Recognition of local / remote request
Dear developers, I would like to ask you how can I recognize whether request is performed from local PC or from remote PC? Is it possible to use ServerName where I will define remote IP address? My situation is the when user is connected from the local PC over 127.0.0.1 or 192.168.*.* than URL will be allowed. Otherwise URL will be permitted for user. Thank you in advance -- Best Regards / S pozdravem Petr Hracek
Re: How to "call" one module from the another module
I have solve that by more virtual hosts. Now it is working but another problem occurs: When URL is entered like: https:///APPL1/index.html and it is redirecting to https:///APPL1/index.jsp then is returns me HTTP 404 because of https:///APPL1indexjsp. WITHOUT /. Do you know where can be a problem? Can that be solved by ProxyHTMLURLMap? Thank you in advance Dne 27. července 2011 15:46 Eric Covener napsal(a): > On Wed, Jul 27, 2011 at 9:35 AM, Stefan Fritsch wrote: >> On Wednesday 27 July 2011, Petr Hracek wrote: >>> Dear users, >>> >>> I have one simple question. >>> Is there any possibility how to "call" module from the another >>> module? >>> >>> Let's say that my module is used for checking whether user is >>> logged, session is expired, etc. >>> When all those tests are satisfied then URL which was checked by my >>> module is redirect to another module e.g proxy? >>> >>> https:///APPL1 should be authenticated by my own >>> proprietary module and when this is successed then it is redirect >>> to proxy defined in /etc/apache/conf/my_conf.conf file >>> >>> >>> SSLEngine on >>> SSLProxyEngine on >>> ProxyRequests Off >>> TraceEnable Off >>> >>> >>> AuthType SEC_CHECK >>> require valid-user >>> satisfy Any >>> >>> >>> >>> ProxyPass /APPL1 http://192.0.2.20:8080/APPLONE >>> ProxyPassReverse /APPL1 http://192.0.2.20:8080/APPLONE >>> >>> AuthType in my module SEC_CHECK is defined so: >>> #defined SECURITY_AUTH_CHECK "SEC_CHECK" >>> r->ap_auth_type = SECURITY_AUTH_CHECK >>> Is this "behaviour" possible? >> >> mod_proxy should handle the request with you having to do anything in >> your module. Have you tried replacing your auth module with basic auth >> and checked if that works? If no, there is likely some other problem >> in your config. >> > > If it wasn't already intended to be reverse proxied, or successful > auth in your mod changes where it's destined for, see how mod_rewrite > implements the [P] flag to pass along a request to mod_proxy. > > -- > Eric Covener > cove...@gmail.com > -- Best Regards / S pozdravem Petr Hracek
How to "call" one module from the another module
Dear users, I have one simple question. Is there any possibility how to "call" module from the another module? Let's say that my module is used for checking whether user is logged, session is expired, etc. When all those tests are satisfied then URL which was checked by my module is redirect to another module e.g proxy? https:///APPL1 should be authenticated by my own proprietary module and when this is successed then it is redirect to proxy defined in /etc/apache/conf/my_conf.conf file SSLEngine on SSLProxyEngine on ProxyRequests Off TraceEnable Off AuthType SEC_CHECK require valid-user satisfy Any ProxyPass /APPL1 http://192.0.2.20:8080/APPLONE ProxyPassReverse /APPL1 http://192.0.2.20:8080/APPLONE AuthType in my module SEC_CHECK is defined so: #defined SECURITY_AUTH_CHECK "SEC_CHECK" r->ap_auth_type = SECURITY_AUTH_CHECK Is this "behaviour" possible? -- Best Regards / S pozdravem Petr Hracek
Authentication and ReverseProxy to more servers
Dear developers, sorry for bother you with that question but I could not imagine where I have made a problem? Situation have to be following: I have MAIN server connected to the intranet. To that MAIN server are connected some other servers. In the MAIN server is buildup proprietary authentication module which is used for authorization and authentication. When the user write down in URL somethink like: https:///application1 then this should be reversed proxied to the http://192.168.0.20:8080/appl1 https:///application2 then this should be reversed proxied to the http://192.168.0.30:8080/appl2 Both applications like application1 and application2 have to be authorized first in the MAIN server and than proxied to the relevant servers. Authentication works fine but it is not proxied. In the /var/log/apache2/error_log file is not mentioned and log from mod_proxy.c module and ReverseProxy is not working at all. In the log is mentioned only: File does not exists: /srv/www/htdocs/ssldocs/application1 But this is true because of it has to be proxied. Handlers in my modules are: static void register_hooks(apr_pool_t * p) { static const char * const aszPre[]={"mod_proxy.c","mod_proxy_http.c","mod_proxy_ajp.c",NULL}; ap_hook_auth_checker(access_handler,NULL,NULL,APR_HOOK_FIRST); ap_hook_check_user_id(auth_handler,NULL,NULL,APR_HOOK_FIRST); } Should be there add ap_hook_map_to_storage? Could you please let me know how to do it? Configuration file in MAIN server looks like: DocumentRoot "/srv/www/htdocs/ssldocs" SSLEngine on SSLProxyEngine on ProxyRequests Off AuthType OwnSec require valid-user Order Allow,deny Allow from all ProxyPass /application1 http://192.168.0.20:8080/appl1 ProxyPassReverse /application1 http://192.168.0.20:8080/appl1 ProxyPass /application2 http://192.168.0.30:8080/appl1 ProxyPassReverse /application2 http://192.168.0.30:8080/appl2 -- Best Regards / S pozdravem Petr Hracek
Proxy authentication
