Recognition of local / remote request

2011-08-01 Thread Petr Hracek
Dear developers,

I would like to ask you how can I recognize whether request is
performed from local PC or from remote PC?
Is it possible to use ServerName where I will define remote IP address?

My situation is the when user is connected from the local PC over
127.0.0.1 or 192.168.*.* than URL will be allowed.
Otherwise URL will be permitted for user.

Thank you in advance

-- 
Best Regards / S pozdravem
Petr Hracek


Re: How to "call" one module from the another module

2011-07-27 Thread Petr Hracek
I have solve that by more virtual hosts. Now it is working but another
problem occurs:
When URL is entered like:
https:///APPL1/index.html and it is redirecting to
https:///APPL1/index.jsp then is returns me HTTP 404
because of https:///APPL1indexjsp. WITHOUT /.

Do you know where can be a problem?
Can that be solved by ProxyHTMLURLMap?

Thank you in advance

Dne 27. července 2011 15:46 Eric Covener  napsal(a):
> On Wed, Jul 27, 2011 at 9:35 AM, Stefan Fritsch  wrote:
>> On Wednesday 27 July 2011, Petr Hracek wrote:
>>> Dear users,
>>>
>>> I have one simple question.
>>> Is there any possibility how to "call" module from the another
>>> module?
>>>
>>> Let's say that my module is used for checking whether user is
>>> logged, session is expired, etc.
>>> When all those tests are satisfied then URL which was checked by my
>>> module is redirect to another module e.g proxy?
>>>
>>> https:///APPL1 should be authenticated by my own
>>> proprietary module and when this is successed then it is redirect
>>> to proxy defined in /etc/apache/conf/my_conf.conf file
>>>
>>> 
>>> SSLEngine on
>>> SSLProxyEngine on
>>> ProxyRequests Off
>>> TraceEnable Off
>>>
>>> 
>>>     AuthType SEC_CHECK
>>>     require valid-user
>>>     satisfy Any
>>> 
>>> 
>>>
>>> ProxyPass /APPL1 http://192.0.2.20:8080/APPLONE
>>> ProxyPassReverse /APPL1 http://192.0.2.20:8080/APPLONE
>>>
>>> AuthType in my module SEC_CHECK is defined so:
>>> #defined SECURITY_AUTH_CHECK "SEC_CHECK"
>>> r->ap_auth_type = SECURITY_AUTH_CHECK
>>> Is this "behaviour" possible?
>>
>> mod_proxy should handle the request with you having to do anything in
>> your module. Have you tried replacing your auth module with basic auth
>> and checked if that works? If no, there is likely some other problem
>> in your config.
>>
>
> If it wasn't already intended to be reverse proxied, or successful
> auth in your mod changes where it's destined for, see how mod_rewrite
> implements the [P] flag to pass along a request to mod_proxy.
>
> --
> Eric Covener
> cove...@gmail.com
>



-- 
Best Regards / S pozdravem
Petr Hracek


How to "call" one module from the another module

2011-07-27 Thread Petr Hracek
Dear users,

I have one simple question.
Is there any possibility how to "call" module from the another module?

Let's say that my module is used for checking whether user is logged,
session is expired, etc.
When all those tests are satisfied then URL which was checked by my
module is redirect to another module e.g proxy?

https:///APPL1 should be authenticated by my own
proprietary module and when this is successed then it is redirect to
proxy defined in /etc/apache/conf/my_conf.conf file


SSLEngine on
SSLProxyEngine on
ProxyRequests Off
TraceEnable Off


AuthType SEC_CHECK
require valid-user
satisfy Any



ProxyPass /APPL1 http://192.0.2.20:8080/APPLONE
ProxyPassReverse /APPL1 http://192.0.2.20:8080/APPLONE

AuthType in my module SEC_CHECK is defined so:
#defined SECURITY_AUTH_CHECK "SEC_CHECK"
r->ap_auth_type = SECURITY_AUTH_CHECK
Is this "behaviour" possible?

-- 
Best Regards / S pozdravem
Petr Hracek


Authentication and ReverseProxy to more servers

2011-07-26 Thread Petr Hracek
Dear developers,

sorry for bother you with that question but I could not imagine where
I have made a problem?

Situation have to be following:
I have MAIN server connected to the intranet. To that MAIN server are
connected some other servers.
In the MAIN server is buildup proprietary authentication module which
is used for authorization and authentication.

When the user write down in URL somethink like:
https:///application1 then this should be reversed
proxied to the http://192.168.0.20:8080/appl1
https:///application2 then this should be reversed
proxied to the http://192.168.0.30:8080/appl2
Both applications like application1 and application2 have to be
authorized first in the MAIN server and than proxied to
the relevant servers.

Authentication works fine but it is not proxied.
In the /var/log/apache2/error_log file is not mentioned and log from
mod_proxy.c module
and ReverseProxy is not working at all.
In the log is mentioned only:
File does not exists: /srv/www/htdocs/ssldocs/application1
But this is true because of it has to be proxied.
Handlers in my modules are:
static void register_hooks(apr_pool_t * p)
{
 static const char * const
aszPre[]={"mod_proxy.c","mod_proxy_http.c","mod_proxy_ajp.c",NULL};
 ap_hook_auth_checker(access_handler,NULL,NULL,APR_HOOK_FIRST);
 ap_hook_check_user_id(auth_handler,NULL,NULL,APR_HOOK_FIRST);
}
Should be there add ap_hook_map_to_storage?

Could you please let me know how to do it?

Configuration file in MAIN server looks like:

DocumentRoot "/srv/www/htdocs/ssldocs"
SSLEngine on
SSLProxyEngine on
ProxyRequests Off


   AuthType OwnSec
   require valid-user
   Order Allow,deny
   Allow from all


ProxyPass /application1 http://192.168.0.20:8080/appl1
ProxyPassReverse /application1 http://192.168.0.20:8080/appl1
ProxyPass /application2 http://192.168.0.30:8080/appl1
ProxyPassReverse /application2 http://192.168.0.30:8080/appl2


-- 
Best Regards / S pozdravem
Petr Hracek


Proxy authentication

2011-07-11 Thread Petr Hracek
Dear users,

I have problems with proxy authorization and I could not image where
is a problem.

Configuration in my :


SSLEngine on
SSLProxyEngine on
ProxyRequests off

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteMap pages txt:/opt/httpd2/conf/pages.txt
RewriteRule ^/([^/]+)${pages:$1|/$1} $
RewriteRule ^/([^/]+)/(.*)${pages:$1|/opt/httpd2/htdocs/ssldocs/$1}/$2 [L]


   Options Includes Multiviews FollowSymLinks
   AllowOverride None
   Order deny,allow
   Deny from all


AuthType SECURE_USER
require valid-user
Satisfy Any



  
  Options + Indexes +Multiviews
  AuthType SECURE_USER
  require valid-user
  satisfy Any
  

   AuthType SECURE_USER
   require valid-user
   ProxyPass http://192.2.0.25:8080/ATSAdmin
   ProxyPassReverse http://192.2.0.25:8080/ATSAdmin
   satisfy Any






In the module is mentioned:
r->ap_auth_type = SECURE_USER;
Format of the file pages.txt is:

App1   /opt/App1/htdocs App1
App2   /opt/App2/htdocs App2
App3   /opt/App3/htdocs App3

https:///ATS/ I want to authorized over
my module and when the authorization is done the it is proxied to the
http://192.2.0.25:8080/ATSAdmin.

