RE: [mp2][QUESTION]: Filter to modify request headers on a proxy server
Hi, I've just tried that script again (see link below) using a POST request. In the error log file, there is the content of the POST Request e.g. user=cpringlepassword=x but nothing else. There is no HTTP headers. My Apache directive to enable the filter is PerlInputFilterHandler iPAQApache::ResetBrowser Is this the correct directive? _/*** * _/ **Chris Pringle** _/ *Industrial Trainee ** *** _/_/_/ _/_/_/ *Personal Systems Group (PSG) ** ***_/ _/ _/ _/*Hewlett Packard - Bristol** *** _/ _/ _/_/_/ * ** _/ INVENT **Tel - +44 (0) 117 31 29664 ** ** _/Email - [EMAIL PROTECTED] ** *** _/ * -Original Message- From: Stas Bekman [mailto:[EMAIL PROTECTED] Sent: 18 September 2003 11:37 To: Pringle, Chris (HP-PSG) Cc: [EMAIL PROTECTED] Subject: Re: [mp2][QUESTION]: Filter to modify request headers on a proxy server Pringle, Chris (HP-PSG) wrote: Hi, I am trying to write a filter that will sit on a proxy server and alter HTTP requests. Basically, what I want it to do is modify the User-Agent header field so that when the request is proxied, the remote web server gets a different User-Agent header field to the one that was originally sent by the browser. There are also other header fields I may need to modify, but I would imagine this is a simple task once I've worked out how to alter the User-Agent field. Does anyone have any ideas how I might go about doing this? I've tried writing several PerlInputFilterHandlers, all with no success. Will input filters work with a proxy? I've got output filters working with no problem. Any sample code to do what I want, along with the relavent Apache directives would be very much appreciated! The sample code that you need is here: http://perl.apache.org/docs/2.0/user/handlers/filters.html#Connection_In put_Filters I haven't tried to mix filters with proxy, but I see no reason why shouldn't it work. It might not work if proxy is implemented as a filter itself and is running before the modperl filters, need to look at the actual implementation. __ Stas BekmanJAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide --- http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com
Re: [mp2][QUESTION]: Filter to modify request headers on a proxy server
Pringle, Chris (HP-PSG) wrote:
Hi,
I've just tried that script again (see link below) using a POST request.
In the error log file, there is the content of the POST Request e.g.
user=cpringlepassword=x but nothing else. There is no HTTP headers.
My Apache directive to enable the filter is
PerlInputFilterHandler iPAQApache::ResetBrowser
Is this the correct directive?
The directive is correct, but you don't show your code and your config, so I
have no idea if the rest is correct or not. This directive is used to
configure both, connection and request level filters. It's the attribute of
the handler subroutine is what makes the difference and the placement in
httpd.conf.
You need to declare it as:
package iPAQApache::ResetBrowser;
use base qw(Apache::Filter);
sub handler : FilterConnectionHandler { your code is here }
1;
and you need to put it outside of Location or similar block in httpd.conf
just like shown at:
http://perl.apache.org/docs/2.0/user/handlers/filters.html#Connection_Input_Filters
Also make sure that you run at least mod_perl 1.99_09, or even better the
current cvs. And in the future please follow the info at
http://perl.apache.org/bugs/ so we know more about your setup.
__
Stas BekmanJAm_pH -- Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide --- http://perl.apache.org
mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com
RE: [mp2][QUESTION]: Filter to modify request headers on a proxy server
Thanks for this. I had put 'PerlInputFilterHandler
iPAQApache::ResetBrowser' inside the proxy block, and it should have
been outside like you said.
_/***
* _/ **Chris Pringle**
_/ *Industrial Trainee **
*** _/_/_/ _/_/_/ *Personal Systems Group (PSG) **
***_/ _/ _/ _/*Hewlett Packard - Bristol**
*** _/ _/ _/_/_/ * **
_/ INVENT **Tel - +44 (0) 117 31 29664 **
** _/Email - [EMAIL PROTECTED] **
*** _/ *
PerlInputFilterHandler iPAQApache::ResetBrowser
Is this the correct directive?
The directive is correct, but you don't show your code and your config,
so I
have no idea if the rest is correct or not. This directive is used to
configure both, connection and request level filters. It's the attribute
of
the handler subroutine is what makes the difference and the placement in
httpd.conf.
You need to declare it as:
package iPAQApache::ResetBrowser;
use base qw(Apache::Filter);
sub handler : FilterConnectionHandler { your code is here }
1;
and you need to put it outside of Location or similar block in
httpd.conf
just like shown at:
http://perl.apache.org/docs/2.0/user/handlers/filters.html#Connection_In
put_Filters
Also make sure that you run at least mod_perl 1.99_09, or even better
the
current cvs. And in the future please follow the info at
http://perl.apache.org/bugs/ so we know more about your setup.
__
Stas BekmanJAm_pH -- Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide --- http://perl.apache.org
mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com
Re: [mp2][QUESTION]: Filter to modify request headers on a proxy server
Pringle, Chris (HP-PSG) wrote:
Thanks for this. I had put 'PerlInputFilterHandler
iPAQApache::ResetBrowser' inside the proxy block, and it should have
been outside like you said.