Dear users, I have problems with proxy authorization and I could not image where is a problem. Configuration in my : SSLEngine on SSLProxyEngine on ProxyRequests off RewriteEngine on RewriteCond %{REQUEST_METHOD} ^TRACE RewriteMap pages txt:/opt/httpd2/conf/pages.txt RewriteRule ^/([^/]+)${pages:$1|/$1} $ RewriteRule ^/([^/]+)/(.*)${pages:$1|/opt/httpd2/htdocs/ssldocs/$1}/$2 [L] Options Includes Multiviews FollowSymLinks AllowOverride None Order deny,allow Deny from all AuthType SECURE_USER require valid-user Satisfy Any Options + Indexes +Multiviews AuthType SECURE_USER require valid-user satisfy Any AuthType SECURE_USER require valid-user ProxyPass http://192.2.0.25:8080/ATSAdmin ProxyPassReverse http://192.2.0.25:8080/ATSAdmin satisfy Any In the module is mentioned: r->ap_auth_type = SECURE_USER; Format of the file pages.txt is: App1 /opt/App1/htdocs App1 App2 /opt/App2/htdocs App2 App3 /opt/App3/htdocs App3 https:///ATS/ I want to authorized over my module and when the authorization is done the it is proxied to the http://192.2.0.25:8080/ATSAdmin. Could you please let me know where I have made a mistake? My module have following hooks: static void register_hooks(apr_pool_t *p) { ap_hook_post_config(init_Module,NULL,NULL,APR_HOOK_MIDDLE); ap_hook_auth_checker(auth_handler,NULL,NULL,APR_HOOK_MIDDLE); ap_hook_check_user_id(access_handler,NULL,NULL,APR_HOOK_MIDDLE); ap_hook_handler(notification_handler,NULL,NULL,APR_HOOK_MIDDLE); ap_hook_fixups(fixups,NULL,NULL,APR_HOOK_MIDDLE); ap_hook_child_init(init_Child,NULL,NULL,APR_HOOK_MIDDLE); ap_hook_handler(secure_handler,NULL,NULL,APR_HOOK_MIDDLE); ap_hook_handler(login_handler,NULL,NULL,APR_HOOK_MIDDLE); ap_hook_handler(single_login_handler,NULL,NULL,APR_HOOK_MIDDLE); ap_hook_handler(logout_handler,NULL,NULL,APR_HOOK_MIDDLE); } When the access_checker return value is OK than it shown me page 404. When the access_checker return value is DECLINED that it shown me page unauthorized access. Shal I use some http redirection to the proxy pages? When I will do that so that configuration is: ProxyPass http://192.2.0.25/ Order deny,allow Allow from all AuthType Basic AuthName "Password Required" AuthUserFile password.file AuthGroupFile group.file Require group usergroup Than all works fine. -- Best Regards / S pozdravem Petr Hracek
Succeed compilation with FIPS
Dear developers, I have tried to find out on the web what is the correct way how to compile http2 so that it will be compliance with FIPS 140-2. I have already build up OpenSSL libraries with FIPS and development files as well. I have try to run ./configure --with-ssl= and it seems to be good but how can I call make? like: make CC=fipsld FIPSLD_CC=gcc ? thank you in advance -- Best Regards / S pozdravem Petr Hracek
SSLFIPS from which version
Dear users, sorry for bother you with that issue but I have try to find out from which version is Directive SSLFIPS available in apache2. I have found in source code that SSLFIPS is available from apache2 2.2.16. Is this information correct? Are there any steps how to build up apache2 together with FIPS 140-2? Best regards / S pozdravem Petr Hracek
Re: graceful restart detection in prefork mode
Configuration is: Timeout 300 KeepAlive Off KeepAliveTimeout 5 MaxKeepAliveRequests 100 StartServers 5 MaxClients 150 MinSpareServers 2 MaxSpareServers 8 MaxRequestsPerChild 0 #MinSpareThreads 25 #MaxSpareThreads 150 #ThreadsPerChild 25 2011/5/26 Petr Hracek : > No KeepAliveTimeout is 5 > > 2011/5/26 MATSUMOTO Ryosuke : >> How do you configure "KeepAliveTimeout"? >> KeepAliveTimeout value is 15(sec) as default. >> The number of seconds Apache will wait for a subsequent request before >> closing the connection. >> >> 2011/5/26 MATSUMOTO Ryosuke >>> >>> GracefulShutdownTimeout valiue is zero as defualt. >>> Setting this value to zero means that the server will wait indefinitely >>> until all remaining requests have been fully served. >>> >>> 2011/5/26 Petr Hracek >>>> >>>> It is not configured yet. >>>> I suggest that GracefulShutdownTimeout 0 as default is OK, right? >>>> >>>> 2011/5/26 MATSUMOTO Ryosuke : >>>> > Hi, >>>> > How do you configure "GracefulShutdownTimeout"? >>>> > 2011/5/26 Petr Hracek >>>> >> >>>> >> Dear developers, >>>> >> >>>> >> My situation is following: >>>> >> In my Apache2 running in prefork mode I have following situation. >>>> >> >>>> >> Whole pages (except loging page) are run over https (port 443) and >>>> >> authentication is done over my own module. >>>> >> When the most users are looking on the pages (https) then I would like >>>> >> to reload configuration of my apache over command >>>> >> apache2ctl -k graceful >>>> >> >>>> >> I suggest that new users will see new configuration and old users will >>>> >> have their session till they will not logout. >>>> >> >>>> >> But unfortunatelly all sessions are closed and as new as old users >>>> >> have to login again for other work. >>>> >> >>>> >> Is there any solution for that like detection for gracefull restart? >>>> >> Do you now any idea how to do that? >>>> >> >>>> >> My apache2 which is delivered by SUSE is pretty old (I know). >>>> >> linux:~ # httpd2 -l >>>> >> Compiled in modules: >>>> >> core.c >>>> >> prefork.c >>>> >> http_core.c >>>> >> mod_so.c >>>> >> linux:~ # httpd2 -V >>>> >> Server version: Apache/2.2.3 >>>> >> Server built: Apr 14 2010 11:41:47 >>>> >> Server's Module Magic Number: 20051115:3 >>>> >> Server loaded: APR 1.2.2, APR-Util 1.2.2 >>>> >> Compiled using: APR 1.2.2, APR-Util 1.2.2 >>>> >> Architecture: 32-bit >>>> >> Server MPM: Prefork >>>> >> threaded: no >>>> >> forked: yes (variable process count) >>>> >> Server compiled with >>>> >> -D APACHE_MPM_DIR="server/mpm/prefork" >>>> >> -D APR_HAS_SENDFILE >>>> >> -D APR_HAS_MMAP >>>> >> -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) >>>> >> -D APR_USE_SYSVSEM_SERIALIZE >>>> >> -D APR_USE_PTHREAD_SERIALIZE >>>> >> -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT >>>> >> -D APR_HAS_OTHER_CHILD >>>> >> -D AP_HAVE_RELIABLE_PIPED_LOGS >>>> >> -D DYNAMIC_MODULE_LIMIT=128 >>>> >> -D HTTPD_ROOT="/srv/www" >>>> >> -D SUEXEC_BIN="/usr/sbin/suexec2" >>>> >> -D DEFAULT_PIDLOG="/var/run/httpd2.pid" >>>> >> -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" >>>> >> -D DEFAULT_LOCKFILE="/var/run/accept.lock" >>>> >> -D DEFAULT_ERRORLOG="/var/log/apache2/error_log" >>>> >> -D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types" >>>> >> -D SERVER_CONFIG_FILE="/etc/apache2/httpd.conf" >>>> >> linux:~ # >>>> >> >>>> >> Thank you in advance. >>>> >> -- >>>> >> Best Regards / S pozdravem >>>> >> Petr Hracek >>>> > >>>> > >>>> >>>> >>>> >>>> -- >>>> Best Regards / S pozdravem >>>> Petr Hracek >>> >> >> > > > > -- > Best Regards / S pozdravem > Petr Hracek > -- Best Regards / S pozdravem Petr Hracek
Re: graceful restart detection in prefork mode
