[mp2][QUESTION]: Filter to modify request headers on a proxy server
Hi, I am trying to write a filter that will sit on a proxy server and alter HTTP requests. Basically, what I want it to do is modify the User-Agent header field so that when the request is proxied, the remote web server gets a different User-Agent header field to the one that was originally sent by the browser. There are also other header fields I may need to modify, but I would imagine this is a simple task once I've worked out how to alter the User-Agent field. Does anyone have any ideas how I might go about doing this? I've tried writing several PerlInputFilterHandlers, all with no success. Will input filters work with a proxy? I've got output filters working with no problem. Any sample code to do what I want, along with the relavent Apache directives would be very much appreciated! _/*** * _/ **Chris Pringle** _/ * ** *** _/_/_/ _/_/_/ *Personal Systems Group (PSG) ** ***_/ _/ _/ _/*Hewlett Packard - Bristol** *** _/ _/ _/_/_/ * ** _/ INVENT **Tel - +44 (0) 117 31 29664 ** ** _/Email - [EMAIL PROTECTED] ** *** _/ *
Re: [mp2][QUESTION]: Filter to modify request headers on a proxy server
Pringle, Chris (HP-PSG) wrote: Hi, I am trying to write a filter that will sit on a proxy server and alter HTTP requests. Basically, what I want it to do is modify the User-Agent header field so that when the request is proxied, the remote web server gets a different User-Agent header field to the one that was originally sent by the browser. There are also other header fields I may need to modify, but I would imagine this is a simple task once I've worked out how to alter the User-Agent field. Does anyone have any ideas how I might go about doing this? I've tried writing several PerlInputFilterHandlers, all with no success. Will input filters work with a proxy? I've got output filters working with no problem. Any sample code to do what I want, along with the relavent Apache directives would be very much appreciated! The sample code that you need is here: http://perl.apache.org/docs/2.0/user/handlers/filters.html#Connection_Input_Filters I haven't tried to mix filters with proxy, but I see no reason why shouldn't it work. It might not work if proxy is implemented as a filter itself and is running before the modperl filters, need to look at the actual implementation. __ Stas BekmanJAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide --- http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com
Use of Apache::Directive in BEGIN block
I get the following error: Can't locate object method lookup via package Apache::Directive at /webcontent/dev.mycardmaker.com/lib/perl/Doodlelab/Apache/Test.pm line 4. when I try to start Apache. Here is the entire contents of Test.pm BEGIN { use Apache::Directive; my $tree = Apache::Directive-conftree(); foreach my $node ( $tree-lookup('PerlSetVar') ) { # I want to do something here. } } 1; -- -- Matisse Enzer Hamilton Partners 707-431-4300 ext. 212 (office) 415-225-6703 (mobile)
Re: Use of Apache::Directive in BEGIN block
On Thu, 2003-09-18 at 13:52, Matisse Enzer wrote: I get the following error: Can't locate object method lookup via package Apache::Directive at /webcontent/dev.mycardmaker.com/lib/perl/Doodlelab/Apache/Test.pm line 4. when I try to start Apache. We need more information about your system. Please take a look at the bug reporting guidelines here: http://perl.apache.org/docs/2.0/user/help/help.html#Reporting_Problems - Perrin
RE: client-side certificate extraction
To the next guy, To answer my question with what I have: My requirement has been pushed out 6 months, so I'm done for now. The Gunther Birznieks/www.extropia.com project has modules to do some of the things I queried about. I looked at it but ran out of time before I found what I would need. I also found where various training issues are likely because certificates may have to be bought and the browser or web server might not necessarily handle problems gracefully/friendly and the issue of revocation does not have a widely used tool for processing certificate status updates. Chuck Modssl manual on client side certs (setup only - not programming): http://www.modssl.org/docs/2.8/ssl_faq.html Quote from Gunther Birznieks (from an old post): If you download our Perl objects @ http://www.extropia.com/development/webware2/webware2.html, I have an AuthManager::Certificate which implements client certificate authentication. Probably the best place to download the code for that is on the extropia perl project at sourceforge if you want to see the implementation. It's actually trivial because mod_ssl will decode the certificate into extra environment variables indicating stuff like the DN of the user. It's a requirement of SSL to make sure the certificate is valid based on the certificate's signature(s). At that point, then you need to deal with certificate revocation which is another matter. A lot of servers back up certificate authentication with LDAP. So the client sends the cert which verifies that they are who they say they are, but LDAP needs to be used to actually get the relevant authorization information out. If you use the framework we have, that is accomplished by configuring the use of AuthManager::Certificate against Auth::LDAP. Auth::Cache::Session can optionally be used to speed up the process. Chapter 20 on the link I gave you has details on why we broke up the modules the way we did. Note that this is not to be confused with a handler. This is application level logic. mod_ssl already handles certificate decoding so you really don't need a handler anymore. At that point it seems like app logic to take the user and figure out what you want them to do. Of