From owner-freebsd-current@FreeBSD.ORG Wed Apr 23 01:49:58 2008 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6AC761065674 for ; Wed, 23 Apr 2008 01:49:58 +0000 (UTC) (envelope-from ticso@cicely12.cicely.de) Received: from raven.bwct.de (raven.bwct.de [85.159.14.73]) by mx1.freebsd.org (Postfix) with ESMTP id E3C7F8FC18 for ; Wed, 23 Apr 2008 01:49:57 +0000 (UTC) (envelope-from ticso@cicely12.cicely.de) Received: from cicely5.cicely.de ([10.1.1.7]) by raven.bwct.de (8.13.4/8.13.4) with ESMTP id m3N1nYDc090665 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 23 Apr 2008 03:49:35 +0200 (CEST) (envelope-from ticso@cicely12.cicely.de) Received: from cicely12.cicely.de (cicely12.cicely.de [10.1.1.14]) by cicely5.cicely.de (8.13.4/8.13.4) with ESMTP id m3N1nR8m076618 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 23 Apr 2008 03:49:28 +0200 (CEST) (envelope-from ticso@cicely12.cicely.de) Received: from cicely12.cicely.de (localhost [127.0.0.1]) by cicely12.cicely.de (8.13.4/8.13.3) with ESMTP id m3N1nRSk006053; Wed, 23 Apr 2008 03:49:27 +0200 (CEST) (envelope-from ticso@cicely12.cicely.de) Received: (from ticso@localhost) by cicely12.cicely.de (8.13.4/8.13.3/Submit) id m3N1nPu1006052; Wed, 23 Apr 2008 03:49:25 +0200 (CEST) (envelope-from ticso) Date: Wed, 23 Apr 2008 03:49:25 +0200 From: Bernd Walter To: d@delphij.net Message-ID: <20080423014924.GO81277@cicely12.cicely.de> References: <13383.1208899946@critter.freebsd.dk> <480E6698.7000008@mawer.org> <480E686B.7090703@delphij.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <480E686B.7090703@delphij.net> X-Operating-System: FreeBSD cicely12.cicely.de 5.4-STABLE alpha User-Agent: Mutt/1.5.9i X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED=-1.8, BAYES_00=-2.599 autolearn=ham version=3.2.3 X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on cicely12.cicely.de Cc: Poul-Henning Kamp , freebsd-current@freebsd.org, Ivan Voras , Antony Mawer Subject: Re: Http Accept filters (accf_http) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: ticso@cicely.de List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Apr 2008 01:49:58 -0000 On Tue, Apr 22, 2008 at 03:36:27PM -0700, Xin LI wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Antony Mawer wrote: > | Poul-Henning Kamp wrote: > |> In message <480E589C.8010108@delphij.net>, Xin LI writes: > |> > |>> | Does anyone know why accf_accept is disabled by default in the ports' > |>> | stock Apache 2.2 (it's disabled in the default config files)? I > |>> thought > |>> | it was because it was dangerous or flawed for some reason, though (at > |>> | least for light loads comparable to those of OP) it seems to work > |>> fine. > |> > |> I think adding them to the apache is OK, as long as apache fails > |> gracefully if they are not present in the kernel. It tries to kldload if configured and not already in the kernel, but uses traditional connection handling if loading the module fails. > | I seem to recall I had problems trying to get Apache to run with accept > | filters turned on in a jail environment... having said that, I just > | tried to enable it in a jail and restarted Apache and it started up > | fine. Maybe I was just imagining it? > > Hmm... I think Apache would just work as long as it is loaded into > kernel or statically linked into it, no matter if it is in a jail > environment (my personal server uses Apache in jail for dynamic contents > and it just worked fine). A jailed apache can't load the module, so to enable the feature you can't rely on autoloading. If you compile it into the kernel or load the module outside of the jail it runs fine within the jail. -- B.Walter http://www.bwct.de Modbus/TCP Ethernet I/O Baugruppen, ARM basierte FreeBSD Rechner uvm.