No KeepAliveTimeout is 5 2011/5/26 MATSUMOTO Ryosuke : > How do you configure "KeepAliveTimeout"? > KeepAliveTimeout value is 15(sec) as default. > The number of seconds Apache will wait for a subsequent request before > closing the connection. > > 2011/5/26 MATSUMOTO Ryosuke >> >> GracefulShutdownTimeout valiue is zero as defualt. >> Setting this value to zero means that the server will wait indefinitely >> until all remaining requests have been fully served. >> >> 2011/5/26 Petr Hracek >>> >>> It is not configured yet. >>> I suggest that GracefulShutdownTimeout 0 as default is OK, right? >>> >>> 2011/5/26 MATSUMOTO Ryosuke : >>> > Hi, >>> > How do you configure "GracefulShutdownTimeout"? >>> > 2011/5/26 Petr Hracek >>> >> >>> >> Dear developers, >>> >> >>> >> My situation is following: >>> >> In my Apache2 running in prefork mode I have following situation. >>> >> >>> >> Whole pages (except loging page) are run over https (port 443) and >>> >> authentication is done over my own module. >>> >> When the most users are looking on the pages (https) then I would like >>> >> to reload configuration of my apache over command >>> >> apache2ctl -k graceful >>> >> >>> >> I suggest that new users will see new configuration and old users will >>> >> have their session till they will not logout. >>> >> >>> >> But unfortunatelly all sessions are closed and as new as old users >>> >> have to login again for other work. >>> >> >>> >> Is there any solution for that like detection for gracefull restart? >>> >> Do you now any idea how to do that? >>> >> >>> >> My apache2 which is delivered by SUSE is pretty old (I know). >>> >> linux:~ # httpd2 -l >>> >> Compiled in modules: >>> >> core.c >>> >> prefork.c >>> >> http_core.c >>> >> mod_so.c >>> >> linux:~ # httpd2 -V >>> >> Server version: Apache/2.2.3 >>> >> Server built: Apr 14 2010 11:41:47 >>> >> Server's Module Magic Number: 20051115:3 >>> >> Server loaded: APR 1.2.2, APR-Util 1.2.2 >>> >> Compiled using: APR 1.2.2, APR-Util 1.2.2 >>> >> Architecture: 32-bit >>> >> Server MPM: Prefork >>> >> threaded: no >>> >> forked: yes (variable process count) >>> >> Server compiled with >>> >> -D APACHE_MPM_DIR="server/mpm/prefork" >>> >> -D APR_HAS_SENDFILE >>> >> -D APR_HAS_MMAP >>> >> -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) >>> >> -D APR_USE_SYSVSEM_SERIALIZE >>> >> -D APR_USE_PTHREAD_SERIALIZE >>> >> -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT >>> >> -D APR_HAS_OTHER_CHILD >>> >> -D AP_HAVE_RELIABLE_PIPED_LOGS >>> >> -D DYNAMIC_MODULE_LIMIT=128 >>> >> -D HTTPD_ROOT="/srv/www" >>> >> -D SUEXEC_BIN="/usr/sbin/suexec2" >>> >> -D DEFAULT_PIDLOG="/var/run/httpd2.pid" >>> >> -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" >>> >> -D DEFAULT_LOCKFILE="/var/run/accept.lock" >>> >> -D DEFAULT_ERRORLOG="/var/log/apache2/error_log" >>> >> -D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types" >>> >> -D SERVER_CONFIG_FILE="/etc/apache2/httpd.conf" >>> >> linux:~ # >>> >> >>> >> Thank you in advance. >>> >> -- >>> >> Best Regards / S pozdravem >>> >> Petr Hracek >>> > >>> > >>> >>> >>> >>> -- >>> Best Regards / S pozdravem >>> Petr Hracek >> > > -- Best Regards / S pozdravem Petr Hracek
Re: graceful restart detection in prefork mode
It is not configured yet. I suggest that GracefulShutdownTimeout 0 as default is OK, right? 2011/5/26 MATSUMOTO Ryosuke : > Hi, > How do you configure "GracefulShutdownTimeout"? > 2011/5/26 Petr Hracek >> >> Dear developers, >> >> My situation is following: >> In my Apache2 running in prefork mode I have following situation. >> >> Whole pages (except loging page) are run over https (port 443) and >> authentication is done over my own module. >> When the most users are looking on the pages (https) then I would like >> to reload configuration of my apache over command >> apache2ctl -k graceful >> >> I suggest that new users will see new configuration and old users will >> have their session till they will not logout. >> >> But unfortunatelly all sessions are closed and as new as old users >> have to login again for other work. >> >> Is there any solution for that like detection for gracefull restart? >> Do you now any idea how to do that? >> >> My apache2 which is delivered by SUSE is pretty old (I know). >> linux:~ # httpd2 -l >> Compiled in modules: >> core.c >> prefork.c >> http_core.c >> mod_so.c >> linux:~ # httpd2 -V >> Server version: Apache/2.2.3 >> Server built: Apr 14 2010 11:41:47 >> Server's Module Magic Number: 20051115:3 >> Server loaded: APR 1.2.2, APR-Util 1.2.2 >> Compiled using: APR 1.2.2, APR-Util 1.2.2 >> Architecture: 32-bit >> Server MPM: Prefork >> threaded: no >> forked: yes (variable process count) >> Server compiled with >> -D APACHE_MPM_DIR="server/mpm/prefork" >> -D APR_HAS_SENDFILE >> -D APR_HAS_MMAP >> -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) >> -D APR_USE_SYSVSEM_SERIALIZE >> -D APR_USE_PTHREAD_SERIALIZE >> -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT >> -D APR_HAS_OTHER_CHILD >> -D AP_HAVE_RELIABLE_PIPED_LOGS >> -D DYNAMIC_MODULE_LIMIT=128 >> -D HTTPD_ROOT="/srv/www" >> -D SUEXEC_BIN="/usr/sbin/suexec2" >> -D DEFAULT_PIDLOG="/var/run/httpd2.pid" >> -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" >> -D DEFAULT_LOCKFILE="/var/run/accept.lock" >> -D DEFAULT_ERRORLOG="/var/log/apache2/error_log" >> -D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types" >> -D SERVER_CONFIG_FILE="/etc/apache2/httpd.conf" >> linux:~ # >> >> Thank you in advance. >> -- >> Best Regards / S pozdravem >> Petr Hracek > > -- Best Regards / S pozdravem Petr Hracek
graceful restart detection in prefork mode
Dear developers, My situation is following: In my Apache2 running in prefork mode I have following situation. Whole pages (except loging page) are run over https (port 443) and authentication is done over my own module. When the most users are looking on the pages (https) then I would like to reload configuration of my apache over command apache2ctl -k graceful I suggest that new users will see new configuration and old users will have their session till they will not logout. But unfortunatelly all sessions are closed and as new as old users have to login again for other work. Is there any solution for that like detection for gracefull restart? Do you now any idea how to do that? My apache2 which is delivered by SUSE is pretty old (I know). linux:~ # httpd2 -l Compiled in modules: core.c prefork.c http_core.c mod_so.c linux:~ # httpd2 -V Server version: Apache/2.2.3 Server built: Apr 14 2010 11:41:47 Server's Module Magic Number: 20051115:3 Server loaded: APR 1.2.2, APR-Util 1.2.2 Compiled using: APR 1.2.2, APR-Util 1.2.2 Architecture: 32-bit Server MPM: Prefork threaded: no forked: yes (variable process count) Server compiled with -D APACHE_MPM_DIR="server/mpm/prefork" -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_SYSVSEM_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=128 -D HTTPD_ROOT="/srv/www" -D SUEXEC_BIN="/usr/sbin/suexec2" -D DEFAULT_PIDLOG="/var/run/httpd2.pid" -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" -D DEFAULT_LOCKFILE="/var/run/accept.lock" -D DEFAULT_ERRORLOG="/var/log/apache2/error_log" -D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types" -D SERVER_CONFIG_FILE="/etc/apache2/httpd.conf" linux:~ # Thank you in advance. -- Best Regards / S pozdravem Petr Hracek