course, you can code authorization info into a cert like the roles that they are intended for. But I think that's IMHO, a really BAD way to do it because you have to revoke the cert to change the permissions of the user. Best to leave the cert to identify the user and allow a dynamic datastore to determine what they can do in most cases. Later, Gunther PS The hard part about client certificates isn't using them, its managing them and the customers that use them. = References for Related subjects The book Microsoft® Windows® 2000 Active Directory(tm) Programming has several pages on programming with LDAP on Windows Active Directory. According to Gunther, LDAP is used in this process somehow. -Original Message- From: Goehring, Chuck Mr., RCI - San Diego Sent: Tuesday, September 16, 2003 10:26 AM To: [EMAIL PROTECTED] Apache. Org (E-mail) Subject: client-side certificate extraction ModPerlers, We have a requirement to change our web servers to require client-side ssl certificates by Oct 1, 2003. Can someone give me some pointers on how mod_perl might be used to extract the user's name at login time. I suspect this might require a handler. This might be used to avoid multiple logins. Thanks Chuck
MP2 Apache Settings
Hello Group, Hope this isn't too apache related and considered off topic. I have a bunch of sites, each have their own IP. Some of those sites have subsites within them with different domain names, these subsites are virtual's based on domainname with all the same parent IP. If I have MP2 modules and location names that I want to share to specific IPs or Specific Virtual Hosts is there was way to define it once or does it have to be within each virtual host. For example: VirtualHost 10.0.0.5 ServerName domain1.com PerlModule YADDA::LoginLocation "/login" SetHandler perl-script PerlHandler YADDA::Login/Location /VirtualHost VirtualHost 10.0.0.5 ServerName domain2.com /VirtualHost VirtualHost 10.0.0.6 ServerName domian3.com /VirtualHost In the case above I want the module YADDA::Login and the location to be available to BOTH the .05 virtual hosts, but not the .06 - so both /domain1.com/login and domian2.com/login do the same thing but domain3 would not. Is the choice either global to everything or defined within each virtual that I want it? I've been reading the server and dir create/merge section on perl.apache.org but I'm not even sure it relates. Thanks -Chris
Re: [OT] MP2 Apache Settings
Why not just make an include file that contains the module directives, and then just add an Include myloginconffile.conf to each virtualhost section? Issac - Original Message - From: Chris Faust To: [EMAIL PROTECTED] Sent: Thursday, September 18, 2003 10:04 PM Subject: MP2 Apache Settings Hello Group, Hope this isn't too apache related and considered off topic. I have a bunch of sites, each have their own IP. Some of those sites have subsites within them with different domain names, these subsites are virtual's based on domainname with all the same parent IP. If I have MP2 modules and location names that I want to share to specific IPs or Specific Virtual Hosts is there was way to define it once or does it have to be within each virtual host. For example: VirtualHost 10.0.0.5 ServerName domain1.com PerlModule YADDA::LoginLocation "/login" SetHandler perl-script PerlHandler YADDA::Login/Location /VirtualHost VirtualHost 10.0.0.5 ServerName domain2.com /VirtualHost VirtualHost 10.0.0.6 ServerName domian3.com /VirtualHost In the case above I want the module YADDA::Login and the location to be available to BOTH the .05 virtual hosts, but not the .06 - so both /domain1.com/login and domian2.com/login do the same thing but domain3 would not. Is the choice either global to everything or defined within each virtual that I want it? I've been reading the server and dir create/merge section on perl.apache.org but I'm not even sure it relates. Thanks -Chris
Use of Apache::Directive in BEGIN block
Title: Use of Apache::Directive in BEGIN block Using Apache/2.0.45 (Unix) mod_perl/1.99_08 Perl/v5.8.0 on a Redhat 87.0 system I get the following error: Can't locate object method lookup via package Apache::Directive at /webcontent/dev.mycardmaker.com/lib/perl/Doodlelab/Apache/Test.pm line 4. when I try to start Apache. Here is the entire contents of Test.pm BEGIN { use Apache::Directive; my $tree = Apache::Directive-conftree(); foreach my $node ( $tree-lookup('PerlSetVar') ) { # I want to do something here. } } 1; -- -- Matisse Enzer Hamilton Partners 707-431-4300 ext. 212 (office) 415-225-6703 (mobile)
Re: Use of Apache::Directive in BEGIN block
Matisse Enzer wrote: Using Apache/2.0.45 (Unix) mod_perl/1.99_08 Perl/v5.8.0 on a Redhat 87.0 system I get the following error: Can't locate object method lookup via package Apache::Directive at /webcontent/dev.mycardmaker.com/lib/perl/Doodlelab/Apache/Test.pm line 4. when I try to start Apache. Here is the entire contents of Test.pm BEGIN { use Apache::Directive; my $tree = Apache::Directive-conftree(); foreach my $node ( $tree-lookup('PerlSetVar') ) { # I want to do something here. } } 1; Matisse, your bug report is incomplete, you have missed the report about your environment as explained at the guidelines (http://perl.apache.org/bugs/). In the future please include it, it's probably unimportant for this case. To address this issue upgrade to 1.99_09 or may be you even need the current cvs, I don't remember when Philippe has fixed that, check the Changes file. t/response/TestApache/conftree.pm does the testing of this feature and works just fine in the current cvs. __ Stas BekmanJAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide --- http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com