httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@arctic.org>
Subject Re: Agenda for 1.2b7
Date Thu, 06 Feb 1997 06:19:08 GMT
Some updates for you.

On Wed, 5 Feb 1997, Marc Slemko wrote:
>   * In your security tips, you use the invalid
>     directive <Directory>.  It used to be (correctly)
>     <Directory />.  But I would suggest that it isn't
>     paranoid enough, anyway, as PUT shouldn't be
>     allowed for arbitrary directories. [Nick Maclaren <nmm1@cus.cam.ac.uk>]

I believe Brian committed a fix for this.

>   * 64-bit issues; general cleanup, ap_snprintf("%d", (int)-1) giving
>     wrong behavior on Alpha boxes.

I'm still waiting for a description of the error...

>   * http_request.c: directory_walk() misses some <Directory ...> directives
>     (PR#131).  I'm not sure the way things are done is really incorrect, 
>     but should be looked at.

The only issue here is if we want to allow short-circuit matching on
<Directory> directives.  Otherwise, the patch supplied in #131 (which I
reposted against the current source) is correct if we want to allow
multiple directives to match. 

>   * user and server get confused over what should be a virtual host
> 	and what is the main server, resulting in access to something
> 	other than the name defined in the virtualhost directive (but
> 	with the same IP address) failing.  
> 		Status: should be looked at, may not be a nice way to fix 
> 			since it is likely not technically a bug.

I posted a patch for this.  Ben gave it a +1 but hasn't tested it.

>   * Improvements in chunked performance by reducing buffer count sent
>        Status: no patch; Dean may do

Patch posted sunday.  No reviews yet.

I also posted a performance patch for directory_walk() and relatives based
on profiling.  Ed gave it a +1

Both of these have been running on HotWired since sunday night with no
ill-effects, and a 10% performance gain over 1.1.1 (I have no figures to
compare against 1.2). 

>   * Satisfy Any can be changed if .htaccess exists
>         If you give Satisfy Any in access.conf for a particular directory,
>         and have a .htaccess in that directory, Satisfy mode reverts
>         to Satisfy All even if the .htaccess has _no_ authentication
>         directives.

I posted a patch that wasn't sufficient, Ed posted a sufficient patch. 
Paul Sutton has given it a +1 (with some discussion).  I add my +1 to it. 

>   * new header_parse API hook is called too often
>        Status: RobH posted patch, had second thoughts.  He
>        suggests that mod_browser be optimised by detecting if it has been
>        called already and returning early if it has.

What is the correct way to do this?

>   * directory redirect returns 302 not 301, see PR 77
>        Status: easy to fix, but will require testing

I reposted the patch against current CVS.  I gave it +1, Marc gave it +1,
Ed gave it +1.  I've been running this one on HotWired as well without
problem.

Dean


Mime
View raw message