Mailing List Archive

> > I'm not sure if what I'm trying to do is supposed to be
> > possible or not, so I'm not sure if this is really a bug.

It's certainly a condition it looks like the code writers didn't expect
:) Did this use to work? I'd be surprised... anyways, it seems like it
would be easy to fix - if there's no require line, don't require
authentication - and I'll put this on the known_bugs page now.

Brian

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@organic.com brian@hyperreal.com http://www.[hyperreal,organic].com/

On Tue, 8 Aug 1995, Archie Cobbs wrote:
> Hi! Thanks for your reply. I'm not sure if this used to work or not
> since I haven't tried it before.
>
> What do you think of the concept of "inheriting" directory attributes
> from parent (and ancestor) directories, unless overidden by a more
> specific directory directive?
>
> Is this (in general) the correct model of how <Directory> directives
> interact? Or did I make it up somewhere along the line...

That I'm not sure about - I don't remember seeing in the NCSA
documentation anywhere that *parts* of one <Directory> directive can be
inherited by a subdirectory's <Directory> directive, which is I guess
what you're saying. That may induce some additional overhead on
.htaccess parsing if it's not already there - I see if anyone has any
thoughts on the matter.

Brian

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@organic.com brian@hyperreal.com http://www.[hyperreal,organic].com/

In reply to Brian Behlendorf who said
>
> On Tue, 8 Aug 1995, Archie Cobbs wrote:
> > Hi! Thanks for your reply. I'm not sure if this used to work or not
> > since I haven't tried it before.
> >
> > What do you think of the concept of "inheriting" directory attributes
> > from parent (and ancestor) directories, unless overidden by a more
> > specific directory directive?
> >
> > Is this (in general) the correct model of how <Directory> directives
> > interact? Or did I make it up somewhere along the line...
>
> That I'm not sure about - I don't remember seeing in the NCSA
> documentation anywhere that *parts* of one <Directory> directive can be
> inherited by a subdirectory's <Directory> directive, which is I guess
> what you're saying. That may induce some additional overhead on
> .htaccess parsing if it's not already there - I see if anyone has any
> thoughts on the matter.

I've thought about this before. It would be nice, and quite natural to
have a .htaccess file at the root of a tree, say for a particular
client that has pages on your server. Then any hits to areas below
that sub-root would be covered by the one .htaccess file you manage for
that client.

The problem is that the implementation requires that you search every
directory in the path for a .htaccess file and parse every one you find,
which may turn out to be a bit hard on your poor server. The access allowed
when you finally reach the leaf would just be whatever each attribute
is set to after parsing each .htaccess you found on the way.

With some thought solutions could be found, such as cached access
attributes for directories that have already been hit and so forth but
I stopped thinking about it :-)

--
Paul Richards, Bluebird Computer Systems. FreeBSD core team member.
Internet: paul@FreeBSD.org, http://www.freebsd.org/~paul
Phone: 0370 462071 (Mobile), +44 1222 457651 (home)

[User wants to set

> AuthName mail
> AuthType Basic
> AuthUserFile /home/www/htpasswd
> AuthGroupFile /dev/null

in the privilege list for a directory, and then have authorization
required in specific requires lines only for subdirectories. Nice
idea --- the question is, I guess, whether this worked in 0.6.x; if
it did, we ought to fix it in 0.8.x; if not, we have a feature
request.

FWIW, he has, independantly, found the cause of the (already
reported) bug that DBM dumps core if incorrectly configured, which
should clearly be fixed in 0.8.x.]

rst

[directories inheriting characteristics from their parents]
> I've thought about this before. It would be nice, and quite natural to
> have a .htaccess file at the root of a tree, say for a particular
> client that has pages on your server. Then any hits to areas below
> that sub-root would be covered by the one .htaccess file you manage for
> that client.
>
> The problem is that the implementation requires that you search every
> directory in the path for a .htaccess file and parse every one you find,
> which may turn out to be a bit hard on your poor server. The access allowed
> when you finally reach the leaf would just be whatever each attribute
> is set to after parsing each .htaccess you found on the way.
>
> With some thought solutions could be found, such as cached access
> attributes for directories that have already been hit and so forth but
> I stopped thinking about it :-)

Weeel, you should see what the MOO and COLD people are doing to webservers.
They have object-oriented systems with a DOCUMENT_ROOT at the ROOT_OBJECT
and all the little subclasses can redefine any access methods that
their parents support. Really, really nice, but definately rocket science.

Ay.

> --
> Paul Richards, Bluebird Computer Systems. FreeBSD core team member.
> Internet: paul@FreeBSD.org, http://www.freebsd.org/~paul
> Phone: 0370 462071 (Mobile), +44 1222 457651 (home)
>

In reply to Archie Cobbs who said
>
>
> Hmm... suppose you did the following...
>
> At any given time you keep a tree data structure in which each node
> represents a directory. At each node, those attributes for the directory
> which differ from those inherited from the parent directory are stored.

Store the complete attributes for the directory. That would be much quicker.
If the directory is in the cache then you can access that directories
attributes immediately with no further accesses. That really would speed
up general server response. With your representation you'd have still have
to check every directories attributes, even if they were all in the cache
that would still be slower.

> When a directory is requested, you branch down the tree, inheriting
> attributes as you go, until you either reach a node representing the
> directory or fall out of the tree (in which case you start looking
> for .htaccess files and updating the tree).

Using the above this would be slightly different. If the directory you're
trying to access isn't in the cache tree then get to the leaf of the cache
, get it's attributes, then go and search the filesystem from that point
down to the actual directory you want to access. Filling in the cache
for each directory you read.

>
> Add to each node a time stamp; if the data is sufficiently old,
> recheck that the corresponding .htaccess file (if any) hasn't changed.
> This guarantees the "tree cache" doesn't get out of date.

Hmm, hadn't thought about that. This would be an acceptable solution if
there was also a "force cache update" hook of some sort so if you change
a .htaccess file you can get the server to check cache coherency. I guess
a -HUP would do bu then you'd lose all your cached entries.

>
> Now add to this a maximum memory usage parameter; when we've used up
> the maximum allowed space representing the tree, we prune the least recently
> used node(s) (which will necessarily be leaves of the tree) until enough
> space remains. This can all be done in constant time per operation (given
> fixed sized nodes) using a simple free list scheme.
>
> I would claim that this would even make a heavily loaded server FASTER
> because of the cached .htaccess files, since in the common case you
> don't have to open *any* .htaccess file for an access.
>
> But most importantly (to me) it makes the semantics of the access scheme
> consistent and understandable.

I agree on both points, this may well speed up server performance since
for frequently accessed pages you wouldn't need to read .htaccess at all
and it would certainly be a nice addition to functionality.

Ok, do you want to go and implement it now :-)

--
Paul Richards, Bluebird Computer Systems. FreeBSD core team member.
Internet: paul@FreeBSD.org, http://www.freebsd.org/~paul
Phone: 0370 462071 (Mobile), +44 1222 457651 (home)

From: Paul Richards <paul@netcraft.co.uk>
Date: Wed, 9 Aug 1995 14:07:45 +0100 (BST)
Cc: paul@freebsd.org, new-httpd@hyperreal.com, archie@tribe.tribe.com
Precedence: bulk
Reply-To: new-httpd@hyperreal.com

In reply to Archie Cobbs who said

Paul, it might be good to review the 0.8.x configuration machinery (as
described in API.html, with a slightly cleaned up version of the the
MIME module code as an extended example) --- a lot of what you *seem*
to be talking about is already there in one form or another.

rst