Could you please let me know where I have made a mistake?

My module have following hooks:
static void register_hooks(apr_pool_t *p)
{
ap_hook_post_config(init_Module,NULL,NULL,APR_HOOK_MIDDLE);
ap_hook_auth_checker(auth_handler,NULL,NULL,APR_HOOK_MIDDLE);
ap_hook_check_user_id(access_handler,NULL,NULL,APR_HOOK_MIDDLE);
ap_hook_handler(notification_handler,NULL,NULL,APR_HOOK_MIDDLE);
ap_hook_fixups(fixups,NULL,NULL,APR_HOOK_MIDDLE);
ap_hook_child_init(init_Child,NULL,NULL,APR_HOOK_MIDDLE);
ap_hook_handler(secure_handler,NULL,NULL,APR_HOOK_MIDDLE);
ap_hook_handler(login_handler,NULL,NULL,APR_HOOK_MIDDLE);
ap_hook_handler(single_login_handler,NULL,NULL,APR_HOOK_MIDDLE);
ap_hook_handler(logout_handler,NULL,NULL,APR_HOOK_MIDDLE);
}

When the access_checker return value is OK than it shown me page 404.
When the access_checker return value is DECLINED that it shown me page
unauthorized access.
Shal I use some http redirection to the proxy pages?

When I will do that so that configuration is:

ProxyPass http://192.2.0.25/
Order deny,allow
Allow from all
AuthType Basic
AuthName "Password Required"
AuthUserFile password.file
AuthGroupFile group.file
Require group usergroup


Than all works fine.
-- 
Best Regards / S pozdravem
Petr Hracek


Succeed compilation with FIPS

2011-06-03 Thread Petr Hracek
Dear developers,

I have tried to find out on the web what is the correct way
how to compile http2 so that it will be compliance with FIPS 140-2.

I have already build up OpenSSL libraries with FIPS and development
files as well.
I have try to run ./configure --with-ssl=
and it seems to be good but how can I call make?

like: make CC=fipsld FIPSLD_CC=gcc ?

thank you in advance

-- 
Best Regards / S pozdravem
Petr Hracek


SSLFIPS from which version

2011-05-27 Thread Petr Hracek

Dear users,

sorry for bother you with that issue but I have try to find out from
which version is Directive SSLFIPS available in apache2.
I have found in source code that SSLFIPS is available from apache2
2.2.16. Is this information correct?

Are there any steps how to build up apache2 together with FIPS 140-2?

Best regards / S pozdravem
Petr Hracek




Re: graceful restart detection in prefork mode

2011-05-26 Thread Petr Hracek
Configuration is:
Timeout 300
KeepAlive Off
KeepAliveTimeout 5
MaxKeepAliveRequests 100
StartServers 5
MaxClients 150
MinSpareServers 2
MaxSpareServers 8
MaxRequestsPerChild 0
#MinSpareThreads 25
#MaxSpareThreads 150
#ThreadsPerChild 25


2011/5/26 Petr Hracek :
> No KeepAliveTimeout is 5
>
> 2011/5/26 MATSUMOTO Ryosuke :
>> How do you configure "KeepAliveTimeout"?
>> KeepAliveTimeout value is 15(sec) as default.
>> The number of seconds Apache will wait for a subsequent request before
>> closing the connection.
>>
>> 2011/5/26 MATSUMOTO Ryosuke 
>>>
>>> GracefulShutdownTimeout valiue is zero as defualt.
>>> Setting this value to zero means that the server will wait indefinitely
>>> until all remaining requests have been fully served.
>>>
>>> 2011/5/26 Petr Hracek 
>>>>
>>>> It is not configured yet.
>>>> I suggest that GracefulShutdownTimeout 0 as default is OK, right?
>>>>
>>>> 2011/5/26 MATSUMOTO Ryosuke :
>>>> > Hi,
>>>> > How do you configure "GracefulShutdownTimeout"?
>>>> > 2011/5/26 Petr Hracek 
>>>> >>
>>>> >> Dear developers,
>>>> >>
>>>> >> My situation is following:
>>>> >> In my Apache2 running in prefork mode I have following situation.
>>>> >>
>>>> >> Whole pages (except loging page) are run over https (port 443) and
>>>> >> authentication is done over my own module.
>>>> >> When the most users are looking on the pages (https) then I would like
>>>> >> to reload configuration of my apache over command
>>>> >> apache2ctl -k graceful
>>>> >>
>>>> >> I suggest that new users will see new configuration and old users will
>>>> >> have their session till they will not logout.
>>>> >>
>>>> >> But unfortunatelly all sessions are closed and as new as old users
>>>> >> have to login again for other work.
>>>> >>
>>>> >> Is there any solution for that like detection for gracefull restart?
>>>> >> Do you now any idea how to do that?
>>>> >>
>>>> >> My apache2 which is delivered by SUSE is pretty old (I know).
>>>> >> linux:~ # httpd2 -l
>>>> >> Compiled in modules:
>>>> >>  core.c
>>>> >>  prefork.c
>>>> >>  http_core.c
>>>> >>  mod_so.c
>>>> >> linux:~ # httpd2 -V
>>>> >> Server version: Apache/2.2.3
>>>> >> Server built:   Apr 14 2010 11:41:47
>>>> >> Server's Module Magic Number: 20051115:3
>>>> >> Server loaded:  APR 1.2.2, APR-Util 1.2.2
>>>> >> Compiled using: APR 1.2.2, APR-Util 1.2.2
>>>> >> Architecture:   32-bit
>>>> >> Server MPM:     Prefork
>>>> >>  threaded:     no
>>>> >>    forked:     yes (variable process count)
>>>> >> Server compiled with
>>>> >>  -D APACHE_MPM_DIR="server/mpm/prefork"
>>>> >>  -D APR_HAS_SENDFILE
>>>> >>  -D APR_HAS_MMAP
>>>> >>  -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
>>>> >>  -D APR_USE_SYSVSEM_SERIALIZE
>>>> >>  -D APR_USE_PTHREAD_SERIALIZE
>>>> >>  -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
>>>> >>  -D APR_HAS_OTHER_CHILD
>>>> >>  -D AP_HAVE_RELIABLE_PIPED_LOGS
>>>> >>  -D DYNAMIC_MODULE_LIMIT=128
>>>> >>  -D HTTPD_ROOT="/srv/www"
>>>> >>  -D SUEXEC_BIN="/usr/sbin/suexec2"
>>>> >>  -D DEFAULT_PIDLOG="/var/run/httpd2.pid"
>>>> >>  -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
>>>> >>  -D DEFAULT_LOCKFILE="/var/run/accept.lock"
>>>> >>  -D DEFAULT_ERRORLOG="/var/log/apache2/error_log"
>>>> >>  -D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types"
>>>> >>  -D SERVER_CONFIG_FILE="/etc/apache2/httpd.conf"
>>>> >> linux:~ #
>>>> >>
>>>> >> Thank you in advance.
>>>> >> --
>>>> >> Best Regards / S pozdravem
>>>> >> Petr Hracek
>>>> >
>>>> >
>>>>
>>>>
>>>>
>>>> --
>>>> Best Regards / S pozdravem
>>>> Petr Hracek
>>>
>>
>>
>
>
>
> --
> Best Regards / S pozdravem
> Petr Hracek
>



