httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael <aixto...@felt.demon.nl>
Subject Re: New ServerUID directive
Date Tue, 06 Feb 2018 11:17:32 GMT
On 06/02/2018 11:54, Stefan Eissing wrote:
>
>> Am 06.02.2018 um 11:45 schrieb Helmut K. C. Tessarek <tessarek@evermeet.cx>:
>>
>> On 2018-02-06 05:13, Yann Ylavic wrote:
>>> Sorry for what is probably (my) bad english, "fixed" meant "the same
>>> after restart (or stop/start)".
>> Right, but isn't the virtual host's server name/port config after the
>> restart the same as well? Why do you need a new separate unique identifier?
>>
>> And should you ever change the port number and/or the virtual host's
>> server name, then this virtual host won't be the same after a restart
>> anyway.
>>
>> Either I'm missing something here, but I still don't understand the
>> reason for a unique identifier, when you already have one.
> You are missing that Yann exactly wants to do that.
>
> Only as consideration for people who prefer otherwise, he considered to
> introduce a ServerUID directive.
>
> Now, he tried several times to get the discussion back to what a good
> *automatic* id for the load balancer is,

Ah, for the fortunate that have so much traffic they need the 'lb'. And 
I imagine, for that 'automatic' is fine. Never had to use one though - 
so no idea how hard they are to configure/manage. However, I expect I 
would rather "not care" how the internals work for giving me a vhost 
ServerID. Why should I care - after a restart whether the value 
generated is the same or not.

That said - what could I do with a ServerID (forget the unique for the 
moment).

Again, my first thoughts are with regard to 'security' aka 'access 
control'. Could I use (or is there already something I am unaware of) a 
ServerID in <Directory> blocks, e.g., with <Require> - so that I can 
specify access control in terms of the <vhost> rather than as attributes 
of clients. Might all be nonsense - asin - this is just me brainstorming.

I guess my question is closer to: are there ways to manage 'access 
control' based on the server configuration and the physical resources 
(mainly thinking files). What is more manageable? What is easier to 
report on/with (to a non-httpd specialist). What is easier to audit/log, 
perhaps in separate logs?

>   but everyone keeps discussing
> directives...
>
> *Waves Jedi Hand*: "Forget the directive..."
(* Michael blinks - what were we talking about? *)
>
>> Or at least one that can be used from a combination of several fields in
>> the server struct.
>>
>> What am I missing?
>>
>> -- 
>> regards Helmut K. C. Tessarek              KeyID 0x172380A011EF4944
>> Key fingerprint = 8A55 70C1 BD85 D34E ADBC 386C 1723 80A0 11EF 4944
>>
>> /*
>>    Thou shalt not follow the NULL pointer for chaos and madness
>>    await thee at its end.
>> */
>>
>


Mime
View raw message