httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steffen <>
Subject Re: httpd 2.4.26 with apr 1.6 ExtFilterDefine
Date Sat, 08 Jul 2017 07:59:39 GMT

Received more details:

Our client/server system needs encrypting to client. Almost files are 
statically encrypt, but some xml need to
modify by SSI then encrypt. So I made encrypting file
filter by exe (not Apache module). Its name is encect.exe
(x86) and it is using msvcrt.dll. Because encect.exe works
all Apache HTTP Server (x86/x64) which is enabled built-in
mod_ext_filter module.


Some directory uses SYMLINKDed directory. Apache HTTP
Server too. Enabed symlink by .htaccess file in parent of

   Options +FollowSymLinks

The modification & encrypt SSI template xml file are in
the above symlinked directory.

Apache HTTP Server's httpd.conf defines like follow.

ExtFilterDefine ENCECT mode=output cmd=modules/encect.exe
Alias /WebRoot/ "/Path/To/WebRoot/"
<Directory "/Path/To/AppRoot/">
     Options Indexes MultiViews IncludesNOEXEC
     AddOutputFilter INCLUDES m3s inc ini
     AddOutputFilter INCLUDES;ENCECT xmlpp
     AllowOverride All
     Require all granted

The xmlpp file size is 3,295 bytes. written in Shift_JIS.
Used SSI tag is three <!--#echo var="SERVER_NAME"--> like

   <servletURL url="http://<!--#echo var="SERVER_NAME"-->/...

Client access to xmlpp file, the encect.exe process is
remains in service. I'm memory dump encect.exe and load to
WinDbg. Call stack is ReadFile(), it means encect.exe
waiting stdin, but Apache does not send any. Kill the
encect.exe, client receives body from first SSIed parsed
text. (Loose until first SSI tag.)

I tested INCLUDE;ENCECT to..
(A) INCLUDES only, client receives plain complete SSI
parsed xmlpp file. OK.
(B) ENCECT only, client receives responce header without
body. NG. This must encrypt xmlpp file.

Next, I tested to 2.4.25, but still NG.

Next, I read Apache HTTP Server Change log, I found
mod_filter changes. I tested and to 2.4.25, NG.

Next, I tested httpd.exe to 2.4.25, NG.

Next, I read Apache Lounge's used modules, I found APR is
upgraded to 1.6.2 from 1.5.x. So I tested libapr-1.dll,
libaprutil-1.dll to 2.4.25, OK! Works like 2.4.25 and
earlier version of Apache HTTP Server.

On Friday 07/07/2017 at 20:13, William A Rowe Jr  wrote:
> On Fri, Jul 7, 2017 at 7:13 AM, Jim Jagielski <> wrote:
>> 2.4.26/27 doesn't *require* APR/APU 1.6.x, but there are
>> some features that depend on it. If it's a bug in apr 1.6.x,
>> then it's not a httpd bug specifically... imo at least.
>> any further detail on how the below is actually borken??
>> What happens?
>>> On Jul 7, 2017, at 7:41 AM, Steffen <> wrote:
>>> I got the following report. Is this known ?
>>> Because apache http server all of 2.4.26 (vc11,vc14,vc15)
>>> was not work ExtFilterDefine & OutputFilter. Its bug
>>> exists in apr 1.6. I thought it need to inform.
>>> Apache 2.4.26 changes apr 1.6, but it broke
>>> ExtFilterDefine & OutputFilter.
>>> (test) copy apache 2.4.25's libapr-1 & libaprutil to
>>> apache 2.4.26, they worked correctly like before apaches.
> Yes, we need the actual error messages.
> I'm about ready to T&R apr 1.6.1 / apu 1.6.3 for the various fixes 
> already
> present, but if we can fix something specific that we are unaware 
> of...

View raw message