Project

General

Profile

Activity

From 2023-02-24 to 2023-03-02

2023-03-01

11:37 Revision 00745925: [core] use C23 memset_explicit() were available
gstrauss
08:10 Bug #3193 (Invalid): CRL file should be reloaded on change
"I want it" does not necessarily indicate a bug.
CRLs work as designed in lighttpd. You are making a feature requ...
gstrauss
07:50 Bug #3193 (Invalid): CRL file should be reloaded on change
The SSL implementations should reload the CRL file if it changes. Typically the CRL files will be refreshed often to ... tteras

2023-02-28

05:25 Feature #3192 (Fixed): RFE: mod_extforward and multiplexed requests via HTTP/2
Applied in changeset commit:e0817646d6c0d279aafa2ec5f70fdcf3afd6dd44. gstrauss
05:15 Feature #3192: RFE: mod_extforward and multiplexed requests via HTTP/2
Please see discussion in #3191 gstrauss
05:11 Feature #3192 (Fixed): RFE: mod_extforward and multiplexed requests via HTTP/2
RFE: mod_extforward per-request to handle multiplexed requests from different clients sent by load balancers via HTTP/2 gstrauss
05:25 Feature #3191 (Fixed): Evaluation of remote_addr for mod_maxminddb for multiplexed connections
Applied in changeset commit:02dce5e254ba44b70e1be819f3305255535333be. gstrauss
05:13 Revision e0817646: [mod_extforward] manage remote addr per request (fixes #3192)
manage remote addr per request for HTTP/2 requests,
rather than remote addr per connection.
Modern load balancers of...
gstrauss
05:12 Revision 3a8fc4bc: [multiple] store ptrs to remote addr in request_st (#3192)
adds two pointers to (request_st *) (cost: 16 bytes in 64-bit builds)
prepares for upcoming changes to mod_extforwar...
gstrauss
05:12 Revision 02dce5e2: [mod_maxminddb] check remote IP each request (fixes #3191)
Many load balancers have options to reuse the same connection for
multiple clients, so check remote IP each request t...
gstrauss

2023-02-27

16:10 Feature #3191: Evaluation of remote_addr for mod_maxminddb for multiplexed connections
The link is correct and any donations go towards hosting costs. (I changed the link you posted to use https://www.li... gstrauss
15:49 Feature #3191: Evaluation of remote_addr for mod_maxminddb for multiplexed connections
yes, looks good. thanks a lot.
Is the "thank you" paypal still correct (https://www.lighttpd.net/thank-you/)?
It's fr...
fstelzer
14:58 Feature #3191: Evaluation of remote_addr for mod_maxminddb for multiplexed connections
If you want to repeat my tests, I chose two random IPs and interleaved requests alternating the IPs using @X-Forwarde... gstrauss
14:28 Feature #3191: Evaluation of remote_addr for mod_maxminddb for multiplexed connections
I found in my testing that I needed to make an adjustment to maxminddb for that one-element cache, specifically for H... gstrauss
13:32 Feature #3191: Evaluation of remote_addr for mod_maxminddb for multiplexed connections
gstrauss wrote in #note-12:
> > mod_maxminddb still has the original behaviour showing a country code not matching t...
fstelzer
13:19 Feature #3191: Evaluation of remote_addr for mod_maxminddb for multiplexed connections
gstrauss wrote in #note-11:
> Thanks for testing. I admit that I have not carefully tested various scenarios.
>
...
fstelzer
12:43 Feature #3191: Evaluation of remote_addr for mod_maxminddb for multiplexed connections
> mod_maxminddb still has the original behaviour showing a country code not matching the remote_addr both for http/1 ... gstrauss
12:27 Feature #3191: Evaluation of remote_addr for mod_maxminddb for multiplexed connections
Thanks for testing. I admit that I have not carefully tested various scenarios.
> mod_extforward for pooled connect...
gstrauss
11:25 Feature #3191: Evaluation of remote_addr for mod_maxminddb for multiplexed connections
gstrauss wrote in #note-9:
> lighttpd commit: commit:21987c86 documents the design choice for mod_extforward, made d...
fstelzer

2023-02-26

10:46 Feature #3191: Evaluation of remote_addr for mod_maxminddb for multiplexed connections
lighttpd commit: commit:21987c86 (Oct 2020) documents the design choice for mod_extforward, made during development o... gstrauss

2023-02-25

16:54 Feature #3191 (Patch Pending): Evaluation of remote_addr for mod_maxminddb for multiplexed connections
I have modified mod_maxminddb (for a future version: lighttpd 1.4.70) to check if the IP changes between requests. gstrauss

2023-02-24

16:41 Feature #3191: Evaluation of remote_addr for mod_maxminddb for multiplexed connections
As you pointed out in your original post, and as I explained, mod_maxminddb looks up the IP once per connection.
If ...
gstrauss
16:30 Feature #3191: Evaluation of remote_addr for mod_maxminddb for multiplexed connections
Since I evaluated the code, here are my quick notes on what would need to be done to support changing X-Forwarded-For... gstrauss
15:31 Feature #3191: Evaluation of remote_addr for mod_maxminddb for multiplexed connections
gstrauss wrote in #note-3:
> > Many Loadbalancers (We are using F5 Hardware, Envoy proxy and Varnish) try to optizime...
fstelzer
15:05 Feature #3191: Evaluation of remote_addr for mod_maxminddb for multiplexed connections
> As far as i understand the docs correctly mod_access will utilize the real client ip extracted from x-forwarded-for... gstrauss
14:56 Feature #3191 (Invalid): Evaluation of remote_addr for mod_maxminddb for multiplexed connections
> Many Loadbalancers (We are using F5 Hardware, Envoy proxy and Varnish) try to optizime backend connections by multi... gstrauss
 

Also available in: Atom