How to restore HTTP settings/sessions during GRACEFUL restart
Dear apache2 users, sorry for bother you with this issue but I need help from the apache2 developers. In my module I am setting some HTTP settings like sessions and HTTP Title etc. When I am calling sending SIGHUP or restarting apache2 over apache2ctl then setting are lost. That's correct behaviour. But when I am sending SIGUSR1 or apache2ctl -k graceful HTTP settings and sessions are lost as well and that's not correct behaviour. Is there any interface how to catch sessions and HTTP Title during apache2 graceful restart so that after restarting apache2 sessions and HTTP Title will be still existing and working? Is there any simple module/ example where is this situation described? Thank you in advance -- Best Regards / S pozdravem Petr Hracek
Re: type_checker
Could you please help me what spelling is wrong? I want to add type_checker to my module as last step of course if there will be no other option. 2010/6/10 Nick Kew > > On 10 Jun 2010, at 09:37, Petr Hracek wrote: > > > Dear apache users, > > This is the developers list. Users are us...@. > > > My module does not handler like type_checker yet. > > Your module? As opposed to mod_negotiation? > > > How I should implement type_checker in my module which will modify > request so that in FIRST CASE will work correctly. > > See the content negotiation docs. And check your spelling. > > -- > Nick Kew -- Best Regards / S pozdravem Petr Hracek
type_checker
Dear apache users, sorry for bother you with this question but I have a little problem with multilanguage support in FF or IE. My module does not handler like type_checker yet. in the configuration file of Apache2 I have following: AddLanguage en .en_US AddLanguage en-us .en_US AddLanguage en-gb .en_GB AddLanguage de .de AddLanguage de-at .de AddLanguage de-DE .de AddLanguage pt-br .pt_BR AddLanguage pt .pt AddLanguage es .es AddLanguage fr .fr AddLanguage it .it AddLanguage nl .nl LanguagePriority en-us en en-gb de fr it es nl pt On the system I have only HTML pages like index.en_US and index.de, foo.en_US and foo.de FIRST CASE: Unfortunatelly when in the browser I set two languages first de-at second en-us then page is always shown in English language. SECOND CASE: When browser is so that languages are: first de-at second de third en_us then page is always shown in German language. How I should implement type_checker in my module which will modify request so that in FIRST CASE will work correctly. Thank you in advance -- Best Regards / S pozdravem Petr Hracek
Authentication of proxy over own module
Hello apache users, I would like to explain my problem. I have developed the module which is used for authorization to web pages. It works fine without problem but I would like to use that module for authorization of "proxy" requests as well. Proxy requests are not defined in settings of browser (in Firefox Tools->Options->LAN settings -> Manual configuration of proxy). In apache conf. file I have following: SSLEngine on SSLProxyEngine on RewriteEngine on RewriteCond %{REQUEST_METHOD} ^TRACE RewriteRule .* - [F] RewriteMap foo txt:/opt/apache/conf/foo.map RewriteRule ^/PAC$ http://192.168.0.23:8080/PACAdmin [P] RewriteRule ^/PAC/(.*) http://192.168.0.23:8080/PACAdmin/$1 [P] RewriteRule ^/([^/]+)$ ${foo:$1|/$1} [L] RewriteRule ^/([^/]+)/(.*) ${foo:$1|/opt/apache/htdocs/ssldocs/$1}/$2 [L] Options +Indexes +Multiviews AuthType FOOM require valid-user satisfy Any ProxyPass http://192.168.0.23:8080/PACAdmin ProxyPassReverse http://192.168.0.23:8080/PACAdmin ProxyPassReverseCookie /PACAdmin /PAC Order Allow,deny Allow from all How I can used own module for authorization location /PAC/? When user will enter URL http://192.168.0.23:8080/PAC then firstly my own module will authorized that page and afterwards location /PAC will be shown. Is it possible to do it somehow? Thanks for your help. -- Best Regards / S pozdravem Petr Hracek
My own module and catching Proxy Request
Authorization is based on username/password stored in database. First of all I authenticate user and afterwards redirection is done. I have following RewriteRule but it does not work at all. RewriteRule ^/([^/]+)$ ${unity:$1|/$1} [L] RewriteRule ^/([^/]+)/(.*) ${unity:$1|/opt/apache/htdocs/ssldocs/$1}/$2 [L] which is used for my module and in location is: ProxyPass http://192.168.187.150:8080/PACCBAdmin ProxyPassReversehttp://192.168.187.150:8080/PACCBAdmin/ ProxyPassReverseCookiePath /PACCBAdmin/PAC Order Allow,Deny Allow from all I hope that it is correct. BR Petr 2010/4/23 Jeffrey E Burgoyne > I think that would require two modules as the authorization and redirect > hooks happen at different phases. I've actually written modules for both > of these phases, it is pretty easy as far as modules go. And remember, the > authorization module will ALWAYS be called before the redirection modules, > so you already know if you hit your redirection module that authorization > was correct. > > You may not, however, have to write a module. You may be able to use one > of the already provided auth modules plus mod_rewrite to do this. > > Now your authorization, is it based on a username/password, or some other > restriction (i.e. connecting IP)? > > If username/password, is it basic authentication controlled? If not, I've > no experience in that area. If it is, then what is the DB used? > > > > Thanks but I forgott to mentioned that my module makes an authorization > > against database and I would like to catch that if user access some proxy > > than first of all he has to be authorized by my module and afterwards it > > will be redirect to the proxy. Is it possible to do that somehow? > > > > Thanks > > > > 2010/4/23 Jeffrey E Burgoyne > > > >> I'm not using it in a specific module, although you easily could. > >> > >> I'm not at work today, but it goes something like this : > >> > >> I want to force all hits to go through our front end web server which > >> acts > >> as a reverse proxy to the back end apache server. The logic is if there > >> is > >> no X_FORWARDED_FOR (meaning it was not proxied), then redirect the hit > >> to > >> the front end reverse proxy server. I used the logic that if the > >> X_FORWARDED_FOR did not start with 1-9 then it was not a valid proxied > >> request : > >> > >> RewriteCond %{X_FORWARDED_FOR} !