-- 
Best Regards / S pozdravem
Petr Hracek


Re: graceful restart detection in prefork mode

2011-05-26 Thread Petr Hracek
No KeepAliveTimeout is 5

2011/5/26 MATSUMOTO Ryosuke :
> How do you configure "KeepAliveTimeout"?
> KeepAliveTimeout value is 15(sec) as default.
> The number of seconds Apache will wait for a subsequent request before
> closing the connection.
>
> 2011/5/26 MATSUMOTO Ryosuke 
>>
>> GracefulShutdownTimeout valiue is zero as defualt.
>> Setting this value to zero means that the server will wait indefinitely
>> until all remaining requests have been fully served.
>>
>> 2011/5/26 Petr Hracek 
>>>
>>> It is not configured yet.
>>> I suggest that GracefulShutdownTimeout 0 as default is OK, right?
>>>
>>> 2011/5/26 MATSUMOTO Ryosuke :
>>> > Hi,
>>> > How do you configure "GracefulShutdownTimeout"?
>>> > 2011/5/26 Petr Hracek 
>>> >>
>>> >> Dear developers,
>>> >>
>>> >> My situation is following:
>>> >> In my Apache2 running in prefork mode I have following situation.
>>> >>
>>> >> Whole pages (except loging page) are run over https (port 443) and
>>> >> authentication is done over my own module.
>>> >> When the most users are looking on the pages (https) then I would like
>>> >> to reload configuration of my apache over command
>>> >> apache2ctl -k graceful
>>> >>
>>> >> I suggest that new users will see new configuration and old users will
>>> >> have their session till they will not logout.
>>> >>
>>> >> But unfortunatelly all sessions are closed and as new as old users
>>> >> have to login again for other work.
>>> >>
>>> >> Is there any solution for that like detection for gracefull restart?
>>> >> Do you now any idea how to do that?
>>> >>
>>> >> My apache2 which is delivered by SUSE is pretty old (I know).
>>> >> linux:~ # httpd2 -l
>>> >> Compiled in modules:
>>> >>  core.c
>>> >>  prefork.c
>>> >>  http_core.c
>>> >>  mod_so.c
>>> >> linux:~ # httpd2 -V
>>> >> Server version: Apache/2.2.3
>>> >> Server built:   Apr 14 2010 11:41:47
>>> >> Server's Module Magic Number: 20051115:3
>>> >> Server loaded:  APR 1.2.2, APR-Util 1.2.2
>>> >> Compiled using: APR 1.2.2, APR-Util 1.2.2
>>> >> Architecture:   32-bit
>>> >> Server MPM:     Prefork
>>> >>  threaded:     no
>>> >>    forked:     yes (variable process count)
>>> >> Server compiled with
>>> >>  -D APACHE_MPM_DIR="server/mpm/prefork"
>>> >>  -D APR_HAS_SENDFILE
>>> >>  -D APR_HAS_MMAP
>>> >>  -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
>>> >>  -D APR_USE_SYSVSEM_SERIALIZE
>>> >>  -D APR_USE_PTHREAD_SERIALIZE
>>> >>  -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
>>> >>  -D APR_HAS_OTHER_CHILD
>>> >>  -D AP_HAVE_RELIABLE_PIPED_LOGS
>>> >>  -D DYNAMIC_MODULE_LIMIT=128
>>> >>  -D HTTPD_ROOT="/srv/www"
>>> >>  -D SUEXEC_BIN="/usr/sbin/suexec2"
>>> >>  -D DEFAULT_PIDLOG="/var/run/httpd2.pid"
>>> >>  -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
>>> >>  -D DEFAULT_LOCKFILE="/var/run/accept.lock"
>>> >>  -D DEFAULT_ERRORLOG="/var/log/apache2/error_log"
>>> >>  -D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types"
>>> >>  -D SERVER_CONFIG_FILE="/etc/apache2/httpd.conf"
>>> >> linux:~ #
>>> >>
>>> >> Thank you in advance.
>>> >> --
>>> >> Best Regards / S pozdravem
>>> >> Petr Hracek
>>> >
>>> >
>>>
>>>
>>>
>>> --
>>> Best Regards / S pozdravem
>>> Petr Hracek
>>
>
>



-- 
Best Regards / S pozdravem
Petr Hracek


Re: graceful restart detection in prefork mode

2011-05-26 Thread Petr Hracek
It is not configured yet.
I suggest that GracefulShutdownTimeout 0 as default is OK, right?

2011/5/26 MATSUMOTO Ryosuke :
> Hi,
> How do you configure "GracefulShutdownTimeout"?
> 2011/5/26 Petr Hracek 
>>
>> Dear developers,
>>
>> My situation is following:
>> In my Apache2 running in prefork mode I have following situation.
>>
>> Whole pages (except loging page) are run over https (port 443) and
>> authentication is done over my own module.
>> When the most users are looking on the pages (https) then I would like
>> to reload configuration of my apache over command
>> apache2ctl -k graceful
>>
>> I suggest that new users will see new configuration and old users will
>> have their session till they will not logout.
>>
>> But unfortunatelly all sessions are closed and as new as old users
>> have to login again for other work.
>>
>> Is there any solution for that like detection for gracefull restart?
>> Do you now any idea how to do that?
>>
>> My apache2 which is delivered by SUSE is pretty old (I know).
>> linux:~ # httpd2 -l
>> Compiled in modules:
>>  core.c
>>  prefork.c
>>  http_core.c
>>  mod_so.c
>> linux:~ # httpd2 -V
>> Server version: Apache/2.2.3
>> Server built:   Apr 14 2010 11:41:47
>> Server's Module Magic Number: 20051115:3
>> Server loaded:  APR 1.2.2, APR-Util 1.2.2
>> Compiled using: APR 1.2.2, APR-Util 1.2.2
>> Architecture:   32-bit
>> Server MPM:     Prefork
>>  threaded:     no
>>    forked:     yes (variable process count)
>> Server compiled with
>>  -D APACHE_MPM_DIR="server/mpm/prefork"
>>  -D APR_HAS_SENDFILE
>>  -D APR_HAS_MMAP
>>  -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
>>  -D APR_USE_SYSVSEM_SERIALIZE
>>  -D APR_USE_PTHREAD_SERIALIZE
>>  -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
>>  -D APR_HAS_OTHER_CHILD
>>  -D AP_HAVE_RELIABLE_PIPED_LOGS
>>  -D DYNAMIC_MODULE_LIMIT=128
>>  -D HTTPD_ROOT="/srv/www"
>>  -D SUEXEC_BIN="/usr/sbin/suexec2"
>>  -D DEFAULT_PIDLOG="/var/run/httpd2.pid"
>>  -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
>>  -D DEFAULT_LOCKFILE="/var/run/accept.lock"
>>  -D DEFAULT_ERRORLOG="/var/log/apache2/error_log"
>>  -D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types"
>>  -D SERVER_CONFIG_FILE="/etc/apache2/httpd.conf"
>> linux:~ #
>>
>> Thank you in advance.
>> --
>> Best Regards / S pozdravem
>> Petr Hracek
>
>



-- 
Best Regards / S pozdravem
Petr Hracek


graceful restart detection in prefork mode

2011-05-26 Thread Petr Hracek
Dear developers,

My situation is following:
In my Apache2 running in prefork mode I have following situation.

