---- oh...@cox.net wrote:
>
> ---- oh...@cox.net wrote:
> >
> > ---- oh...@cox.net wrote:
> > > Hi,
> > >
> > > I'm not sure if this is the appropriate list, or if I should post on the
> > > regular httpd list...
> > >
> > > I've been trying to work with an Apache module, mod_limitipconn:
> > >
> > > http://dominia.org/djao/limitipconn2.html
> > >
> > > This is with Apache 2.2.8/2.2.11.
> > >
> > > Our use case is slightly different that the original one for this module.
> > > The original code is designed to limit the number of connections from
> > > any given IP address, whereas in my case, we want to limit the total
> > > number of connections to the entire Apache server instance.
> > >
> > > To do that, I commented out one line (an 'if'), as shown below:
> > >
> > > /* Count up the number of connections we are handling right now from
> > > * this IP address */
> > > /* This is modified to not do strcmp(address, ws_record->client
> > > check, in order
> > > to count ALL connections to this server. */
> > > for (i = 0; i < server_limit; ++i) {
> > > for (j = 0; j < thread_limit; ++j) {
> > > ws_record = ap_get_scoreboard_worker(i, j);
> > > switch (ws_record->status) {
> > > case SERVER_BUSY_READ:
> > > case SERVER_BUSY_WRITE:
> > > case SERVER_BUSY_KEEPALIVE:
> > > case SERVER_BUSY_LOG:
> > > case SERVER_BUSY_DNS:
> > > case SERVER_CLOSING:
> > > case SERVER_GRACEFUL:
> > > /*
> > > if (strcmp(address, ws_record->client) == 0)
> > > */
> > > ip_count++;
> > > break;
> > > default:
> > > break;
> > > }
> > > }
> > > }
> > >
> > > and, after I rebuilt the module, it seems to work ok.
> > >
> > > Now, I'm trying to get the module's directive "NoIPLimit" to work.
> > >
> > > According to the README, plus reading the code, the way that this is
> > > suppose to work is that if you specify a MIME type string (substring,
> > > actually), the module won't "count" requests that have any of the MIME
> > > types in the directive.
> > >
> > > I have the Apache LogLevel set to debug, and it looks like the
> > > "content_type" that the module is retrieving from ALL requests is
> > > "text/plain", and I have confirmed that the actual MIME types are not
> > > "text/plain" (I see things like "image/gif", "text/css", etc.), so the
> > > "NoIPLimit" directive doesn't work.
> > >
> > > From reading the code, I think that the "content_type" is set in this
> > > snippet:
> > >
> > > /* Only check the MIME-type if we have MIME-type stuff in our config.
> > > The extra subreq can be quite expensive. */
> > > if(cfg->no_limit->nelts > 0 || cfg->excl_limit->nelts > 0) {
> > > /* Look up the Content-type of this request. We need a subrequest
> > > * here since this module might be called before the URI has been
> > > * translated into a MIME type. */
> > > content_type = ap_sub_req_lookup_uri(r->uri, r,
> > > NULL)->content_type;
> > >
> > > /* If there's no Content-type, use the default. */
> > > if (!content_type) {
> > > content_type = ap_default_type(r);
> > > }
> > >
> > > ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
> > > "mod_limitipconn: uri: %s Content-Type: %s",
> > > r->uri, content_type);
> > >
> > > /* Cycle through the exempt list; if our content_type is exempt,
> > > * return OK */
> > > for (i = 0; i < cfg->no_limit->nelts; i++) {
> > > if ((ap_strcasecmp_match(content_type, nolim[i]) == 0)
> > > || (strncmp(nolim[i], content_type, strlen(nolim[i])) ==
> > > 0))
> > > {
> > > ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
> > > "mod_limitipconn: OK: %s exempt",
> > > content_type);
> > > return DECLINED;
> > > }
> > > }
> > >
> > > and, in particular:
> > >
> > > content_type = ap_sub_req_lookup_uri(r->uri, r,
> > > NULL)->content_type;
> > >
> > > /* If there's no Content-type, use the default. */
> > > if (!content_type) {
> > > content_type = ap_default_type(r);
> > > }
> > >
> > > I'm not that familiar with Apache module development, but reading the
> > > docs, it *seems* like the above *should* work.
> > >
> > > I'm assuming you all on this list *are* familiar with module development,
> > > so I was wondering if you might be able to tell me what, if anything, is
> > > wrong with that code (i.e., why is "content_type" not being set with the
> > > actual content type?
> > >
> > > Thanks in advance!!
> > >
> > > Jim
> >
> > Hi,
> >
> > BTW, here's an example of the Apache debug output for mod_limitipconn that
> > illustrates what I'm seeing:
> >
> > [Sun Nov 15 02:21:09 2009] [debug] mod_limitipconn.c(143): [client
> > 192.168.xx.yy] mod_limitipconn: uri: /anewwsclient/css/body.css
> > Content-Type: text/plain, referer: http://foo.host.com/anewwsclient
> >
> > As you can see, the URI is for a .css, but the Content-Type comes back as
> > "text/plain, referer: http://foo.host.com/anewwsclient";, then, since the
> > mod_limitipconn code checks for the MIME types in the NoIPLimit directive,
> > (e.g., image/* text/css/*), it fails to detect this as a MIME type that it
> > should ignore.