^[1-9] > >> RewriteRule /(.*) http://proxiedhost.ca/$1 [R,L] > >> > >> > >> For your module you can access the headers from the request pool and > >> look > >> for X_FORWARDED_FOR. > >> > >> Note it may be more complicated depending on your setup. Some load > >> balancers put that value into the HTTP stream, so you may have to > >> account > >> for that. If it runs through multiple proxies (perhaps including a load > >> balancer), the IP's will be list form comma seperated. > >> > >> Note too I have DNS lookups off, so if you have them on I suspect you > >> would get the DNS name, not the IP, but I cannot say with 100% > >> certainty. > >> > >> > >> for example, > >> > >> if a client from 192.168.2.10 access 10.10.10.10, the web server sees : > >> > >> connecting IP - 192.168.2.10 > >> X_FORWARDED_HEADER - blank > >> > >> If the server at 10.10.10.10 proxies to 10.20.20.20 the web server at > >> the > >> .20 address sees : > >> > >> connecting IP - 10.10.10.01 > >> X_FORWARDED_HEADER - 192.168.2.10 > >> > >> > >> > >> > >> > >> > >> > How do you have configured RewriteRule together with your own module? > >> > Could you please send me more details or example? > >> > > >> > Thanks > >> > Petr > >> > > >> > 2010/4/23 Jeffrey E Burgoyne > >> > > >> >> I use the environment variable X_FORWARDED_FOR > >> >> > >> >> > >> >> http://en.wikipedia.org/wiki/X-Forwarded-For > >> >> > >> >> > >> >> with mod_rewrite to determine if it came via a proxy or not. > >> >> > >> >> It may be of use to you. > >> >> > >> >> > >> >> > >> >> > 2010/4/22 Petr Hracek > >> >> > > >> >> >> Hello *, > >> >> &g
Re: My own module and catching Proxy Request
2010/4/22 Petr Hracek > Hello *, > > I hope that I am sending those question to the correct discussion list. > > In my Apache2 (2.2.3) configuration file I have: > > SSLEngine on > DocumentRoot "/opt/apache/htdocs/ssldocs" > ProxyPass /PAC/ http://192.168.187.101:8080/PACCBAdmin > ProxyPassReverse/PAC/ http://192.168.187.150:8080/PACCBAdmin/ > RewriteEngine on > RewriteCond %{REQUEST_METHOD} ^TRACE > RewriteRule .* - [F] > RewriteMap unity txt:/opt/apache/conf/unity.map > RewriteRule ^/([^/]+)$ ${unity:$1|/$1} [L] > RewriteRule ^/([^/]+)/(.*) ${unity:$1|/opt/apache/htdocs/ssldocs/$1}/$2 > [L] > RewriteLog "/var/log/apache2/rewrite_log" > RewriteLogLevel 3 > > > ProxyPassReverseCookiePath /PACCBAdmin /PAC > Order Allow,Deny > Allow from all > > > > > In the my modules which takes care about AAA, Security issues, etc. > I would like to catch in my module when URL contains /PAC/ (which means > that this is proxy) than it tell to module that this request is not a > bussiness for them. > Is it possible to do that somehow? > I have found that r->proxyreq contains if the Request is Proxy or not. > > Thank you in advance > -- > Best Regards / S pozdravem > Petr Hracek > Hello *, May be I have asked wrongly. How can I detect if the request from browser if Proxy or not? How should I configure apache for that case? -- Best Regards / S pozdravem Petr Hracek
My own module and catching Proxy Request
Hello *, I hope that I am sending those question to the correct discussion list. In my Apache2 (2.2.3) configuration file I have: SSLEngine on DocumentRoot "/opt/apache/htdocs/ssldocs" ProxyPass /PAC/ http://192.168.187.101:8080/PACCBAdmin ProxyPassReverse/PAC/ http://192.168.187.150:8080/PACCBAdmin/ RewriteEngine on RewriteCond %{REQUEST_METHOD} ^TRACE RewriteRule .* - [F] RewriteMap unity txt:/opt/apache/conf/unity.map RewriteRule ^/([^/]+)$ ${unity:$1|/$1} [L] RewriteRule ^/([^/]+)/(.*) ${unity:$1|/opt/apache/htdocs/ssldocs/$1}/$2 [L] RewriteLog "/var/log/apache2/rewrite_log" RewriteLogLevel 3 ProxyPassReverseCookiePath /PACCBAdmin /PAC Order Allow,Deny Allow from all In the my modules which takes care about AAA, Security issues, etc. I would like to catch in my module when URL contains /PAC/ (which means that this is proxy) than it tell to module that this request is not a bussiness for them. Is it possible to do that somehow? I have found that r->proxyreq contains if the Request is Proxy or not. Thank you in advance -- Best Regards / S pozdravem Petr Hracek
Re: Problem with compiling module
2010/4/8 Petr Hracek > Sorry for that mail. > I have found that my_module.so is stored in directory .libs. > -- > Petr Hracek > > 2010/4/8 Petr Hracek > > Problem was within the makefile. >> All C files has been compiled alone and >> I wanted to run apxs -o my_module.la but it failed. >> >> Finally I have my_module.la. >> How can I convert my_module.la to my_module.so? >> >> best regards >> -- >> Petr Hracek >> >> 2010/4/7 Jeff Trawick >> >> On Wed, Apr 7, 2010 at 10:03 AM, Petr Hracek wrote: >>> > Unfortunatelly I do not have apr on the system. >>> > Do you know where I can get them? >>> >>> since you have a working httpd 2.2.14, you have apr already >>> >>> what happens when you try to build your module with apxs? >>> >> >> >> >> >> > > I have found another strange thing: During the compilation I have found that it failed because of XtOffsetOf is missing and on the UnixWare I did not find any header where it could be mentioned. Could you please help me with that issue as well? -- Petr Hracek
Re: Problem with compiling module
Sorry for that mail. I have found that my_module.so is stored in directory .libs. -- Petr Hracek 2010/4/8 Petr Hracek > Problem was within the makefile. > All C files has been compiled alone and > I wanted to run apxs -o my_module.la but it failed. > > Finally I have my_module.la. > How can I convert my_module.la to my_module.so? > > best regards > -- > Petr Hracek > > 2010/4/7 Jeff Trawick > > On Wed, Apr 7, 2010 at 10:03 AM, Petr Hracek wrote: >> > Unfortunatelly I do not have apr on the system. >> > Do you know where I can get them? >> >> since you have a working httpd 2.2.14, you have apr already >> >> what happens when you try to build your module with apxs? >> > > > > >
