Re: How to run a secure mod_perl ?
I'd like to thank you all. I've been enlightened by this thread. Apparently mod_perl/apache _can_ be crashed, but then only the specific httpd child process will crash. Or did I get it wrong? On the other hand, it _is_ possible to use a mod_perl/apache server on a high port using mod_rewrite in such a way that it is transparent to the end user. And then I 'll have to choose whether I still want to work with this ISP, as I've had many offers that I'll be taking into consideration. Thanks for that too. Hey! I love this list guys! you're wonderfully helpful ! martin -- - Martin Langhoff @ S C I M Multimedia Technology - - http://www.scim.net | God is real until - - mailto:[EMAIL PROTECTED] | declared integer -
How to run a secure mod_perl ?
hi mod_perl gurus, I'm currently in dire problems (read sh*t): - In one week my Embperl powerd site debuts. - Just now, my webmaster tells me that I can't use Embperl _nor_ ePerl. Previously he had told me to use ePerl o whatever I wanted, now he's worried about security. - He claims that he cannot allow me to run anything under mod_perl (and derivatives as Embperl) because mod_perl brings Apache down when it crashes. - On the other hand, he'll allow me to use perl in CGI scripts. - Of course that's not what I want :) !!! - Is there a way to configure mod_perl so that it does not crash apache down? Or maybe it never does and he doesn't know? - For clarity: he's webmaster at the ISP where I host my sites. Not my own webmaster. *I'm* my own webmaster :) Thanks for your time. martin -- - Martin Langhoff @ S C I M Multimedia Technology - - http://www.scim.net | God is real until - - mailto:[EMAIL PROTECTED] | declared integer -
Re: How to run a secure mod_perl ?
Don't know the answer to your problem, but I wonder how much $$$ you're spending to be told you can't do this? Maybe it's time to find a new ISP? On Wed, 24 Nov 1999, Martin A. Langhoff wrote: hi mod_perl gurus, I'm currently in dire problems (read sh*t): - In one week my Embperl powerd site debuts. - Just now, my webmaster tells me that I can't use Embperl _nor_ ePerl. Previously he had told me to use ePerl o whatever I wanted, now he's worried about security. - He claims that he cannot allow me to run anything under mod_perl (and derivatives as Embperl) because mod_perl brings Apache down when it crashes. - On the other hand, he'll allow me to use perl in CGI scripts. - Of course that's not what I want :) !!! - Is there a way to configure mod_perl so that it does not crash apache down? Or maybe it never does and he doesn't know? - For clarity: he's webmaster at the ISP where I host my sites. Not my own webmaster. *I'm* my own webmaster :) Thanks for your time. martin -- - Martin Langhoff @ S C I M Multimedia Technology - - http://www.scim.net | God is real until - - mailto:[EMAIL PROTECTED] | declared integer - -- Aaron Turner, Core Developer http://vodka.linuxkb.org/~aturner/ Linux Knowledge Base Organization http://linuxkb.org/ Because world domination requires quality open documentation. aka: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
Re: How to run a secure mod_perl ?
perhaps you can run your own apache server with mod_perl on a high-port on the loopback interface. he can then proxy all requests to your server using the methods as spelled out in the mod_perl guide. if you crash your own server - it is not going to effect his server at all. just a thought, cliff rayman genwax.com "Martin A. Langhoff" wrote: hi mod_perl gurus, I'm currently in dire problems (read sh*t): - In one week my Embperl powerd site debuts. - Just now, my webmaster tells me that I can't use Embperl _nor_ ePerl. Previously he had told me to use ePerl o whatever I wanted, now he's worried about security. - He claims that he cannot allow me to run anything under mod_perl (and derivatives as Embperl) because mod_perl brings Apache down when it crashes. - On the other hand, he'll allow me to use perl in CGI scripts. - Of course that's not what I want :) !!! - Is there a way to configure mod_perl so that it does not crash apache down? Or maybe it never does and he doesn't know? - For clarity: he's webmaster at the ISP where I host my sites. Not my own webmaster. *I'm* my own webmaster :) Thanks for your time. martin -- - Martin Langhoff @ S C I M Multimedia Technology - - http://www.scim.net | God is real until - - mailto:[EMAIL PROTECTED] | declared integer -
Re: How to run a secure mod_perl ?
[EMAIL PROTECTED] (Martin A. Langhoff) wrote: - Is there a way to configure mod_perl so that it does not crash apache down? Or maybe it never does and he doesn't know? Run another Apache server of your own on another port, and use mod_rewrite to pass mod_perl requests through to your server. It's what I do with an ISP. I must say, though, that using an ISP and mod_perl has caused me a lot of headaches. It's better to use your own box if you can. ------ Ken Williams Last Bastion of Euclidity [EMAIL PROTECTED]The Math Forum
RE: How to run a secure mod_perl ?
