0:
* Almost every API in APR depends on pools, but pool semantics
aren't a good match for a lot of applications. We need to find
a way to support alternate allocators polymorphically without
a significant performance penalty.
* apr_global_mutex_child_init and apr_proc_mutex_child_init aren't
portable. There are a variety of problems with the locking API when it
is used with apr_create_proc instead of apr_fork. First, _child_init
doesn't take a lockmech_e parameter so it causes a segfault after the
apr_proc_create, because the proc_mutex field hasn't been initialized.
When the lockmech_e parameter is added, it _still_ doesn't work, because
some lock mechanisms expect to inherit from the parent process. For
example, sys V semaphores don't have a file to open, so the child process
can't reaquire the lock.
jerenkrantz says: This is not a showstopper and I believe the above
analysis is slightly confusing. The real problem here is that
apr_*_mutex_child_init assumes a shared memory space - that is, the
children processes have access to the parent apr_*_mutex_t pointer. The
children just call child_init on the original, inherited apr_*_mutex_t.
Unlike globalmutexchild in test, apr_*_mutex_create is *not* intended to
be called from the child and subsequently call child_init. Instead,
apr_create_proc is intended to exec separate processes with disjoint
memory addresses. Currently, APR does not provide a cross-platform
mechanism for joining an already existing lock. A simple
'apr_*_mutex_join' which is intended to be called from separate
processes to an already-existing lock would solve this problem.
child_init is not intended to be used this way. Even with SysV
semaphores, using IPC_PRIVATE should still work due to the parent-child
relationship. A strawman has been posted to dev@apr:
Message-Id: <213031CF0406DE1AC426A411@[10.0.1.137]>
This was listed as a showstopper for 1.0, but while the 2 patches above
exist neither was able to garner enough votes to be included in 1.0.
Will Rowe commented that a combination of the 2 would probably be the right
approach, a view that seems to have a lot of merit. Hopefully we can solve
this post 1.0. There were also enough people who felt that it wasn't a
real showstopper for it to be bumped.
* Must namespace protect all include/apr_foo.h headers. Jon Travis
has especially observed these including apr within Apache-1.3.
Message-ID: <20020128100116.A4288@covalent.net>
Deprecating the symbols in 0.9, eliminating them with 1.0.
(Those problems have been fixed, but it is a good example of
what to look for.)
Some headers with issues:
apr.hnw (READDIR_IS_THREAD_SAFE, ENUM_BITFIELD,
_POSIX_THREAD_SAFE_FUNCTIONS (?))
* Flush out the test suite and make sure it passes on all platforms.
We currently have about 450 functions in APR and 147 tests. That
means we have a large number of functions that we can't verify are
actually portable. This TODO includes finishing the migration to the
unified test suite, and adding more tests to make the suite
comprehensive.
* Eliminate the TODO's and XXX's by using the doxygen @bug feature
to allow us to better track the open issues, and provide historical
bug lists that help porters understand what was wrong in the old
versions of APR that they would be upgrading from.
|
| | Add comment |
|
| [PATCH] ldap component not reflected in LICENSE Eric Covener 07:29:32 |
| | Two (innocuous) licenses/copyright attributions appear in
apr_ldap_url.c that aren't quoted in the toplevel license FILE --
patch against trunk attached.
--
Eric Covener
covener@gmail.com
|
| | Add comment |
|
| Problem with Suexec in (Debian) Apache2.2.3 mod_userdir + PHP 5.2.0-8 Pusk s Zsolt 00:39:13 |
| | Hello All.
Is there anybody who can send a link how to make suexec work on Debian
4.0 'etch' I spend 2 days from morning to night and I give up.
Suexec does not work in any case neighter with userdirs or just in virtualhost
PHP scripts keep running in www-data user & group.
I tried all possible combinations
I haven't compiled it I just used the deb package.
I can see the -D SUEXEC_BIN="/usr/lib/apache2/suexec" option in
the /server-info but the scripts keep running in www-data user group :S
please help.
I just want to make users to run php scripts without seeing one another
file's.
Thank you.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
|
| | 2 answer | Add comment |
|
| Webpage cannot be fouind Grant Lowe 00:39:13 |
| | Hi All.
I'm getting a 404 error saying that the webpage cannot be found when I
try to login to my web server. I have searched through Google and
looked at various web pages and numerous USENET news groups. I have
checked the permissions on the apache directories and files in question.
I have tried different browsers. I have also looked through the FAQ.
I've also tried connecting from different computers. Still the same
result. I'm running Apache 2.0.52 on a CentOS server. Any ideas?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
|
| | 1 answer | Add comment |
|
| FollowSymLinks in sub-directory Nathan Kellogg 00:39:13 |
| |
We are trying to use the following config to allow a listing of files in
the /htdocs/buslist/ directory but not in the /htdocs/ directory.
In the absence of index.html in the /htodcs/buslist/ directory, Apache
responds with
"Forbidden
You don't have permission to access /buslist/ on this server."
I have verified that the Auth directives are working properly.
Is there any way to bet a sub directory to produce file listings?
Thanks in advance for any help!
<Directory "c:/nwls/htdocs/">
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<Directory "c:/nwls/htdocs/buslist/">
AuthName "Password Required"
AuthType Basic
AuthBasicProvider mysql
AuthnMySQLServerConfig SRV1
Require valid-user
</Directory>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
|
| | 1 answer | Add comment |
Wednesday, 24 January 2007
|
| Question about ProxyPass Phill Edwards 22:53:16 |
| | My company sends out web-based surveys to our customers. These surveys
are managed by a 3rd party so the domain name that the surveys are
served under is totally different to our domain name.
Would it be possible to use ProxyPass to make it look like the surveys
were being served under our own domain. The survey URLs look something
like this:
Page 1 - http://XXXX.com/take/?i=110194&r=20314964&h=ZP26jPoZUCD0xTXxVZoRcw
Page 2 - http://XXXX.com/Take/getsurvey.isp?i=110194&PageId=3&r=20314964&h=ZP26jPoZUCD0xTXxVZoRcw&qn=&cn=2
Page 3 - http://XXXX.com/Take/getsurvey.isp?i=110194&PageId=5&r=20314964&h=ZP26jPoZUCD0xTXxVZoRcw&qn=&cn=3
etc.
Does it depend on how the web site has been written - so for example
if they've used absolute URLs instead of relative URLs would that be a
problem?
Any advice on how this may be achieved any other way?
Regards,
Phill
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
|
| | 1 answer | Add comment |
|