Whole pages (except loging page) are run over https (port 443) and
authentication is done over my own module.
When the most users are looking on the pages (https) then I would like
to reload configuration of my apache over command
apache2ctl -k graceful

I suggest that new users will see new configuration and old users will
have their session till they will not logout.

But unfortunatelly all sessions are closed and as new as old users
have to login again for other work.

Is there any solution for that like detection for gracefull restart?
Do you now any idea how to do that?

My apache2 which is delivered by SUSE is pretty old (I know).
linux:~ # httpd2 -l
Compiled in modules:
  core.c
  prefork.c
  http_core.c
  mod_so.c
linux:~ # httpd2 -V
Server version: Apache/2.2.3
Server built:   Apr 14 2010 11:41:47
Server's Module Magic Number: 20051115:3
Server loaded:  APR 1.2.2, APR-Util 1.2.2
Compiled using: APR 1.2.2, APR-Util 1.2.2
Architecture:   32-bit
Server MPM: Prefork
  threaded: no
forked: yes (variable process count)
Server compiled with
 -D APACHE_MPM_DIR="server/mpm/prefork"
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=128
 -D HTTPD_ROOT="/srv/www"
 -D SUEXEC_BIN="/usr/sbin/suexec2"
 -D DEFAULT_PIDLOG="/var/run/httpd2.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_LOCKFILE="/var/run/accept.lock"
 -D DEFAULT_ERRORLOG="/var/log/apache2/error_log"
 -D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types"
 -D SERVER_CONFIG_FILE="/etc/apache2/httpd.conf"
linux:~ #

Thank you in advance.
-- 
Best Regards / S pozdravem
Petr Hracek


How to restore HTTP settings/sessions during GRACEFUL restart

2010-10-18 Thread Petr Hracek
Dear apache2 users,

sorry for bother you with this issue but I need help from the apache2
developers.
In my module I am setting some HTTP settings like sessions and HTTP Title etc.

When I am calling sending SIGHUP or restarting apache2 over apache2ctl
then setting are lost.
That's correct behaviour.

But when I am sending SIGUSR1 or apache2ctl -k graceful HTTP settings
and sessions are lost as well
and that's not correct behaviour.
Is there any interface how to catch sessions and HTTP Title during
apache2 graceful
restart so that after restarting apache2 sessions and HTTP Title will
be still existing and working?

Is there any simple module/ example  where is this situation described?

Thank you in advance

-- 
Best Regards / S pozdravem
Petr Hracek


Re: type_checker

2010-06-10 Thread Petr Hracek
Could you please help me what spelling is wrong?

I want to add type_checker to my module as last step of course if there will
be no other option.

2010/6/10 Nick Kew 

>
> On 10 Jun 2010, at 09:37, Petr Hracek wrote:
>
> > Dear apache users,
>
> This is the developers list.  Users are us...@.
>
> > My module does not handler like type_checker yet.
>
> Your module?  As opposed to mod_negotiation?
>
> > How I should implement type_checker in my module which will modify
> request so that in FIRST CASE will work correctly.
>
> See the content negotiation docs.  And check your spelling.
>
> --
> Nick Kew




-- 
Best Regards / S pozdravem
Petr Hracek


type_checker

2010-06-10 Thread Petr Hracek
Dear apache users,

sorry for bother you with this question but I have a little problem with
multilanguage support in FF or IE.

My module does not handler like type_checker yet.
in the configuration file of Apache2 I have following:

AddLanguage en .en_US
AddLanguage en-us .en_US
AddLanguage en-gb .en_GB
AddLanguage de .de
AddLanguage de-at .de
AddLanguage de-DE .de
AddLanguage pt-br .pt_BR
AddLanguage pt .pt
AddLanguage es .es
AddLanguage fr .fr
AddLanguage it .it
AddLanguage nl .nl

LanguagePriority en-us en en-gb de fr it es nl pt

On the system I have only HTML pages like index.en_US and index.de,
foo.en_US and foo.de

FIRST CASE:
Unfortunatelly when in the browser I set two languages
first de-at
second en-us
then page is always shown in English language.

SECOND CASE:
When browser is so that languages are:
first de-at
second de
third en_us
then page is always shown in German language.

How I should implement type_checker in my module which will modify request
so that in FIRST CASE will work correctly.

Thank you in advance
-- 
Best Regards / S pozdravem
Petr Hracek


Authentication of proxy over own module

2010-06-10 Thread Petr Hracek
Hello apache users,

I would like to explain my problem.
I have developed the module which is used for authorization to web pages.
It works fine without problem but I would like to use that module for
authorization
of "proxy" requests as well.
Proxy requests are not defined in settings of browser (in Firefox
Tools->Options->LAN settings -> Manual configuration of proxy).

In apache conf. file I have following:



SSLEngine on
SSLProxyEngine on

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
RewriteMap foo txt:/opt/apache/conf/foo.map
RewriteRule ^/PAC$ http://192.168.0.23:8080/PACAdmin [P]
RewriteRule ^/PAC/(.*) http://192.168.0.23:8080/PACAdmin/$1 [P]
RewriteRule ^/([^/]+)$ ${foo:$1|/$1} [L]
RewriteRule ^/([^/]+)/(.*) ${foo:$1|/opt/apache/htdocs/ssldocs/$1}/$2
[L]


   
  Options +Indexes +Multiviews
  AuthType FOOM
  require   valid-user
  satisfy Any
   



   ProxyPass http://192.168.0.23:8080/PACAdmin
   ProxyPassReverse http://192.168.0.23:8080/PACAdmin
   ProxyPassReverseCookie   /PACAdmin   /PAC
   Order Allow,deny
   Allow from all


How I can used own module for authorization location /PAC/?
When user will enter URL http://192.168.0.23:8080/PAC
then firstly my own module will authorized that page and afterwards location
/PAC will be shown.
Is it possible to do it somehow?

Thanks for your help.
-- 
Best Regards / S pozdravem
Petr Hracek


My own module and catching Proxy Request

2010-04-23 Thread Petr Hracek
Authorization is based on username/password stored in database.
First of all I authenticate user and afterwards redirection is done.