I agree, I think it's time to start looking elsewhere. He's the sysadmin and service provider, it's his job to figure out how to make it work to meet your needs. There are ways for him to sufficiently reduce the risk of you crashing the rest of his sites. Make him work for that money or find another provider. -- From: Aaron Turner[SMTP:[EMAIL PROTECTED]] Sent: Wednesday, November 24, 1999 1:34 PM To: Martin A. Langhoff Cc: mod-perl Mailing List Subject: Re: How to run a secure mod_perl ? Don't know the answer to your problem, but I wonder how much $$$ you're spending to be told you can't do this? Maybe it's time to find a new ISP? On Wed, 24 Nov 1999, Martin A. Langhoff wrote: hi mod_perl gurus, I'm currently in dire problems (read sh*t): - In one week my Embperl powerd site debuts. - Just now, my webmaster tells me that I can't use Embperl _nor_ ePerl. Previously he had told me to use ePerl o whatever I wanted, now he's worried about security. - He claims that he cannot allow me to run anything under mod_perl (and derivatives as Embperl) because mod_perl brings Apache down when it crashes. - On the other hand, he'll allow me to use perl in CGI scripts. - Of course that's not what I want :) !!! - Is there a way to configure mod_perl so that it does not crash apache down? Or maybe it never does and he doesn't know? - For clarity: he's webmaster at the ISP where I host my sites. Not my own webmaster. *I'm* my own webmaster :) Thanks for your time. martin -- - Martin Langhoff @ S C I M Multimedia Technology - - http://www.scim.net | God is real until - - mailto:[EMAIL PROTECTED] | declared integer - -- Aaron Turner, Core Developer http://vodka.linuxkb.org/~aturner/ Linux Knowledge Base Organization http://linuxkb.org/ Because world domination requires quality open documentation. aka: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
Re: How to run a secure mod_perl ?
- He claims that he cannot allow me to run anything under mod_perl (and derivatives as Embperl) because mod_perl brings Apache down when it crashes. The typical mod_perl setup is a lightwieght front-end server which redirects mod_perl request to a second mod_perl enabled server. This is done for performance reasons and to reduce memory and CPU usage. Refer to the guide. If you're the only one using the mod_perl server and it crashes (which probably doesn't happen), then noone else is affected and your hosting service is happy. ELB -- Eric L. Brine | Chicken: The egg's way of making more eggs. [EMAIL PROTECTED] | Do you always hit the nail on the thumb? ICQ# 4629314 | An optimist thinks thorn bushes have roses.
Re: How to run a secure mod_perl ?
On Wed, 24 Nov 1999, Martin A. Langhoff wrote: hi mod_perl gurus, I'm currently in dire problems (read sh*t): - In one week my Embperl powerd site debuts. - Just now, my webmaster tells me that I can't use Embperl _nor_ ePerl. Previously he had told me to use ePerl o whatever I wanted, now he's worried about security. - He claims that he cannot allow me to run anything under mod_perl (and derivatives as Embperl) because mod_perl brings Apache down when it crashes. Well, the extent this will happen is to 1 process. Not the whole httpd. So 1 user gets a disconnect. That's all. - On the other hand, he'll allow me to use perl in CGI scripts. - Of course that's not what I want :) !!! - Is there a way to configure mod_perl so that it does not crash apache down? Or maybe it never does and he doesn't know? First of all, this will only happen if perl crashes. I'm yet to see perl core dump. Maybe I'm unique in this experience. This includes running perl on NT since it was HiP Communications Perl. So yes - if perl crashes your 1 httpd will come tumbling down. And apache will happily spawn another one for you. I suppose it's possible that XS code will core dump - e.g. embperl. But I've never run embperl or anything that I don't consider stable enough to work with, so I can't comment on that. I doubt very much you'll have some obscure XS bug that won't show up until your site goes live - but you never know I guess. -- Matt/ Details: FastNet Software Ltd - XML, Perl, Databases. Tagline: High Performance Web Solutions Web Sites: http://come.to/fastnet http://sergeant.org Available for Consultancy, Contracts and Training.
Re: How to run a secure mod_perl ?