Re: Problem with compiling module
Problem was within the makefile. All C files has been compiled alone and I wanted to run apxs -o my_module.la but it failed. Finally I have my_module.la. How can I convert my_module.la to my_module.so? best regards -- Petr Hracek 2010/4/7 Jeff Trawick > On Wed, Apr 7, 2010 at 10:03 AM, Petr Hracek wrote: > > Unfortunatelly I do not have apr on the system. > > Do you know where I can get them? > > since you have a working httpd 2.2.14, you have apr already > > what happens when you try to build your module with apxs? >
Re: Problem with compiling module
Unfortunatelly I do not have apr on the system. Do you know where I can get them? Thank you in advance -- Petr Hracek 2010/4/7 Nick Kew > On Wed, 7 Apr 2010 14:46:03 +0200 > Petr Hracek wrote: > > > Hello all, > > > > I would like to compile my module under UnixWare 7.1.4 but it shows me > > following error: > > UX:cc: WARNING: -Kthread and -Kpthread both supplied; -Kpthread used > > Undefined > > symbol > > You shouldn't try to link the module! > > Use apxs to get the right build options for your platform > (though on a minority platform, there might be issues to sort). > > -- > Nick Kew >
Problem with compiling module
Hello all, I would like to compile my module under UnixWare 7.1.4 but it shows me following error: UX:cc: WARNING: -Kthread and -Kpthread both supplied; -Kpthread used Undefined symbol ap_get_server_version ap_log_error UX:ld: ERROR: Symbol referencing errors. Version of apache which is used is 2.2.14. Libraries which were used during the compilation were: */usr/ccs/bin/cc* *-DRT_OS_UW=714* -DUSE_SYSVSEM_SERIALIZED_ACCEPT -DNEED_UNION_SEMUN -Kthread -lapr-1 -laprutil-1 -lsocket -ljoyin -lpthread -o module.la Thank you in advance Petr
Re: Data are send in reverse order
Sorry it was my fault. I have corrected them to r->output_filters now. But situation is the same. Data are send but java aplication which receiving data sended over ap_pass_brigade does not receive anything. It seems that between apache and java aplication are "lost" is there any posibility how to track if that hasa been really send via ap_pass_brigade? 2009/9/16 Graham Leggett > Petr Hracek wrote: > > > In my module I do not modify any data sended from server to client. > > Unfortunatelly when I am using ap_r* then firstly are sended data and > > then HTTP relevant code. > > That's because you've made the same mistake in this code that you made > in the previous code you posted: > > > ap_pass_brigade(r->connection->output_filters,bb); > ^ > > Regards, > Graham > -- > >
Re: Data are send in reverse order
In my module I do not modify any data sended from server to client. Unfortunatelly when I am using ap_r* then firstly are sended data and then HTTP relevant code. Sample code is: /* * Procedure for sending data from server to client side * Instead of ap_rvputs like functions should be used following procedure * especially for SecMCJ issue */ apr_status_t send_data_to_client(request_rec *r, char * data_to_send, int length_data) { //apr_status_t rv; apr_bucket_brigade * bb = apr_brigade_create(r->pool,r->connection->bucket_alloc); apr_bucket * b = apr_bucket_immortal_create(data_to_send,length_data,r->connection->bucket_alloc); APR_BRIGADE_INSERT_TAIL(bb,b); ap_pass_brigade(r->connection->output_filters,bb); //apr_bucket_destroy(b); //apr_brigade_destroy(bb); return OK; } /* * * SetHandler ussw-secmcj * allow from all * Satisfy any * */ int udsc_secmcj_handler(request_rec *r) { secmcj_body = apr_pstrcat(r->pool, "sessionID=", apr_psprintf(r->pool, "%lu", pSession->us.udsc_sessionid), "&requestNr=", pSession->session_id, *request_body == '&' ? "" : "&", request_body, NULL); /* now post the data to usmw /secmcj */ ap_log_error(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, 0, r->server, "secmcj body: %s",secmcj_body); /* now return the response to the client (secmcj class) */ ap_log_error(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, 0, r->server, "secmcj body receive: %s",response_body); r->content_type = "text/plain"; /* added because of JRE 1.4 SE SSL problem */ bodylen = strlen(response_body); ap_set_content_length(r, bodylen); ap_send_http_header(r); if (r->header_only) { ap_log_error(APLOG_MARK,APLOG_NOERRNO | APLOG_DEBUG, 0, r->server, "HEADER ONLY"); return OK; } ap_log_error(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, 0, r->server, "before any sending. Length is:%d",bodylen); send_data_to_client(r,response_body, bodylen); return OK; } best regards Petr Nick Kew napsal(a): > Petr Hracek wrote: > >> I have found mod_nntp_like where is mention in >> ap_pass_brigade(c->output_filters,bb); >> and in smtp_core is usage the same. >> > > Those are protocol modules. So anything-HTTP is not relevant to them. > > Unfortunatelly when I am using ap_pass_brigade(r->output_filter,bb); >> then it is not working. Web page is not show. >> > > Do you need to use anything more complex than the ap_r* family > (ap_rputs, etc)? If so (and if what Graham already told you isn't > enough) you might want my book - details at http://www.apachetutor.org/ > >
Re: Data are send in reverse order
I have found mod_nntp_like where is mention in ap_pass_brigade(c->output_filters,bb); and in smtp_core is usage the same. Unfortunatelly when I am using ap_pass_brigade(r->output_filter,bb); then it is not working. Web page is not show. Is it neccessary to configure Apache for using brigade and buckets? regards Petr 2009/9/15 Graham Leggett > Petr Hracek wrote: > > > I do not understand of this thing. > > Could you please tell me if I have already connection between browser > > and apache server why I should use request_rec->output_filters instead > > of request_rec->connection->output_filters? > > > > I thought that if connection is established than request_rec->connection > > should be used, right? > > Unfortunately not, no. > > The HTTP protocol allows many requests to occur over the same > connection, and httpd models this by having a connection filter stack, > in which is created a per-request filter stack, one for each request. > > The connection filter stack knows virtually nothing about HTTP, all the > filters that do know about HTTP - most specifically the filter that > writes headers - are part of the request filter stack. > > If you write to the connection filter stack, you are bypassing all the > HTTP filters, and what you wrote appears on the socket immediately. > Later on in your code, something else is writing to the request filter > stack, and this causes the headers filter to output the headers, after > the data you've just written. > > Regards, > Graham > -- >
