This is to announce the release of Pound v1.9.4. This is primarily a
feature-enhancement interim release.

Changes in this version:

- the log facility may now be dynamically defined in the configuration
file. New directive: LogFacility name. The autoconf script flag has been
changed from --with-log=name to --enable-log (or disable). Thanks to
Samuel Leucart for the suggestion.

- Pound now removes extra headers whenever there is a conflict between
Content-lentgh and Transfer-encoding. The first header takes precedence,
a single header of this type is allowed, the others are discarded.
Thanks to FX for the suggestion.

The software is at version 1.9.4 (beta quality). Further testing
(especially under heavy loads), improvements and suggestions are
welcome.[...]

This is to announce the release of Pound v1.9.4. This is primarily a
feature-enhancement interim release.

Changes in this version:

- the log facility may now be dynamically defined in the configuration
file. New directive: LogFacility name. The autoconf script flag has been
changed from --with-log=name to --enable-log (or disable). Thanks to
Samuel Leucart for the suggestion.

- Pound now removes extra headers whenever there is a conflict between
Content-lentgh and Transfer-encoding. The first header takes precedence,
a single header of this type is allowed, the others are discarded.
Thanks to FX for the suggestion.

The software is at version 1.9.4 (beta quality). Further testing
(especially under heavy loads), improvements and suggestions are
welcome.[...]

And this is to announce the uploading of pound (1.9.4-1) to Debian
(unstable). You should be able to find it here before long:
ftp://ftp.debian.org/debian/pool/main/p/pound

Kind regards,

Sam

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 21 Oct 2005 03:14:24 +1000
Source: pound
Binary: pound
Architecture: source i386
Version: 1.9.4-1
Distribution: unstable
Urgency: low
Maintainer: Sam Johnston <samj(at)aos.net.au>
Changed-By: Sam Johnston <samj(at)aos.net.au>
Description:
 pound      - reverse proxy, load balancer and https front-end for web-servers
Changes:
 pound (1.9.4-1) unstable; urgency=low
 .
   * New upstream release
   * Added LogFacility config file directive
   * HTTP Request Smuggling fix: first of Content-Length and
     Transfer-Encoding takes precedence
Files:
 4f9df964f4662d5cf1c3c525ce290742 670 net extra pound_1.9.4-1.dsc
 c8e8436d6e5ca2407d253ca6899998ba 144505 net extra pound_1.9.4.orig.tar.gz
 9454b554e86fd6c6fb2c1f913e557100 12567 net extra pound_1.9.4-1.diff.gz
 c4556c0631807b4f1c0174842cfc31eb 70798 net extra pound_1.9.4-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFDV9MrDr1l4TwJPu8RAr0XAJ9LuLRXk2hOUgR7kdIxBnubUdI26QCfUef4
anbF3XsHA3a4hoUpFMlczJ0=
=6B7e
-----END PGP SIGNATURE-----

On 10/20/05, Robert Segall <roseg(at)apsis.ch> wrote:[...]

Sam Johnston wrote:
[...]

That has got to be one of the fastest uploads to Debian I've seen for 
any package.

Very much appreciated!

This is to announce the release of Pound v2.0b1. This is an experimental
interim release.

Changes in this version:

- new configuration file syntax, offering significant improvements.

- the ability to define listener-specific back-ends. In most cases this
should eliminate the need for multiple Pound instances.

- a new type of back-end: the redirector allows you to respond with a
redirect without involving any back-end server.

- most "secondary" properties (such as error messages, client time-out,
etc.) are now private to listeners.

The software is at version 2.0b1 (alpha-ish quality). A lot of testing
(especially under heavy loads and complex configurations), improvements
and suggestions are welcome.[...]

Suggestion as below:
1) add separately CRLfiles setting ,currently ,CRL files is a part of verify
files , This is not good for somecase
2) currently ,we can use more LisentHTTPS  but all of them share a commom
setting of Http_headers
   Suggest each LisentHTTPS have their own cert ,CAfiles ,Verfify files ,and
CRL files
3)  add verify path setting  
4) add CRL auto update from LDAP (RFC 2587) or OCSP support
5) SSL session cache support like modssl
6) allow use redirect to spcified URL with SSL-errorcode when SSL verify fails 
7) for https header inserted , use a mask to select if we need insert
CN/After/Validation before ....
  also have a option to insert the client X509 cert with single-line or
multi-lins format


thanks and best regards
    Eric
----- Original Message ----- 
From: "Robert Segall" <roseg(at)apsis.ch>
To: <pound(at)apsis.ch>
Sent: Sunday, October 30, 2005 12:24 AM
Subject: [Pound Mailing List] ANNOUNCE: Pound - reverse proxy and load balancer
- v2.0b1

[...]

pls add SSL session cache and Compress feature


----- Original Message ----- 
From: "Robert Segall" <roseg(at)apsis.ch>
To: <pound(at)apsis.ch>
Sent: Sunday, October 30, 2005 12:24 AM
Subject: [Pound Mailing List] ANNOUNCE: Pound - reverse proxy and load balancer
- v2.0b1

[...]