I have following RewriteRule but it does not work at all.

RewriteRule ^/([^/]+)$  ${unity:$1|/$1} [L]
RewriteRule ^/([^/]+)/(.*)  ${unity:$1|/opt/apache/htdocs/ssldocs/$1}/$2 [L]
which is used for my module and
in location is:

ProxyPass   http://192.168.187.150:8080/PACCBAdmin
ProxyPassReversehttp://192.168.187.150:8080/PACCBAdmin/

ProxyPassReverseCookiePath  /PACCBAdmin/PAC
Order Allow,Deny
Allow from all


I hope that it is correct.
BR

Petr

2010/4/23 Jeffrey E Burgoyne 

> I think that would require two modules as the authorization and redirect
> hooks happen at different phases. I've actually written modules for both
> of these phases, it is pretty easy as far as modules go. And remember, the
> authorization module will ALWAYS be called before the redirection modules,
> so you already know if you hit your redirection module that authorization
> was correct.
>
> You may not, however, have to write a module. You may be able to use one
> of the already provided auth modules plus mod_rewrite to do this.
>
> Now your authorization, is it based on a username/password, or some other
> restriction (i.e. connecting IP)?
>
> If username/password, is it basic authentication controlled? If not, I've
> no experience in that area. If it is, then what is the DB used?
>
>
> > Thanks but I forgott to mentioned that my module makes an authorization
> > against database and I would like to catch that if user access some proxy
> > than first of all he has to be authorized by my module and afterwards it
> > will be redirect to the proxy. Is it possible to do that somehow?
> >
> > Thanks
> >
> > 2010/4/23 Jeffrey E Burgoyne 
> >
> >> I'm not using it in a specific module, although you easily could.
> >>
> >> I'm not at work today, but it goes something like this :
> >>
> >> I want to force all hits to go through our front end web server which
> >> acts
> >> as a reverse proxy to the back end apache server. The logic is if there
> >> is
> >> no X_FORWARDED_FOR (meaning it was not proxied), then redirect the hit
> >> to
> >> the front end reverse proxy server. I used the logic that if the
> >> X_FORWARDED_FOR did not start with 1-9 then it was not a valid proxied
> >> request :
> >>
> >> RewriteCond   %{X_FORWARDED_FOR} !^[1-9]
> >> RewriteRule   /(.*) http://proxiedhost.ca/$1 [R,L]
> >>
> >>
> >> For your module you can access the headers from the request pool and
> >> look
> >> for X_FORWARDED_FOR.
> >>
> >> Note it may be more complicated depending on your setup. Some load
> >> balancers put that value into the HTTP stream, so you may have to
> >> account
> >> for that. If it runs through multiple proxies (perhaps including a load
> >> balancer), the IP's will be list form comma seperated.
> >>
> >> Note too I have DNS lookups off, so if you have them on I suspect you
> >> would get the DNS name, not the IP, but I cannot say with 100%
> >> certainty.
> >>
> >>
> >> for example,
> >>
> >> if a client from 192.168.2.10 access 10.10.10.10, the web server sees :
> >>
> >> connecting IP - 192.168.2.10
> >> X_FORWARDED_HEADER - blank
> >>
> >> If the server at 10.10.10.10 proxies to 10.20.20.20 the web server at
> >> the
> >> .20 address sees :
> >>
> >> connecting IP - 10.10.10.01
> >> X_FORWARDED_HEADER - 192.168.2.10
> >>
> >>
> >>
> >>
> >>
> >>
> >> > How do you have configured RewriteRule together with your own module?
> >> > Could you please send me more details or example?
> >> >
> >> > Thanks
> >> > Petr
> >> >
> >> > 2010/4/23 Jeffrey E Burgoyne 
> >> >
> >> >> I use the environment variable X_FORWARDED_FOR
> >> >>
> >> >>
> >> >> http://en.wikipedia.org/wiki/X-Forwarded-For
> >> >>
> >> >>
> >> >> with mod_rewrite to determine if it came via a proxy or not.
> >> >>
> >> >> It may be of use to you.
> >> >>
> >> >>
> >> >>
> >> >> > 2010/4/22 Petr Hracek 
> >> >> >
> >> >> >> Hello *,
> >> >> &g

Re: My own module and catching Proxy Request

2010-04-23 Thread Petr Hracek
2010/4/22 Petr Hracek 

> Hello *,
>
> I hope that I am sending those question to the correct discussion list.
>
> In my Apache2 (2.2.3) configuration file I have:
> 
> SSLEngine on
> DocumentRoot "/opt/apache/htdocs/ssldocs"
> ProxyPass   /PAC/   http://192.168.187.101:8080/PACCBAdmin
> ProxyPassReverse/PAC/   http://192.168.187.150:8080/PACCBAdmin/
> RewriteEngine on
> RewriteCond %{REQUEST_METHOD} ^TRACE
> RewriteRule .* - [F]
> RewriteMap unity txt:/opt/apache/conf/unity.map
> RewriteRule ^/([^/]+)$  ${unity:$1|/$1} [L]
> RewriteRule ^/([^/]+)/(.*)  ${unity:$1|/opt/apache/htdocs/ssldocs/$1}/$2
> [L]
> RewriteLog "/var/log/apache2/rewrite_log"
> RewriteLogLevel 3
>
> 
> ProxyPassReverseCookiePath /PACCBAdmin /PAC
> Order Allow,Deny
> Allow from all
> 
>
> 
>
> In the my modules which takes care about AAA, Security issues, etc.
> I would like to catch in my module when URL contains /PAC/ (which means
> that this is proxy) than it tell to module that this request is not a
> bussiness for them.
> Is it possible to do that somehow?
> I have found that r->proxyreq contains if the Request is Proxy or not.
>
> Thank you in advance
> --
> Best Regards / S pozdravem
> Petr Hracek
>

Hello *,

May be I have asked wrongly.

How can I detect if the request from browser if Proxy or not?
How should I configure apache for that case?

-- 
Best Regards / S pozdravem
Petr Hracek


My own module and catching Proxy Request

2010-04-22 Thread Petr Hracek
Hello *,

I hope that I am sending those question to the correct discussion list.

In my Apache2 (2.2.3) configuration file I have:

SSLEngine on
DocumentRoot "/opt/apache/htdocs/ssldocs"
ProxyPass   /PAC/   http://192.168.187.101:8080/PACCBAdmin
ProxyPassReverse/PAC/   http://192.168.187.150:8080/PACCBAdmin/
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
RewriteMap unity txt:/opt/apache/conf/unity.map
RewriteRule ^/([^/]+)$  ${unity:$1|/$1} [L]
RewriteRule ^/([^/]+)/(.*)  ${unity:$1|/opt/apache/htdocs/ssldocs/$1}/$2 [L]
RewriteLog "/var/log/apache2/rewrite_log"
RewriteLogLevel 3


ProxyPassReverseCookiePath /PACCBAdmin /PAC
Order Allow,Deny
Allow from all




In the my modules which takes care about AAA, Security issues, etc.
I would like to catch in my module when URL contains /PAC/ (which means that
this is proxy) than it tell to module that this request is not a bussiness
for them.
Is it possible to do that somehow?
I have found that r->proxyreq contains if the Request is Proxy or not.