> >
> > Shouldn't the Content-Type be something like "text/css, referer:
> > http://foo.host.com/anewwsclient";?
> >
> > Jim
> >
>
>
> Hi,
>
> I just noticed that when I run "apachectl -M", I get:
>
> bash-3.00# ./apachectl -M
> Loaded Modules:
> core_module (static)
> authn_file_module (static)
> authn_default_module (static)
> authz_host_module (static)
> authz_groupfile_module (static)
> authz_user_module (static)
> authz_default_module (static)
> auth_basic_module (static)
> include_module (static)
> filter_module (static)
> log_config_module (static)
> env_module (static)
> setenvif_module (static)
> ssl_module (static)
> mpm_prefork_module (static)
> http_module (static)
> mime_module (static)
> status_module (static)
> autoindex_module (static)
> asis_module (static)
> cgi_module (static)
> negotiation_module (static)
> dir_module (static)
> actions_module (static)
> userdir_module (static)
> alias_module (static)
> so_module (static)
> limitipconn_module (shared)
> Syntax OK
>
> Notice that the static modules apparently are listed before the shared
> module. I'm assuming that this list is in module, order, so it seems like
> the limitipconn module is "first".
>
> I'm wondering if *this* might be my problem, i.e., since the mod_limitipconn
> is first, and the mod_mime (which maps the suffix to mime type) is "after"
> the mod_limitipconn, if that might be why mod_limitipconn is apparently not
> able to determine the correct MIME type?
>
> Jim
>
Hi,
To try to test the "precedence" theory, I built a new Apache 2.2.14, with all
shared module. I then built a new copy of mod_limitipconn.so.
Now, here's the weird thing :(...
When I run this new Apache with the new mod_limitipconn.so, and check in the
error_log file, it is now SHOWING the PROPER Content-Type!!
Here's the 'apachectl -M' and '-V' from this new build:
[r...@fed9 htdocs]# ../bin/apachectl -M
Loaded Modules:
core_module (static)
mpm_prefork_module (static)
http_module (static)
so_module (static)
authn_file_module (shared)
authn_dbm_module (shared)
authn_anon_module (shared)
authn_dbd_module (shared)
authn_default_module (shared)
authz_host_module (shared)
authz_groupfile_module (shared)
authz_user_module (shared)
authz_dbm_module (shared)
authz_owner_module (shared)
authz_default_module (shared)
auth_basic_module (shared)
auth_digest_module (shared)
dbd_module (shared)
dumpio_module (shared)
ext_filter_module (shared)
include_module (shared)
filter_module (shared)
substitute_module (shared)
deflate_module (shared)
log_config_module (shared)
log_forensic_module (shared)
logio_module (shared)
env_module (shared)
mime_magic_module (shared)
cern_meta_module (shared)
expires_module (shared)
headers_module (shared)
ident_module (shared)
usertrack_module (shared)
unique_id_module (shared)
setenvif_module (shared)
version_module (shared)
mime_module (shared)
dav_module (shared)
status_module (shared)
autoindex_module (shared)
asis_module (shared)
info_module (shared)
cgi_module (shared)
dav_fs_module (shared)
vhost_alias_module (shared)
negotiation_module (shared)
dir_module (shared)
imagemap_module (shared)
actions_module (shared)
speling_module (shared)
userdir_module (shared)
alias_module (shared)
rewrite_module (shared)
limitipconn_module (shared)
Syntax OK
[r...@fed9 htdocs]# ../bin/apachectl -V
Server version: Apache/2.2.14 (Unix)
Server built: Nov 14 2009 18:20:52
Server's Module Magic Number: 20051115:23
Server loaded: APR 1.3.9, APR-Util 1.3.9
Compiled using: APR 1.3.9, APR-Util 1.3.9
Architecture: 32-bit
Server MPM: Prefork
threaded: no
forked: yes (variable process count)
Server compiled with....
-D APACHE_MPM_DIR="server/mpm/prefork"
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=128
-D HTTPD_ROOT="/apps/httpd-2.2.14"
-D SUEXEC_BIN="/apps/httpd-2.2.14/bin/suexec"
-D DEFAULT_PIDLOG="logs/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_LOCKFILE="logs/accept.lock"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="conf/mime.types"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
[r...@fed9 htdocs]#
The above looks similar to the Apache that doesn't work. The main thing is the
old Apache had all modules except for mod_limitipconnn.so as "static", whereas
the new Apache has all modules as "shared", and the old Apache was on 64-bit
Redhat, whereas the new Apache is on 32-bit Fedora 9.
Anyone have any ideas about what might be causing the missing Content-Type on
the old Apache?
Thanks,
Jim
