Some updates for you.
On Wed, 5 Feb 1997, Marc Slemko wrote:
> * In your security tips, you use the invalid
> directive <Directory>. It used to be (correctly)
> <Directory />. But I would suggest that it isn't
> paranoid enough, anyway, as PUT shouldn't be
> allowed for arbitrary directories. [Nick Maclaren <nmm1@cus.cam.ac.uk>]
I believe Brian committed a fix for this.
> * 64-bit issues; general cleanup, ap_snprintf("%d", (int)-1) giving
> wrong behavior on Alpha boxes.
I'm still waiting for a description of the error...
> * http_request.c: directory_walk() misses some <Directory ...> directives
> (PR#131). I'm not sure the way things are done is really incorrect,
> but should be looked at.
The only issue here is if we want to allow short-circuit matching on
<Directory> directives. Otherwise, the patch supplied in #131 (which I
reposted against the current source) is correct if we want to allow
multiple directives to match.
> * user and server get confused over what should be a virtual host
> and what is the main server, resulting in access to something
> other than the name defined in the virtualhost directive (but
> with the same IP address) failing.
> Status: should be looked at, may not be a nice way to fix
> since it is likely not technically a bug.
I posted a patch for this. Ben gave it a +1 but hasn't tested it.
> * Improvements in chunked performance by reducing buffer count sent
> Status: no patch; Dean may do
Patch posted sunday. No reviews yet.
I also posted a performance patch for directory_walk() and relatives based
on profiling. Ed gave it a +1
Both of these have been running on HotWired since sunday night with no
ill-effects, and a 10% performance gain over 1.1.1 (I have no figures to
compare against 1.2).
> * Satisfy Any can be changed if .htaccess exists
> If you give Satisfy Any in access.conf for a particular directory,
> and have a .htaccess in that directory, Satisfy mode reverts
> to Satisfy All even if the .htaccess has _no_ authentication
> directives.
I posted a patch that wasn't sufficient, Ed posted a sufficient patch.
Paul Sutton has given it a +1 (with some discussion). I add my +1 to it.
> * new header_parse API hook is called too often
> Status: RobH posted patch, had second thoughts. He
> suggests that mod_browser be optimised by detecting if it has been
> called already and returning early if it has.
What is the correct way to do this?
> * directory redirect returns 302 not 301, see PR 77
> Status: easy to fix, but will require testing
I reposted the patch against current CVS. I gave it +1, Marc gave it +1,
Ed gave it +1. I've been running this one on HotWired as well without
problem.
Dean
|