Nick Kew | 1 Oct 01:05 2007

Proxying OPTIONS *

RFC2616 is clear that:
  1.  OPTIONS * is allowed.
  2.  OPTIONS can be proxied.

However, it's not clear that OPTIONS * can be proxied,
given that there's no natural URL representation of it (* != /*).

The Co-Advisor suite has a test case to proxy OPTIONS * using:

OPTIONS * HTTP/1.1\r\n
Host: [remote target host]\r\n
\r\n

Unfortunately PR#43519 is obscuring the Co-Advisor test case 
(which purports to be testing our handline of Max-Forwards)
by returning 403.

It's not at all clear to me whether that syntax should
be supported.  Anyone?

--

-- 
Nick Kew

Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/

Roy T. Fielding | 1 Oct 01:54 2007
Picon

Re: Proxying OPTIONS *

On Sep 30, 2007, at 4:05 PM, Nick Kew wrote:

> RFC2616 is clear that:
>   1.  OPTIONS * is allowed.
>   2.  OPTIONS can be proxied.
>
> However, it's not clear that OPTIONS * can be proxied,
> given that there's no natural URL representation of it (* != /*).

An absolute http request-URI with no path.

> The Co-Advisor suite has a test case to proxy OPTIONS * using:
>
> OPTIONS * HTTP/1.1\r\n
> Host: [remote target host]\r\n
> \r\n

Completely bogus.

....Roy

William A. Rowe, Jr. | 1 Oct 02:20 2007
Picon

Why permit --with-mpm=event ???

when

[Sun Sep 30 17:19:47 2007] [crit] (70023)This function has not been implemented
on this platform: Couldn't create a Thread Safe Pollset. Is it supported on your
platform?

it seems like a config-time test.

Bill

Nick Kew | 1 Oct 03:01 2007

Backslashes in HTTP Headers

Coadvisor has several testcases involving a Content-Type line with 
a lot of qualifier tokens.  These tokens are quoted strings and
include backslashes.  This is going to wrap when I cut&paste:

Content-Type: text/other; charset=ISO-8859-4; attribute=value; q=0.9;
q=9.0000  ; a="quoted text/html"; a="quoted, list=b"; a="quoted \r\n
new line"; a="quoted \r\n\t\r\n new lines"; a="slashed \alpha";
a="slashed \\nnew line"; a="slashed \\r\\ncrlf"; a="slashed \\n\\nnew
lines"; a="slashed \"string"; a-rvlmxgisq=v-r808478;
a-rtbtrjxmwqirv=v-r797440; a-rwsqj=v-r9946045539;
a-rkdrdmk=v-r93968576355\r\n

Our ap_rgetline_core is seeing those quoted \-r-\-n sequences as
newlines and getting hopelessly confused (the outcome is 400
in the case of a request header, 502 from a response).

A simple search of RFC2616 gives:

       message-header = field-name ":" [ field-value ]
       field-name     = token
       field-value    = *( field-content | LWS )
       field-content  = <the OCTETs making up the field-value
                        and consisting of either *TEXT or combinations
                        of token, separators, and quoted-string>

	quoted-string  = ( <"> *(qdtext | quoted-pair ) <"> )
	quoted-pair    = "\" CHAR

	CHAR           = <any US-ASCII character (octets 0 - 127)>

(Continue reading)

bugzilla | 1 Oct 08:08 2007
Picon

Bug report for Apache httpd-1.3 [2007/09/30]