Thank you in advance
-- 
Best Regards / S pozdravem
Petr Hracek


Re: Problem with compiling module

2010-04-08 Thread Petr Hracek
2010/4/8 Petr Hracek 

> Sorry for that mail.
> I have found that my_module.so is stored in directory .libs.
> --
> Petr Hracek
>
> 2010/4/8 Petr Hracek 
>
> Problem was within the makefile.
>> All C files has been compiled alone and
>> I wanted to run apxs -o my_module.la but it failed.
>>
>> Finally I have my_module.la.
>> How can I convert my_module.la to my_module.so?
>>
>> best regards
>> --
>> Petr Hracek
>>
>> 2010/4/7 Jeff Trawick 
>>
>> On Wed, Apr 7, 2010 at 10:03 AM, Petr Hracek  wrote:
>>> > Unfortunatelly I do not have apr on the system.
>>> > Do you know where I can get them?
>>>
>>> since you have a working httpd 2.2.14, you have apr already
>>>
>>> what happens when you try to build your module with apxs?
>>>
>>
>>
>>
>>
>>
>
>

I have found another strange thing:
During the compilation I have found that it failed because of
XtOffsetOf is missing and on the UnixWare I did not find any header where it
could be mentioned.
Could you please help me with that issue as well?

--
Petr Hracek


Re: Problem with compiling module

2010-04-08 Thread Petr Hracek
Sorry for that mail.
I have found that my_module.so is stored in directory .libs.
--
Petr Hracek

2010/4/8 Petr Hracek 

> Problem was within the makefile.
> All C files has been compiled alone and
> I wanted to run apxs -o my_module.la but it failed.
>
> Finally I have my_module.la.
> How can I convert my_module.la to my_module.so?
>
> best regards
> --
> Petr Hracek
>
> 2010/4/7 Jeff Trawick 
>
> On Wed, Apr 7, 2010 at 10:03 AM, Petr Hracek  wrote:
>> > Unfortunatelly I do not have apr on the system.
>> > Do you know where I can get them?
>>
>> since you have a working httpd 2.2.14, you have apr already
>>
>> what happens when you try to build your module with apxs?
>>
>
>
>
>
>


Re: Problem with compiling module

2010-04-08 Thread Petr Hracek
Problem was within the makefile.
All C files has been compiled alone and
I wanted to run apxs -o my_module.la but it failed.

Finally I have my_module.la.
How can I convert my_module.la to my_module.so?

best regards
--
Petr Hracek

2010/4/7 Jeff Trawick 

> On Wed, Apr 7, 2010 at 10:03 AM, Petr Hracek  wrote:
> > Unfortunatelly I do not have apr on the system.
> > Do you know where I can get them?
>
> since you have a working httpd 2.2.14, you have apr already
>
> what happens when you try to build your module with apxs?
>


Re: Problem with compiling module

2010-04-07 Thread Petr Hracek
Unfortunatelly I do not have apr on the system.
Do you know where I can get them?

Thank you in advance
--
Petr Hracek

2010/4/7 Nick Kew 

> On Wed, 7 Apr 2010 14:46:03 +0200
> Petr Hracek  wrote:
>
> > Hello all,
> >
> > I would like to compile my module under UnixWare 7.1.4 but it shows me
> > following error:
> > UX:cc: WARNING: -Kthread and -Kpthread both supplied; -Kpthread used
> > Undefined
> > symbol
>
> You shouldn't try to link the module!
>
> Use apxs to get the right build options for your platform
> (though on a minority platform, there might be issues to sort).
>
> --
> Nick Kew
>


Problem with compiling module

2010-04-07 Thread Petr Hracek
Hello all,

I would like to compile my module under UnixWare 7.1.4 but it shows me
following error:
UX:cc: WARNING: -Kthread and -Kpthread both supplied; -Kpthread used
Undefined
symbol
ap_get_server_version
ap_log_error
UX:ld: ERROR: Symbol referencing errors.

Version of apache which is used is 2.2.14.
Libraries which were used during the compilation were:
*/usr/ccs/bin/cc* *-DRT_OS_UW=714* -DUSE_SYSVSEM_SERIALIZED_ACCEPT
-DNEED_UNION_SEMUN -Kthread -lapr-1 -laprutil-1 -lsocket -ljoyin -lpthread
-o module.la 

Thank you in advance
Petr


Re: Data are send in reverse order

2009-09-16 Thread Petr Hracek
Sorry it was my fault.

I have corrected them to r->output_filters now.
But situation is the same. Data are send but java aplication which receiving
data
sended over ap_pass_brigade does not receive anything. It seems that between
apache and java aplication are "lost" is there any posibility how to track
if that hasa been really send via ap_pass_brigade?

2009/9/16 Graham Leggett 

> Petr Hracek wrote:
>
> > In my module I do not modify any data sended from server to client.
> > Unfortunatelly when I am using ap_r* then firstly are sended data and
> > then HTTP relevant code.
>
> That's because you've made the same mistake in this code that you made
> in the previous code you posted:
>
> > ap_pass_brigade(r->connection->output_filters,bb);
>   ^
>
> Regards,
> Graham
> --
>
>


Re: Data are send in reverse order

2009-09-16 Thread Petr Hracek
In my module I do not modify any data sended from server to client.
Unfortunatelly when I am using ap_r* then firstly are sended data and then
HTTP relevant code.

Sample code is:
/*
 * Procedure for sending data from server to client side
 * Instead of ap_rvputs like functions should be used following procedure
 * especially for SecMCJ issue
 */
apr_status_t send_data_to_client(request_rec *r, char * data_to_send, int
length_data)
{
//apr_status_t rv;
apr_bucket_brigade * bb =
apr_brigade_create(r->pool,r->connection->bucket_alloc);
apr_bucket * b =
apr_bucket_immortal_create(data_to_send,length_data,r->connection->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(bb,b);
ap_pass_brigade(r->connection->output_filters,bb);
//apr_bucket_destroy(b);
//apr_brigade_destroy(bb);
return OK;
}


/*
 * 
 * SetHandler ussw-secmcj
 * allow from all
 * Satisfy any
 * 
 */

int udsc_secmcj_handler(request_rec *r)
{
secmcj_body = apr_pstrcat(r->pool,
  "sessionID=",
  apr_psprintf(r->pool, "%lu", pSession->us.udsc_sessionid),
  "&requestNr=", pSession->session_id,
  *request_body == '&' ? "" : "&",
  request_body,
  NULL);
/* now post the data to usmw /secmcj */
ap_log_error(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, 0, r->server,
"secmcj body: %s",secmcj_body);

/* now return the response to the client (secmcj class) */
ap_log_error(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, 0, r->server,
"secmcj body receive: %s",response_body);

r->content_type = "text/plain";