It is extraordinarily easy to make persistnt perl engines core dump especailly if youare using 3rd party binary compiled modules that have their own subtle bugs. And extraordinarily annoying to troubleshoot. Either that or I have been very "lucky". ;) However, with that said, it's generally not at all that bad with APache because of the nature of it being multiprocessing based as you mentioned. Later, Gunther On Wed, 24 Nov 1999, Matt Sergeant wrote: On Wed, 24 Nov 1999, Martin A. Langhoff wrote: hi mod_perl gurus, I'm currently in dire problems (read sh*t): - In one week my Embperl powerd site debuts. - Just now, my webmaster tells me that I can't use Embperl _nor_ ePerl. Previously he had told me to use ePerl o whatever I wanted, now he's worried about security. - He claims that he cannot allow me to run anything under mod_perl (and derivatives as Embperl) because mod_perl brings Apache down when it crashes. Well, the extent this will happen is to 1 process. Not the whole httpd. So 1 user gets a disconnect. That's all. - On the other hand, he'll allow me to use perl in CGI scripts. - Of course that's not what I want :) !!! - Is there a way to configure mod_perl so that it does not crash apache down? Or maybe it never does and he doesn't know? First of all, this will only happen if perl crashes. I'm yet to see perl core dump. Maybe I'm unique in this experience. This includes running perl on NT since it was HiP Communications Perl. So yes - if perl crashes your 1 httpd will come tumbling down. And apache will happily spawn another one for you. I suppose it's possible that XS code will core dump - e.g. embperl. But I've never run embperl or anything that I don't consider stable enough to work with, so I can't comment on that. I doubt very much you'll have some obscure XS bug that won't show up until your site goes live - but you never know I guess. -- Matt/ Details: FastNet Software Ltd - XML, Perl, Databases. Tagline: High Performance Web Solutions Web Sites: http://come.to/fastnet http://sergeant.org Available for Consultancy, Contracts and Training.
RE: How to run a secure mod_perl ?
I run a small ISP, I like Embperl, but I am reluctant to let just any user use it.
A script such as the following can make the httpd child go very high in
MEMORY and CPU usage. Even after the request is terminated from the
client, the server keeps on chugging away.
This example uses:
Embperl 1.2b7
Apache/1.3.6
mod_perl/1.21
Solaris 2.7
h1Embperl Examples - Crash Apache Child/h1
[- %h = qw(1 a 2 b 3 c 4 d 5 e 6 f 7 g 8 h 9 i 10 j); -]
table
[$ foreach $Row (keys(%h)) $]
tr
td[+ $Row +]/td
td[+ $h{$Row} +]/td
[- $row = $Row -]
/tr
[$endforeach$]
/table
n Wed, 24 Nov 1999, Tubbs, Derric L wrote:
I agree, I think it's time to start looking elsewhere. He's the sysadmin
and service provider, it's his job to figure out how to make it work to meet
your needs. There are ways for him to sufficiently reduce the risk of you
crashing the rest of his sites. Make him work for that money or find
another provider.
--
From: Aaron Turner[SMTP:[EMAIL PROTECTED]]
Sent: Wednesday, November 24, 1999 1:34 PM
Subject:Re: How to run a secure mod_perl ?
Don't know the answer to your problem, but I wonder how much $$$ you're
spending to be told you can't do this? Maybe it's time to find a new ISP?
On Wed, 24 Nov 1999, Martin A. Langhoff wrote:
hi mod_perl gurus,
I'm currently in dire problems (read sh*t):
- Just now, my webmaster tells me that I can't use Embperl
_nor_
Re: How to run a secure mod_perl ?
Also see: http://perl.apache.org/guide/multiuser.html#ISPs_providing_mod_perl_services Don't know the answer to your problem, but I wonder how much $$$ you're spending to be told you can't do this? Maybe it's time to find a new ISP? On Wed, 24 Nov 1999, Martin A. Langhoff wrote: hi mod_perl gurus, I'm currently in dire problems (read sh*t): - In one week my Embperl powerd site debuts. - Just now, my webmaster tells me that I can't use Embperl _nor_ ePerl. Previously he had told me to use ePerl o whatever I wanted, now he's worried about security. - He claims that he cannot allow me to run anything under mod_perl (and derivatives as Embperl) because mod_perl brings Apache down when it crashes. - On the other hand, he'll allow me to use perl in CGI scripts. - Of course that's not what I want :) !!! - Is there a way to configure mod_perl so that it does not crash apache down? Or maybe it never does and he doesn't know? - For clarity: he's webmaster at the ISP where I host my sites. Not my own webmaster. *I'm* my own webmaster :) Thanks for your time. martin -- - Martin Langhoff @ S C I M Multimedia Technology - - http://www.scim.net | God is real until - - mailto:[EMAIL PROTECTED] | declared integer - -- Aaron Turner, Core Developer http://vodka.linuxkb.org/~aturner/ Linux Knowledge Base Organization http://linuxkb.org/ Because world domination requires quality open documentation. aka: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] ___ Stas Bekman mailto:[EMAIL PROTECTED]www.singlesheaven.com/stas Perl,CGI,Apache,Linux,Web,Java,PC at www.singlesheaven.com/stas/TULARC www.apache.org www.perl.com == www.modperl.com || perl.apache.org single o- + single o-+ = singlesheavenhttp://www.singlesheaven.com