+---------------------------------------------------------------------------+
| Bugzilla Bug ID                                                           |
|     +---------------------------------------------------------------------+
|     | Status: UNC=Unconfirmed NEW=New         ASS=Assigned                |
|     |         OPN=Reopened    VER=Verified    (Skipped Closed/Resolved)   |
|     |   +-----------------------------------------------------------------+
|     |   | Severity: BLK=Blocker     CRI=Critical    MAJ=Major             |
|     |   |           MIN=Minor       NOR=Normal      ENH=Enhancement       |
|     |   |   +-------------------------------------------------------------+
|     |   |   | Date Posted                                                 |
|     |   |   |          +--------------------------------------------------+
|     |   |   |          | Description                                      |
|     |   |   |          |                                                  |
|10038|New|Min|2002-06-20|ab benchmaker hangs on 10K https URLs with keepali|
|10744|New|Nor|2002-07-12|suexec might fail to open log file                |
|10747|New|Maj|2002-07-12|ftp SIZE command and 'smart' ftp servers results i|
|10760|New|Maj|2002-07-12|empty ftp directory listings from cached ftp direc|
|14518|Opn|Nor|2002-11-13|QUERY_STRING parts not incorporated by mod_rewrite|
|16013|Opn|Nor|2003-01-13|Fooling mod_autoindex + IndexIgnore               |
|16631|Inf|Min|2003-01-31|.htaccess errors logged outside the virtual host l|
|17318|Inf|Cri|2003-02-23|Abend on deleting a temporary cache file if proxy |
|19279|Inf|Min|2003-04-24|Invalid chmod options in solaris build            |
|21637|Inf|Nor|2003-07-16|Timeout causes a status code of 200 to be logged  |
|21777|Inf|Min|2003-07-21|mod_mime_magic doesn't handle little gif files    |
|22618|New|Maj|2003-08-21|MultiViews invalidates PATH_TRANSLATED if cgi-wrap|
|25057|Inf|Maj|2003-11-27|Empty PUT access control in .htaccess overrides co|
|26126|New|Nor|2004-01-14|mod_include hangs with request body               |
|26152|Ass|Nor|2004-01-15|Apache 1.3.29 and below directory traversal vulner|
|26790|New|Maj|2004-02-09|error deleting old cache file                     |
|29257|Opn|Nor|2004-05-27|Problem with apache-1.3.31 and mod_frontpage (dso,|
(Continue reading)

bugzilla | 1 Oct 08:09 2007
Picon

Bug report for Apache httpd-2 [2007/09/30]

+---------------------------------------------------------------------------+
| Bugzilla Bug ID                                                           |
|     +---------------------------------------------------------------------+
|     | Status: UNC=Unconfirmed NEW=New         ASS=Assigned                |
|     |         OPN=Reopened    VER=Verified    (Skipped Closed/Resolved)   |
|     |   +-----------------------------------------------------------------+
|     |   | Severity: BLK=Blocker     CRI=Critical    MAJ=Major             |
|     |   |           MIN=Minor       NOR=Normal      ENH=Enhancement       |
|     |   |   +-------------------------------------------------------------+
|     |   |   | Date Posted                                                 |
|     |   |   |          +--------------------------------------------------+
|     |   |   |          | Description                                      |
|     |   |   |          |                                                  |
| 7483|Ass|Enh|2002-03-26|Add FileAction directive to assign a cgi interpret|
| 7741|Inf|Nor|2002-04-04|some directives may be placed outside of proper co|
| 7862|New|Enh|2002-04-09|suexec never log a group name.                    |
| 8713|New|Min|2002-05-01|No Errorlog on PROPFIND/Depth:Infinity            |
| 9727|Ass|Min|2002-06-09|Double quotes should be flagged as T_HTTP_TOKEN_ST|
| 9945|New|Enh|2002-06-18|[PATCH] new funtionality for apache bench         |
|10154|Ass|Nor|2002-06-23|ApacheMonitor interferes with service uninstall/re|
|11035|New|Min|2002-07-22|[PatchAvailable] Apache adds double entries to hea|
|11294|New|Enh|2002-07-30|desired vhost_alias option                        |
|11427|Opn|Maj|2002-08-02|Possible Memory Leak in CGI script invocation     |
|11580|Opn|Enh|2002-08-09|generate Content-Location headers                 |
|11997|Inf|Maj|2002-08-23|NT MPM assertion "(rv >= 0) && (rv < threads_creat|
|12033|Opn|Nor|2002-08-26|Graceful restart immidiately result in [warn] long|
|12340|Inf|Nor|2002-09-05|WindowsXP proxy, child process exited with status |
|12680|New|Enh|2002-09-16|Digest authentication with integrity protection   |
|13029|New|Nor|2002-09-26|Win32 mod_cgi failure with non-ASCII characters in|
|13599|Ass|Nor|2002-10-14|autoindex formating broken for multibyte sequences|
(Continue reading)