/* added because of JRE 1.4 SE SSL problem */
bodylen = strlen(response_body);
ap_set_content_length(r, bodylen);


ap_send_http_header(r);

if (r->header_only)
{
ap_log_error(APLOG_MARK,APLOG_NOERRNO | APLOG_DEBUG, 0, r->server,
"HEADER ONLY");
return OK;
}

ap_log_error(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, 0, r->server,
"before any sending. Length is:%d",bodylen);
send_data_to_client(r,response_body, bodylen);
return OK;
}


best regards
Petr
Nick Kew napsal(a):

> Petr Hracek wrote:
>
>> I have found mod_nntp_like where is mention in
>> ap_pass_brigade(c->output_filters,bb);
>> and in smtp_core is usage the same.
>>
>
> Those are protocol modules.  So anything-HTTP is not relevant to them.
>
>  Unfortunatelly when I am using ap_pass_brigade(r->output_filter,bb);
>> then it is not working. Web page is not show.
>>
>
> Do you need to use anything more complex than the ap_r* family
> (ap_rputs, etc)?  If so (and if what Graham already told you isn't
> enough) you might want my book - details at http://www.apachetutor.org/
>
>


Re: Data are send in reverse order

2009-09-15 Thread Petr Hracek
I have found mod_nntp_like where is mention in
ap_pass_brigade(c->output_filters,bb);
and in smtp_core is usage the same.

Unfortunatelly when I am using ap_pass_brigade(r->output_filter,bb);
then it is not working. Web page is not show.

Is it neccessary to configure Apache for using brigade and buckets?

regards
Petr

2009/9/15 Graham Leggett 

> Petr Hracek wrote:
>
> > I do not understand of this thing.
> > Could you please tell me if I have already connection between browser
> > and apache server why I should use request_rec->output_filters instead
> > of request_rec->connection->output_filters?
> >
> > I thought that if connection is established than request_rec->connection
> > should be used, right?
>
> Unfortunately not, no.
>
> The HTTP protocol allows many requests to occur over the same
> connection, and httpd models this by having a connection filter stack,
> in which is created a per-request filter stack, one for each request.
>
> The connection filter stack knows virtually nothing about HTTP, all the
> filters that do know about HTTP - most specifically the filter that
> writes headers - are part of the request filter stack.
>
> If you write to the connection filter stack, you are bypassing all the
> HTTP filters, and what you wrote appears on the socket immediately.
> Later on in your code, something else is writing to the request filter
> stack, and this causes the headers filter to output the headers, after
> the data you've just written.
>
> Regards,
> Graham
> --
>


Re: Data are send in reverse order

2009-09-15 Thread Petr Hracek
I do not understand of this thing.
Could you please tell me if I have already connection between browser and
apache server why I should use request_rec->output_filters instead of
request_rec->connection->output_filters?

I thought that if connection is established than request_rec->connection
should be used, right?

regards
Petr


2009/9/15 Graham Leggett 

> Petr Hracek wrote:
>
> > in my apache module (written in C) are sended data to the client side
> > over buckets and brigades.
> > Function for send these date is:
> > apr_status_t send_data_to_client(request_rec *r, char * data_to_send,
> > int length_data)
> > {
> > apr_bucket_brigade * bb =
> > apr_brigade_create(r->pool,r->connection->bucket_alloc);
> > apr_bucket * b =
> >
> apr_bucket_immortal_create(data_to_send,length_data,r->connection->bucket_alloc);
> > APR_BRIGADE_INSERT_TAIL(bb,b);
> > ap_pass_brigade(r->connection->output_filters,bb);
>  ^
> > return OK;
> > }
> >
> > It is working but in the traces of application which receive the data
> > from apache module the HTTP data are in reverse order.
>
> At a quick glance, I would blame the line highlighted above - you are
> trying to write your data directly to the connection filters, rather
> than to the request filters. By doing that, your data is sent before the
> request, not after, and so you see your data before the headers, not after.
>
> Regards,
> Graham
> --
>


Data are send in reverse order

2009-09-14 Thread Petr Hracek
Hello *,

in my apache module (written in C) are sended data to the client side over
buckets and brigades.
Function for send these date is:
apr_status_t send_data_to_client(request_rec *r, char * data_to_send, int
length_data)
{
apr_bucket_brigade * bb =
apr_brigade_create(r->pool,r->connection->bucket_alloc);
apr_bucket * b =
apr_bucket_immortal_create(data_to_send,length_data,r->connection->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(bb,b);
ap_pass_brigade(r->connection->output_filters,bb);
return OK;
}

It is working but in the traces of application which receive the data from
apache module the HTTP data are in reverse order.
First are received data and then is received HTTP header. Do you know how to
switch this order to the normal state, first is sended HTTP header and
afterwards are sended data?

Before when the data are send is following code:

r->content_type = "text/plain";

bodylen = strlen(response_body);
ap_set_content_length(r, bodylen);

ap_send_http_header(r);

if (r->header_only)
{
ap_log_error(APLOG_MARK,APLOG_NOERRNO | APLOG_DEBUG, 0, r->server,
"HEADER ONLY");
return OK;
}
send_data_to_client(r,response_body, bodylen);


best regards
Petr


Re: Catching graceful restart in apache2 module

2009-08-04 Thread Petr Hracek
That's true. I have some changes and this function returns always.
In my post_config handler function I have following code:
if(!ap_graceful_stop_signalled())
{
ap_log_error(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, 0,
base_server, "!!! Graceful has not been called therefor kill all sessions
!!!");
udsc_usmw_killsessions(base_server);
}

Unfortunatelly it does not work.
Best regards
Petr

2009/8/4 Graham Dumpleton 

> 2009/8/4 Graham Dumpleton :
> > 2009/8/4 Ruediger Pluem :
> >>
> >>
> >> On 08/04/2009 09:02 AM, Graham Dumpleton wrote:
> >>> 2009/8/4 Petr Hracek :
> >>>> I have found in following link: (
> http://wiki.apache.org/httpd/ModuleLife)
> >>>>
> >>>> Race conditions during graceful restart
> >>>>
> >>>> During a graceful restart, old children are still serving old requests
> while
> >>>> new children are serving new requests. If the same lock must be used
> by old
> >>>> and new children, then the lock name must be the same and cannot be
> >>>> generated with tmpnam() or similar functions in the post_config hook.
> >>>>
> >>>> Which lock is means there. I have already found the in the post_config
> I
> >>>> have cleanuped procedure, but in the post_config is already mentioned
> >>>> function for killing all session.
> >>>> Is there any way how to detect if the restart of apache has been done
> as
> >>>> gracefull or as hard restart?
> >>>
> >>> /**
> >>>  * predicate indicating if a graceful stop has been requested ...
> >>>  * used by the connection loop
> >>>  * @return 1 if a graceful stop has been requested, 0 otherwise
> >>>  * @deffunc int ap_graceful_stop_signalled(*void)
> >>>  */
> >>> AP_DECLARE(int) ap_graceful_stop_signalled(void);
> >>
> >> Is this also true for graceful restarts?
> >> The comment only talks about graceful stops.
> >
> > Hmmm, I presumed that the server child process wouldn't know the
> > difference and that 'stop' here meant 'stop' of an individual process
> > and not the server as a whole. I guess a bit of digging through code
> > is necessary to verify what actually happens.
> >
> > I could also possibly be wrong in assuming they were wanting to know
> > about detecting in a server child process and not Apache parent
> > process. I haven't exactly been following the discussion in detail.
>
> In prefork that function returns false all the time anyway. :-(
>
> Graham
>


Re: Catching graceful restart in apache2 module

2009-08-03 Thread Petr Hracek
I have found in following link: (http://wiki.apache.org/httpd/ModuleLife)
Race conditions during graceful restart

During a graceful restart, old children are still serving old requests while
new children are serving new requests. If the same lock must be used by old
and new children, then the lock name must be the same and cannot be
generated with tmpnam() or similar functions in the post_config hook.

