httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <rainer.j...@kippdata.de>
Subject Re: [Proposal for trunk] Extending RewriteMap, Reusing ip network matches
Date Sat, 19 Dec 2009 11:50:00 GMT
On 18.12.2009 20:24, William A. Rowe Jr. wrote:
> Rainer Jung wrote:
>> On 17.12.2009 23:14, William A. Rowe Jr. wrote:
>>> Rainer Jung wrote:
>>>> 1) Extending RewriteMap
>>>> =======================
>>>>
>>>> I plan to extend key file handling in text file RewriteMap. At the
>>>> moment keys are always matched as exact strings against the map. I want
>>>> to add the ability to alternatively
>>>>
>>>> a) match via regexp (and replace backreferences in the found values)
>>>> b) match via ip network notation like e.g. used in "Require ip ..."
>>>>
>>>> This could be expressed in the configuration by adding another token
>>>> after type:source, e.g. "exact", "regexp", "ip", where "exact" is the
>>>> default.
>>>
>>> -1; you are going to completely hide the performance penalty from the
>>> user's attention.  In order to identify this properly, please extend with
>>> an alternate directive to activate this (slower) mapping, e.g.
>>> RewriteList
>>> or some such.
>>
>> Really? The feature is off by default, users need to activate by adding
>> one of the new match types. Old configs will not see a performance penalty.
>>
>> The penalty when using the new match type can easily be documented the
>> same way I would need to documnt RewriteList. I'm not sure whether
>> adding a new directive is the way to go, because the purpose of the list
>> is the same as of the map. Only the type of key matching changes. I'm
>> afraid it will lead to some confusion.
>
> Reviewers are more likely to catch a misconfig if you use RewriteList rather
> than some extra args.  This is why I deprecated<Container ~ foo>  so long
> ago, and replaced it with<ContainerMatch foo>.

Do you have an comment on the other part of the proposal, namely adding 
ip subnet match to RewriteCond and SetEnvIf by using a magic prefix 
character, like e.g.

RewriteCond %{REMOTE_ADDR} @195.227.30.128/25
SetEnvIf Remote_Addr @195.227.30.128/25 isTrusted

It seems you wouldn't like that as well in analogy to the "~" operator? 
Any other syntax idea how to express an ip subnet match instead of a regexp?

> RewriteList's will take only a subset of the storage types, right?

Yes, I was only planning to add it to txt (and rnd) types. "int" and 
"prg" don't make sense for this. Concerning the dbm storage type ...

> You aren't planning on using/reading large, nearly empty hash sets, are you?

... we would need to iterate over the entries during initial load to 
precompile the regexps and replace the dbm storage with an in-memory 
regexp array. Even if the dbm were not to large, that would pose the 
problems that the order of the dbm entries retrieved during iteration is 
not well-defined. So I'd say no, there's no good way of combining this 
with dbm.

Similarly for dbd we would need an additional ordered retrieval sql 
statement as part of the config and we would loose the ability to use 
data updated in the database without restart, because there are no file 
timestamps we can check to detect such data updates. So again I'd say 
there's not good way of implementing this for a dbd based RewriteMap.

Regards,

Rainer

Mime
View raw message