Alec Matusis | 1 Oct 08:32 2007
Picon

2.0.54 unstable, requests time-out, NO warnings in logs

We are running a busy Apache/2.0.54 server on 2.6.9 kernel, that suddenly becomes very slow- requests
either time out, or it takes 10-20sec to serve a 1K thumbnail. 
It is somewhat correlated with load spikes, but not perfectly (by looking at the bandwidth graph, it never
happens during the low bandwidth periods at night, but it does not coincide with peaks of b/w) 

When we initially encountered an apache overload, it was always accompanied with 

[error] server reached MaxClients setting, consider raising the MaxClients setting 

in the apache error log. We also got 

kernel: possible SYN flooding on port 80. Sending cookies. 

in /var/log/messages system log. 

After that I raised MaxClients from 200 to 300. The problem initially disappeared, but after our bandwidth
grew a bit more, we got this behavior again. 
Now apache crashes (becomes very slow) silently, with no warning in apache error logs at all (although we
still get SYN flood message in the system log) 
When apache is this 'slow' regime, /server-status still shows available slots, i.e. MaxClients is not
reached. 

This is the relevant part of httpd.conf: 

ServerLimit 300 
# we are using prefork MPM 
StartServers 10 
MinSpareServers 5 
MaxSpareServers 20 
MaxClients 300 
(Continue reading)

William A. Rowe, Jr. | 1 Oct 09:22 2007
Picon

Time to chop exports.c in half?

server/Makefile.in;

export_files:
        tmp=export_files_unsorted.txt; \
        rm -f $$tmp && touch $$tmp; \
        for dir in $(EXPORT_DIRS); do \
            ls $$dir/*.h >> $$tmp; \
        done; \
        for dir in $(EXPORT_DIRS_APR); do \
            (ls $$dir/ap[ru].h $$dir/ap[ru]_*.h >> $$tmp 2>/dev/null); \
        done; \
        sort -u $$tmp > $ <at> ; \
        rm -f $$tmp

Isn't it time, already, do do away with everything related to EXPORT_DIRS_APR
in httpd 2.3-dev?  (Obviously I wouldn't suggest changing anything for 2.2).

It seems every modern OS should do a perfectly respectible job of binding
dynamic libraries and their symbols without this extra, leftover cruft.

Bill

Boyle Owen | 1 Oct 09:34 2007

Adding timestamp to apache releases?

Greetings,

To-do list item #1 for this week is "upgrade to 2.2.6". When I was
waiting for the tar-ball to download, it occurred to me that it isn't
blindingly obvious *when* the update was published. There's no date on
the homepage (http://httpd.apache.org/) or on the download page
(http://httpd.apache.org/download.cgi) or on the announcement page
(http://www.apache.org/dist/httpd/Announcement2.2.html) or even on the
changes log (http://apache.mirror.testserver.li/httpd/CHANGES_2.2)...
It's just that when I announce the upgrade internally, managers like to
see something like a date rather than just an arbitrary version number.

Is there a reason for the coyness or is it just an oversight, like
people who send out invites to parties with elaborate directions and
clip-art but forget to put the date?

Might it be an idea for 2.2.7?

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.

 
This message is for the named person's use only. It may contain confidential, proprietary or legally
privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If
you receive this message in error, please notify the sender urgently and then immediately delete the
message and any copies of it from your system. Please also immediately destroy any hardcopies of the
message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this
message if you are not the intended recipient. The sender's company reserves the right to monitor all
e-mail communications through their networks. Any views expressed in this message are those of the
(Continue reading)

William A. Rowe, Jr. | 1 Oct 09:58 2007
Picon

Re: Adding timestamp to apache releases?

Boyle Owen wrote:
> 
> Might it be an idea for 2.2.7?

I like the idea of adding a date to each news item, be it on httpd.a.o,
or our www.apache.org.  +1.

(Especially since the datestamps of our tarballs are several days prior
to each release).


Gmane