Received: by taz.hyperreal.com (8.8.4/V2.0) id OAA06784;
 Sat, 1 Feb 1997 14:54:59 -0800 (PST)
Received: from twinlark.arctic.org by taz.hyperreal.com (8.8.4/V2.0) with SMTP
 id OAA06780; Sat, 1 Feb 1997 14:54:57 -0800 (PST)
Received: (qmail 2669 invoked by uid 500); 1 Feb 1997 22:55:06 -0000
Date: Sat, 1 Feb 1997 14:55:06 -0800 (PST)
From: Dean Gaudet <dgaudet@arctic.org>
To: new-httpd@hyperreal.com
Subject: Re: Agenda for 1.2b7
In-Reply-To: <Pine.BSF.3.95.970201132249.331B-100000@alive.ampr.ab.ca>
Message-ID: <Pine.LNX.3.95dg2.970201124256.28944C-100000@twinlark.arctic.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: new-httpd-owner@apache.org
Precedence: bulk
Reply-To: new-httpd@hyperreal.com

On Sat, 1 Feb 1997, Marc Slemko wrote:
>   * In your security tips, you use the invalid
>     directive <Directory>.  It used to be (correctly)
>     <Directory />.  But I would suggest that it isn't
>     paranoid enough, anyway, as PUT shouldn't be
>     allowed for arbitrary directories. [Nick Maclaren <nmm1@cus.cam.ac.uk>]

It might be better to suggest something like this:

    # default is to deny everything to the entire filesystem
    <Directory />
    AllowOverride None
    Options SymLinksIfOwnerMatch
    order deny,allow
    deny from all
    </Directory>

    # now allow appropriate access to the areas we want
    <Directory /home/www/cgi-bin>
    AllowOverride None
    Options ExecCGI
    order allow,deny
    allow from all
    </Directory>

    <Directory /home/www/docroot>
    Options Includes Indexes ExecCGI SymLinksIfOwnerMatch MultiViews
    AllowOverride None
    order allow,deny
    allow from all
    </Directory>

    <Directory /home/www/icons>
    order allow,deny
    allow from all
    </Directory>

    <Directory /home/*/public_html>
    Options Indexes ExecCGI SymLinksIfOwnerMatch MultiViews
    AllowOverride None
    order allow,deny
    allow from all
    </Directory>

>   * 64-bit issues; general cleanup, ap_snprintf("%d", (int)-1) giving
>     wrong behavior on Alpha boxes.

I've forgotten what the wrong behaviour was... could someone refresh my
memory?

>   * Improvements in chunked performance by reducing buffer count sent
>        Status: no patch; Dean may do

I'm not at all happy with what I've got in progress on this one, it's
getting far too complicated; such that I won't feel good about putting it
in this late.  Unless I have a flash of inspiration today I'm going to
submit a patch which uses writev() to improve write_it_all(); and we'll
have to live with the remaining bflush() caused by turning chunked on
and off.

>   * new header_parse API hook is called too often
>        Status: RobH posted patch, had second thoughts.  He
>        suggests that mod_browser be optimised by detecting if it has been
>        called already and returning early if it has.

I'd +1 such a patch to mod_browser.  Wouldn't it be just a matter of
testing r->main ?

Dean