Re: Data are send in reverse order
I do not understand of this thing. Could you please tell me if I have already connection between browser and apache server why I should use request_rec->output_filters instead of request_rec->connection->output_filters? I thought that if connection is established than request_rec->connection should be used, right? regards Petr 2009/9/15 Graham Leggett > Petr Hracek wrote: > > > in my apache module (written in C) are sended data to the client side > > over buckets and brigades. > > Function for send these date is: > > apr_status_t send_data_to_client(request_rec *r, char * data_to_send, > > int length_data) > > { > > apr_bucket_brigade * bb = > > apr_brigade_create(r->pool,r->connection->bucket_alloc); > > apr_bucket * b = > > > apr_bucket_immortal_create(data_to_send,length_data,r->connection->bucket_alloc); > > APR_BRIGADE_INSERT_TAIL(bb,b); > > ap_pass_brigade(r->connection->output_filters,bb); > ^ > > return OK; > > } > > > > It is working but in the traces of application which receive the data > > from apache module the HTTP data are in reverse order. > > At a quick glance, I would blame the line highlighted above - you are > trying to write your data directly to the connection filters, rather > than to the request filters. By doing that, your data is sent before the > request, not after, and so you see your data before the headers, not after. > > Regards, > Graham > -- >
Data are send in reverse order
Hello *, in my apache module (written in C) are sended data to the client side over buckets and brigades. Function for send these date is: apr_status_t send_data_to_client(request_rec *r, char * data_to_send, int length_data) { apr_bucket_brigade * bb = apr_brigade_create(r->pool,r->connection->bucket_alloc); apr_bucket * b = apr_bucket_immortal_create(data_to_send,length_data,r->connection->bucket_alloc); APR_BRIGADE_INSERT_TAIL(bb,b); ap_pass_brigade(r->connection->output_filters,bb); return OK; } It is working but in the traces of application which receive the data from apache module the HTTP data are in reverse order. First are received data and then is received HTTP header. Do you know how to switch this order to the normal state, first is sended HTTP header and afterwards are sended data? Before when the data are send is following code: r->content_type = "text/plain"; bodylen = strlen(response_body); ap_set_content_length(r, bodylen); ap_send_http_header(r); if (r->header_only) { ap_log_error(APLOG_MARK,APLOG_NOERRNO | APLOG_DEBUG, 0, r->server, "HEADER ONLY"); return OK; } send_data_to_client(r,response_body, bodylen); best regards Petr
Re: Catching graceful restart in apache2 module
That's true. I have some changes and this function returns always. In my post_config handler function I have following code: if(!ap_graceful_stop_signalled()) { ap_log_error(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, 0, base_server, "!!! Graceful has not been called therefor kill all sessions !!!"); udsc_usmw_killsessions(base_server); } Unfortunatelly it does not work. Best regards Petr 2009/8/4 Graham Dumpleton > 2009/8/4 Graham Dumpleton : > > 2009/8/4 Ruediger Pluem : > >> > >> > >> On 08/04/2009 09:02 AM, Graham Dumpleton wrote: > >>> 2009/8/4 Petr Hracek : > >>>> I have found in following link: ( > http://wiki.apache.org/httpd/ModuleLife) > >>>> > >>>> Race conditions during graceful restart > >>>> > >>>> During a graceful restart, old children are still serving old requests > while > >>>> new children are serving new requests. If the same lock must be used > by old > >>>> and new children, then the lock name must be the same and cannot be > >>>> generated with tmpnam() or similar functions in the post_config hook. > >>>> > >>>> Which lock is means there. I have already found the in the post_config > I > >>>> have cleanuped procedure, but in the post_config is already mentioned > >>>> function for killing all session. > >>>> Is there any way how to detect if the restart of apache has been done > as > >>>> gracefull or as hard restart? > >>> > >>> /** > >>> * predicate indicating if a graceful stop has been requested ... > >>> * used by the connection loop > >>> * @return 1 if a graceful stop has been requested, 0 otherwise > >>> * @deffunc int ap_graceful_stop_signalled(*void) > >>> */ > >>> AP_DECLARE(int) ap_graceful_stop_signalled(void); > >> > >> Is this also true for graceful restarts? > >> The comment only talks about graceful stops. > > > > Hmmm, I presumed that the server child process wouldn't know the > > difference and that 'stop' here meant 'stop' of an individual process > > and not the server as a whole. I guess a bit of digging through code > > is necessary to verify what actually happens. > > > > I could also possibly be wrong in assuming they were wanting to know > > about detecting in a server child process and not Apache parent > > process. I haven't exactly been following the discussion in detail. > > In prefork that function returns false all the time anyway. :-( > > Graham >
Re: Catching graceful restart in apache2 module