Which lock is means there. I have already found the in the post_config I
have cleanuped procedure, but in the post_config is already mentioned
function for killing all session.
Is there any way how to detect if the restart of apache has been done as
gracefull or as hard restart?

best regards
Petr Hracek

2009/8/1 Petr Hracek 

> As you mentioned:
> >The request pool is no good, because that's cleaned up at the end of the
> >request. The connection pool is also no good, because that gets cleaned
> >up after the connection dies. You're probably after the pool you're
> >given during the post_config hook, which gets destroyed on server
> >shutdown (graceful or otherwise).
>
> It means that in post_config can be handled the server has been shutdown
> with either restart or graceful command for specific pool?
> If I understand right then if pool is opened then it would not end because
> of apache2 has been restarted with option graceful, right?
> Is it behaviour the same when the server is going down in shel with the
> gracefull command?
> Is there any example how to implement in the post_config handler?
>
> Best regards
> Petr
>
> 2009/7/31 Graham Leggett 
>
> Petr Hracek wrote:
>>
>> > Thank for the answer.
>> >
>> > Could you please explain in details how to do "register save-sessions as
>> > a pool cleanup".
>>
>> You call a function that looks like this to register your cleanup:
>>
>>apr_pool_cleanup_register(pool, (void *) foo, foo_cleanup,
>>foo_cleanup);
>>
>> The function foo_cleanup() is a function you write yourself, that does
>> whatever you want the cleanup to do:
>>
>> static apr_status_t foo_cleanup(void *dummy) {
>>foo_t *foo = (foo_t *)dummy;
>>
>>... do stuff using foo ...
>>
>>return APR_SUCCESS;
>> }
>>
>> The variable foo is a void pointer that points to whatever you want your
>> cleanup to operate on, such as a pointer to your session config, or
>> whatever you want.
>>
>> The cleanup gets run when the pool is deleted, ie when someone calls
>> apr_pool_destroy() on that pool.
>>
>> What you need to do at this point is decide which pool you attach your
>> cleanup to.
>>
>> The request pool is no good, because that's cleaned up at the end of the
>> request. The connection pool is also no good, because that gets cleaned
>> up after the connection dies. You're probably after the pool you're
>> given during the post_config hook, which gets destroyed on server
>> shutdown (graceful or otherwise).
>>
>> Regards,
>> Graham
>> --
>>
>
>


Re: Catching graceful restart in apache2 module

2009-08-01 Thread Petr Hracek
As you mentioned:
>The request pool is no good, because that's cleaned up at the end of the
>request. The connection pool is also no good, because that gets cleaned
>up after the connection dies. You're probably after the pool you're
>given during the post_config hook, which gets destroyed on server
>shutdown (graceful or otherwise).

It means that in post_config can be handled the server has been shutdown
with either restart or graceful command for specific pool?
If I understand right then if pool is opened then it would not end because
of apache2 has been restarted with option graceful, right?
Is it behaviour the same when the server is going down in shel with the
gracefull command?
Is there any example how to implement in the post_config handler?

Best regards
Petr

2009/7/31 Graham Leggett 

> Petr Hracek wrote:
>
> > Thank for the answer.
> >
> > Could you please explain in details how to do "register save-sessions as
> > a pool cleanup".
>
> You call a function that looks like this to register your cleanup:
>
>apr_pool_cleanup_register(pool, (void *) foo, foo_cleanup,
>foo_cleanup);
>
> The function foo_cleanup() is a function you write yourself, that does
> whatever you want the cleanup to do:
>
> static apr_status_t foo_cleanup(void *dummy) {
>foo_t *foo = (foo_t *)dummy;
>
>... do stuff using foo ...
>
>return APR_SUCCESS;
> }
>
> The variable foo is a void pointer that points to whatever you want your
> cleanup to operate on, such as a pointer to your session config, or
> whatever you want.
>
> The cleanup gets run when the pool is deleted, ie when someone calls
> apr_pool_destroy() on that pool.
>
> What you need to do at this point is decide which pool you attach your
> cleanup to.
>
> The request pool is no good, because that's cleaned up at the end of the
> request. The connection pool is also no good, because that gets cleaned
> up after the connection dies. You're probably after the pool you're
> given during the post_config hook, which gets destroyed on server
> shutdown (graceful or otherwise).
>
> Regards,
> Graham
> --
>


Re: Catching graceful restart in apache2 module

2009-07-30 Thread Petr Hracek
Thank for the answer.

Could you please explain in details how to do "register save-sessions as a
pool cleanup".
Some example whould be enought.
Where to do that (in which hook)?
During the initialization of the my module I am calling the function for
killing all sessions but
If I will know how to detect that gracefull restart which has been occured
than this function will not be called.

Thank you in advance.
Petr

2009/7/30 Nick Kew 

> Petr Hracek wrote:
>
>  Is there any way how to detect that gracefull restart has been started and
>> where should I place
>> the code for detection in our module.
>>
>
> I can't think of anything OTTOMH.  Normal practice would be for
> the client to hold a session token, which the server can use as
> a database key to the full session.
>
> Likeliest suggestion would be to put restore-sessions in a
> post-config hook, and register save-sessions as a pool cleanup.
> But that doesn't make very much sense, either: if your
> application relies on sessions that would be affected
> by a server restart, then you're also relying on
> client behavior that isn't mandated by HTTP.
>
> --
> Nick Kew
>


Catching graceful restart in apache2 module

2009-07-30 Thread Petr Hracek
Hello all,

sorry for bother you with this question, but I do not know how to handle
graceful restart in apache2 module.

I will try to explain the situation:
To the our apache2 configuration file are dynamically added directives

with the authorizations, options, etc.

When the apache2 is running than all web pages are visible and work
correctly,
All applications are running over HTTPS therefore our module handled
sessions with clients.
When I am adding some directive Directory I would like to tell to the
apache2 to reuse/reopen changed configuration file.
When I am calling /usr/sbin/apache2ctl -k graceful then apache2 is restarted
gracefully
unfortunatelly all sessions with clients are deleted during the stopping
case.

Is there any way how to detect that gracefull restart has been started and
where should I place
the code for detection in our module.

Thank you in advance
best regards
Petr Hracek