httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brent 'Dax' Royal-Gordon <>
Subject Re: [users@httpd] Re: Bug Versions 1.3.28/29 Fixed In 1.3.31 Or Not?
Date Mon, 17 May 2004 20:40:20 GMT
Purl Gurl wrote:
> You have made an admission and I will make one. I am
> significantly annoyed Apache allowed this bug into
> the latest 1.3.31 version. They knew about it and
> elected to not resolve this bug. To find a cure
> is relatively simple; what changed between version
> 1.3.27 and 1.3.28 in handling socket closure? There
> in will be discovered the source of this bug.

As a programmer, surely you will realize a few things:

1. Seemingly "simple" bugs sometimes aren't.  For all we know, the 
changes between 1.3.27 and 1.3.28 brought out a subtle bug elsewhere in 

2. A bug on a relatively minor platform for Apache[1] that fills up log 
files is a fairly low-priority issue.  Bugs on more common platforms 
with more severe effects have to be fixed first.

3. This bug may have just been forgotten.  A program as big as Apache 
certainly has a lot of problems that need to be investigated, and 
missing this one may have been an honest mistake.

Some projects have a policy of "no known bugs in a release".  To my 
knowledge, Apache does not have such a policy.

 > This WebDav bug, I have doubts Apache will ever address
 > this bug.

This is not a bug.  At worst, it's a missing feature.  This is not a 
case where Apache is supposed to do something but doesn't--it's one 
where Apache doesn't do something you want it to.

> Why this is inexcusable is WebDav idiots can send in this
> hack at a rate of one per second, around the clock, and
> suffer no consequences. Requests at one per second is not
> a sufficient rate to kick in preventative denial of service
> functions. A script kiddie can pump log records at a rate
> of eight kilobytes per second, with no effort. Apache
> claims this is not a problem. I strongly disagree.

The issue here is that your log files may fill up?

I recommend you do a bit of profiling.  Very, very few web servers are 
CPU-bound, and most that are host highly dynamic sites.  Most sites are 
bandwidth-bound; some are I/O-bound.

If you find that the limit on your server's performance is either 
bandwidth or I/O, you can solve both of the bugs you complain about by 
using a piped log.  The only excuse not to pipe your logs into grep -v, 
or an equivalent custom program, is that your system is CPU-bound.

There's a saying you may be aware of--"premature optimization is the 
root of all evil."  I suspect you are trying to optimize your server's 
performance without being aware of where your server's performance 
problems are.  I could be wrong, but I doubt it.

[1] As you know, Apache 1.3 was never designed to run on Windows, and 
most Apache servers run Unix.  Certainly there are plenty of Windows 
systems out there, but

Brent "Dax" Royal-Gordon <>
Perl and Parrot hacker

Oceania has always been at war with Eastasia.

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message