You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Sander Temme <sc...@apache.org> on 2009/11/06 06:30:00 UTC
Pull mod_unique_id out of default build?
Folks,
Maybe my understanding is limited and my fu is weak, but I have
personally never had a use for mod_unique_id. The only thing it does
for me is an error message on startup or, when my server finds itself
on a box with a hostname that doesn't resolve to an IP address,
failure. Could we take it out of the default module build?
Index: modules/metadata/config.m4
===================================================================
--- modules/metadata/config.m4 (revision 832908)
+++ modules/metadata/config.m4 (working copy)
@@ -16,7 +16,7 @@
AC_CHECK_FUNCS(times)
])
-APACHE_MODULE(unique_id, per-request unique ids)
+APACHE_MODULE(unique_id, per-request unique ids, , , most)
APACHE_MODULE(setenvif, basing ENV vars on headers, , , yes)
APACHE_MODULE(version, determining httpd version in config
files, , , yes)
APACHE_MODULE(remoteip, translate header contents to an apparent
client remote_ip, , , most)
Thoughts?
S.
--
Sander Temme
sctemme@apache.org
PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
Re: Pull mod_unique_id out of default build?
Posted by Nick Kew <ni...@webthing.com>.
On 7 Nov 2009, at 06:25, Brian Rectanus wrote:
> Yes, mod_security requires it. Many who use mod_security may not even
> realize it. It would be a shame to have vendors drop it by default,
> which would make mod_security a bit more difficult to install on
> vendor built httpd installs.
Isn't that overstating a case? We have a steady trickle of people who
we have to tell to disable it to get a working webserver (and no doubt
many more who quietly find that advice by googling their problem).
So mod_security can't just assume it has mod_unique_id in any case.
> I have not really seen any other product
> use it though and have debated rewriting something similar to include
> in mod_security. Who "owns" the mod_unique_id code? Maybe it could
> be donated to mod_security to include it in it's own code so we don't
> have to wory about it?
You're Breach Security, right? Is that an official request?
How hard have you looked for other apps?
You can get the history of who committed and subsequently maintained
it from svn.apache.org/viewvc. And you can of course clone it.
But we generally prefer you participate here @apache.org if you
find it needs more maintenance than it's getting from us.
--
Nick Kew
Re: Pull mod_unique_id out of default build?
Posted by Brian Rectanus <br...@gmail.com>.
On Thu, Nov 5, 2009 at 11:02 PM, Ruediger Pluem <rp...@apache.org> wrote:
>
>
> On 11/06/2009 06:45 AM, Nick Kew wrote:
>> On 6 Nov 2009, at 05:30, Sander Temme wrote:
>>
>>> Maybe my understanding is limited and my fu is weak, but I have
>>> personally never had a use for mod_unique_id. The only thing it does
>>> for me is an error message on startup or, when my server finds itself
>>> on a box with a hostname that doesn't resolve to an IP address,
>>> failure. Could we take it out of the default module build?
>>
>> +1.
>>
>> Useful only to a minority, and actively troublesome to some, seems ample
>> reason to keep it out of a default build.
>>
>>> -APACHE_MODULE(unique_id, per-request unique ids)
>>> +APACHE_MODULE(unique_id, per-request unique ids, , , most)
>>
>> I wonder if even "most" is a tad over-generous here?
>>
>
> I think 'most' is a good compromise for the start. The only application I use
> it for is for mod_security. mod_security doesn't work correctly if it is
> not loaded. Otherwise I have never used it.
Yes, mod_security requires it. Many who use mod_security may not even
realize it. It would be a shame to have vendors drop it by default,
which would make mod_security a bit more difficult to install on
vendor built httpd installs. I have not really seen any other product
use it though and have debated rewriting something similar to include
in mod_security. Who "owns" the mod_unique_id code? Maybe it could
be donated to mod_security to include it in it's own code so we don't
have to wory about it?
thanks,
-B
Re: Pull mod_unique_id out of default build?
Posted by Ruediger Pluem <rp...@apache.org>.
On 11/06/2009 06:45 AM, Nick Kew wrote:
> On 6 Nov 2009, at 05:30, Sander Temme wrote:
>
>> Maybe my understanding is limited and my fu is weak, but I have
>> personally never had a use for mod_unique_id. The only thing it does
>> for me is an error message on startup or, when my server finds itself
>> on a box with a hostname that doesn't resolve to an IP address,
>> failure. Could we take it out of the default module build?
>
> +1.
>
> Useful only to a minority, and actively troublesome to some, seems ample
> reason to keep it out of a default build.
>
>> -APACHE_MODULE(unique_id, per-request unique ids)
>> +APACHE_MODULE(unique_id, per-request unique ids, , , most)
>
> I wonder if even "most" is a tad over-generous here?
>
I think 'most' is a good compromise for the start. The only application I use
it for is for mod_security. mod_security doesn't work correctly if it is
not loaded. Otherwise I have never used it.
Regards
Rüdiger
Re: Pull mod_unique_id out of default build?
Posted by Nick Kew <ni...@webthing.com>.
On 6 Nov 2009, at 05:30, Sander Temme wrote:
> Maybe my understanding is limited and my fu is weak, but I have
> personally never had a use for mod_unique_id. The only thing it
> does for me is an error message on startup or, when my server finds
> itself on a box with a hostname that doesn't resolve to an IP
> address, failure. Could we take it out of the default module build?
+1.
Useful only to a minority, and actively troublesome to some, seems ample
reason to keep it out of a default build.
> -APACHE_MODULE(unique_id, per-request unique ids)
> +APACHE_MODULE(unique_id, per-request unique ids, , , most)
I wonder if even "most" is a tad over-generous here?
--
Nick Kew