Robert Segall wrote:
[...]
0. A non-beta release of 1.9.x that is officially blessed as 
production-ready to

1.  I found the "conditional configuration" syntax of Lighttpd very 
intuitive and hope the new 2.0 syntax is similar.
http://www.lighttpd.net/documentation/configuration.html

2.  3rd-party plugin/filter ability even if its at the source-code level 
(as long as the interface/API is simple).

3.  A port of mod_evasive into pound-1.9.x or 2.0 so that we can deal 
with http(s)-specific denial-of-service attacks such as 
scripted/repeated requests--it will prevent undesirable traffic reaching 
the backend servers.  There is no way to catch this using firewalls 
because they cannot parse HTTPS info--this is a perfect task for pound 
especially if it is handling SSL for backends.

4.  Ability to easily convert snort or mod_security rules into pound 
configuration to filter out undesirable http requests and expoits.

30 okt 2005 kl. 08.58 skrev FX:[...]
Speaking of which - I've been evaluating lighttpd for a couple of  
tasks recently. One part about lighttpd that I find very appealing is  
their test suite, written in Perl.

I've played with the thought of building a similar test framework for  
Pound, perhaps using a model similar to LightyTest. Highly useful for  
a program like Pound to ensure consistent behaviour between releases.

So consider that half a feature request ;-)

//conny

Instead of having the Redirect URL be a static URL....  I think it would
be nicer to have it be a Regexp replacement string.

For instance... a modified example from the web page.  I currently do
this in my backend coldfusion pages based on X-SSL headers:

ListenHTTP
    Address 123.123.123.123
    Port 80

    Service
        URL "^/(.*)$"
	  Redirect	"https://pound.host/$1"
    End
End

ListenHTTPS
    Address 123.123.123.123
    Port 443
    Cert "/etc/ssl/pound/pound.pem"
End

Service
 ... global backend setup


Thus it's very easy to turn a site into a SSL only site.

Or, you could set the index.html to be non-ssl capable but any other
would redirect.  (based on the ListenHTTP private services)

Or, you could redirect urls with forbidden in it to an error page with
the old url path passed as a URL variable.  A la...

URL "^(/forbidden.*)"
Redirect "https://pound.host/errors/forbidden_error.php?orig_path=$1"

I don't really mind if it's perl style $1 or sed style \1.

It could even be a Redirect directive for static redirects and a
RedirectRegexp directive for regex-style.

Also, the man page switches back and forth between Service and Server in
the examples... should probably look at that. :)

Joe
[...]
experimental[...]
this[...]
time-out,[...]
improvements[...]
pound(at)apsis.ch.[...]

On Sat, Oct 29, 2005 at 06:24:13PM +0200, Robert Segall wrote:[...]

Hello,

have you considered using (f)lex/yacc/bison instead of regex for configuration
file
processing ?

greets,[...]

On Mon, 2005-10-31 at 10:48 -0500, Joe Gooch wrote:[...]

This may happen yet, but for the moment I try to keep it as simple as
possible. Once we are past the 2.0 hurdle we'll revisit that.

Right now we try to keep it as close to the 1.x code-base as possible.
The only enhancements are those inherent in the new syntax.
[...]

Thanks, that will be fixed in 2.0b2.[...]

On Mon, 2005-10-31 at 10:04 +0100, Conny Brunnkvist wrote:[...]

I'd much rather consider a code offer...[...]

On Sun, 2005-10-30 at 01:58 -0600, FX wrote:[...]

Please consider 1.9.4 to be officially blessed (just call me Benedict).
[...]

Read the man page. Each of us has his own preferences as to style. The
real question is: is it any more expressive?
[...]

This are certainly interesting suggestions - we'll gladly consider code
offers once we have a stable 2.0. If you look at the 2.0b1 code you may
notice that it contains quite a bit of "infrastructure" with a view
towards future enhancements.[...]

On Sun, 2005-10-30 at 14:04 +0800, Eric dai wrote:[...]

Why?[...]

On Sun, 2005-10-30 at 13:53 +0800, Eric dai wrote:[...]

Why?
[...]

Have you even looked at 2.0b1?
[...]

Please try to slow down for a moment and consider if your suggestions
are really necessary (do they add anything to the program), and if they
make sense. Are your suggestions based just on seeing the same features
in other systems, or can you show us a real need for them? Is it worth
the effort and extra complexity?[...]

On Mon, 2005-10-31 at 16:50 +0100, Steven Van Acker wrote:[...]

Certainly. Decided it isn't worth the extra weight. For your info: I
worked on compiler and interpreter development in the past, so I know
quite well what's involved.[...]

Similarly, while the Lighttpd config file looks really cool, it seems to
me like something that would be easy to implement in perl, but not a
whole lot of fun in C.

I *LIKE* it... but... I certainly wouldn't want to implement it. :)

Speaking of yacc, guess what lighttpd uses... :-D

Joe
[...]
load[...]
pound(at)apsis.ch.[...]