I have found in following link: (http://wiki.apache.org/httpd/ModuleLife) Race conditions during graceful restart During a graceful restart, old children are still serving old requests while new children are serving new requests. If the same lock must be used by old and new children, then the lock name must be the same and cannot be generated with tmpnam() or similar functions in the post_config hook. Which lock is means there. I have already found the in the post_config I have cleanuped procedure, but in the post_config is already mentioned function for killing all session. Is there any way how to detect if the restart of apache has been done as gracefull or as hard restart? best regards Petr Hracek 2009/8/1 Petr Hracek > As you mentioned: > >The request pool is no good, because that's cleaned up at the end of the > >request. The connection pool is also no good, because that gets cleaned > >up after the connection dies. You're probably after the pool you're > >given during the post_config hook, which gets destroyed on server > >shutdown (graceful or otherwise). > > It means that in post_config can be handled the server has been shutdown > with either restart or graceful command for specific pool? > If I understand right then if pool is opened then it would not end because > of apache2 has been restarted with option graceful, right? > Is it behaviour the same when the server is going down in shel with the > gracefull command? > Is there any example how to implement in the post_config handler? > > Best regards > Petr > > 2009/7/31 Graham Leggett > > Petr Hracek wrote: >> >> > Thank for the answer. >> > >> > Could you please explain in details how to do "register save-sessions as >> > a pool cleanup". >> >> You call a function that looks like this to register your cleanup: >> >>apr_pool_cleanup_register(pool, (void *) foo, foo_cleanup, >>foo_cleanup); >> >> The function foo_cleanup() is a function you write yourself, that does >> whatever you want the cleanup to do: >> >> static apr_status_t foo_cleanup(void *dummy) { >>foo_t *foo = (foo_t *)dummy; >> >>... do stuff using foo ... >> >>return APR_SUCCESS; >> } >> >> The variable foo is a void pointer that points to whatever you want your >> cleanup to operate on, such as a pointer to your session config, or >> whatever you want. >> >> The cleanup gets run when the pool is deleted, ie when someone calls >> apr_pool_destroy() on that pool. >> >> What you need to do at this point is decide which pool you attach your >> cleanup to. >> >> The request pool is no good, because that's cleaned up at the end of the >> request. The connection pool is also no good, because that gets cleaned >> up after the connection dies. You're probably after the pool you're >> given during the post_config hook, which gets destroyed on server >> shutdown (graceful or otherwise). >> >> Regards, >> Graham >> -- >> > >
Re: Catching graceful restart in apache2 module
As you mentioned: >The request pool is no good, because that's cleaned up at the end of the >request. The connection pool is also no good, because that gets cleaned >up after the connection dies. You're probably after the pool you're >given during the post_config hook, which gets destroyed on server >shutdown (graceful or otherwise). It means that in post_config can be handled the server has been shutdown with either restart or graceful command for specific pool? If I understand right then if pool is opened then it would not end because of apache2 has been restarted with option graceful, right? Is it behaviour the same when the server is going down in shel with the gracefull command? Is there any example how to implement in the post_config handler? Best regards Petr 2009/7/31 Graham Leggett > Petr Hracek wrote: > > > Thank for the answer. > > > > Could you please explain in details how to do "register save-sessions as > > a pool cleanup". > > You call a function that looks like this to register your cleanup: > >apr_pool_cleanup_register(pool, (void *) foo, foo_cleanup, >foo_cleanup); > > The function foo_cleanup() is a function you write yourself, that does > whatever you want the cleanup to do: > > static apr_status_t foo_cleanup(void *dummy) { >foo_t *foo = (foo_t *)dummy; > >... do stuff using foo ... > >return APR_SUCCESS; > } > > The variable foo is a void pointer that points to whatever you want your > cleanup to operate on, such as a pointer to your session config, or > whatever you want. > > The cleanup gets run when the pool is deleted, ie when someone calls > apr_pool_destroy() on that pool. > > What you need to do at this point is decide which pool you attach your > cleanup to. > > The request pool is no good, because that's cleaned up at the end of the > request. The connection pool is also no good, because that gets cleaned > up after the connection dies. You're probably after the pool you're > given during the post_config hook, which gets destroyed on server > shutdown (graceful or otherwise). > > Regards, > Graham > -- >
Re: Catching graceful restart in apache2 module
Thank for the answer. Could you please explain in details how to do "register save-sessions as a pool cleanup". Some example whould be enought. Where to do that (in which hook)? During the initialization of the my module I am calling the function for killing all sessions but If I will know how to detect that gracefull restart which has been occured than this function will not be called. Thank you in advance. Petr 2009/7/30 Nick Kew > Petr Hracek wrote: > > Is there any way how to detect that gracefull restart has been started and >> where should I place >> the code for detection in our module. >> > > I can't think of anything OTTOMH. Normal practice would be for > the client to hold a session token, which the server can use as > a database key to the full session. > > Likeliest suggestion would be to put restore-sessions in a > post-config hook, and register save-sessions as a pool cleanup. > But that doesn't make very much sense, either: if your > application relies on sessions that would be affected > by a server restart, then you're also relying on > client behavior that isn't mandated by HTTP. > > -- > Nick Kew >
Catching graceful restart in apache2 module
Hello all, sorry for bother you with this question, but I do not know how to handle graceful restart in apache2 module. I will try to explain the situation: To the our apache2 configuration file are dynamically added directives with the authorizations, options, etc. When the apache2 is running than all web pages are visible and work correctly, All applications are running over HTTPS therefore our module handled sessions with clients. When I am adding some directive Directory I would like to tell to the apache2 to reuse/reopen changed configuration file. When I am calling /usr/sbin/apache2ctl -k graceful then apache2 is restarted gracefully unfortunatelly all sessions with clients are deleted during the stopping case. Is there any way how to detect that gracefull restart has been started and where should I place the code for detection in our module. Thank you in advance best regards Petr Hracek