So it did work this time, right? Perhaps we should issue a warning if a
connection filter is found insider Location or alike.
PerlInputFilterHandler iPAQApache::ResetBrowser
Is this the correct directive?
The directive is correct, but you don't show your code and your config,
so I
have no idea if the rest is correct or not. This directive is used to
configure both, connection and request level filters. It's the attribute
of
the handler subroutine is what makes the difference and the placement in
httpd.conf.
You need to declare it as:
package iPAQApache::ResetBrowser;
use base qw(Apache::Filter);
sub handler : FilterConnectionHandler { your code is here }
1;
and you need to put it outside of Location or similar block in
httpd.conf
just like shown at:
http://perl.apache.org/docs/2.0/user/handlers/filters.html#Connection_In
put_Filters
Also make sure that you run at least mod_perl 1.99_09, or even better
the
current cvs. And in the future please follow the info at
http://perl.apache.org/bugs/ so we know more about your setup.
__
Stas BekmanJAm_pH -- Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide --- http://perl.apache.org
mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com
[mp2][QUESTION]: Filter to modify request headers on a proxy server
Hi, I am trying to write a filter that will sit on a proxy server and alter HTTP requests. Basically, what I want it to do is modify the User-Agent header field so that when the request is proxied, the remote web server gets a different User-Agent header field to the one that was originally sent by the browser. There are also other header fields I may need to modify, but I would imagine this is a simple task once I've worked out how to alter the User-Agent field. Does anyone have any ideas how I might go about doing this? I've tried writing several PerlInputFilterHandlers, all with no success. Will input filters work with a proxy? I've got output filters working with no problem. Any sample code to do what I want, along with the relavent Apache directives would be very much appreciated! _/*** * _/ **Chris Pringle** _/ * ** *** _/_/_/ _/_/_/ *Personal Systems Group (PSG) ** ***_/ _/ _/ _/*Hewlett Packard - Bristol** *** _/ _/ _/_/_/ * ** _/ INVENT **Tel - +44 (0) 117 31 29664 ** ** _/Email - [EMAIL PROTECTED] ** *** _/ *
Re: [mp2][QUESTION]: Filter to modify request headers on a proxy server
Pringle, Chris (HP-PSG) wrote: Hi, I am trying to write a filter that will sit on a proxy server and alter HTTP requests. Basically, what I want it to do is modify the User-Agent header field so that when the request is proxied, the remote web server gets a different User-Agent header field to the one that was originally sent by the browser. There are also other header fields I may need to modify, but I would imagine this is a simple task once I've worked out how to alter the User-Agent field. Does anyone have any ideas how I might go about doing this? I've tried writing several PerlInputFilterHandlers, all with no success. Will input filters work with a proxy? I've got output filters working with no problem. Any sample code to do what I want, along with the relavent Apache directives would be very much appreciated! The sample code that you need is here: http://perl.apache.org/docs/2.0/user/handlers/filters.html#Connection_Input_Filters I haven't tried to mix filters with proxy, but I see no reason why shouldn't it work. It might not work if proxy is implemented as a filter itself and is running before the modperl filters, need to look at the actual implementation. __ Stas BekmanJAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide --- http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com
Re: Portability Question
On Mon, 2003-09-08 at 23:29, Philip M. Gollucci wrote: I haven't really had a hard time with this except: CGI.pm ($query = CGI-new()) What about it? Is it not working? Spreadsheet::WriteExcel (0.26 or less for Win2k/ISS5.0PerlEx current is .40 most likely not thread safe) GD.pm (ActiveState only has GD1.x for 5.6.1 and compile errors for GD2.x on 5.8.0) XML::Simple (Active State5.6.1 is only at 1.06 missing some critical features from the current ~2.05) DateTime modules (datetime.perl.org ActiveState 5.6.1 has nothing... I think 5.8.0 might have some) Building your own .ppm files seems like the only way to solve these. use lib qw(...) (ISS automagically adds . to this. Under unix, this is not the case First thought, use FindBin, but its not thread safe, so mod_perl2.x fails. Only anwser I've come up with is to have an installation script edit a place holder in the main file You could use a config file or an environment variable, but what is the problem with FindBin exactly? I haven't heard about it not being thread safe before. However, caching is much more beneficially in IIS5.0/PerlEx then apache1.x/mod_perl1.x (rarely if ever get server by the same child in Apache) In apache 1.x on Win32, you always get the same child since there is only one. With 1.x on FreeBSD, the allocation will basically round-robin through all of your live apache children. - Perrin
Re: Portability Question
On Mon, 8 Sep 2003, Philip M. Gollucci wrote: Say I want the same code to work under: Win2k/ISS5.0CGI Win2k/IIS5.0PerlEX Win2k/Apache1mod_perl1 Win2k/Apache2mod_perl2 FreeBSD/Linux/Sun/Apache1mod_perl1 FreeBSD/Linux/Sun/Apache2mod_perl2 FreeBSD/Linux/Sun/Apache1,2CGI Assume perl 5.6.1 ActiveState on Win2k and perl 5.8.0 on Unix environments. Assume CGI.pm = 2.98 I haven't really had a hard time with this except: [ ... ] GD.pm (ActiveState only has GD1.x for 5.6.1 and compile errors for GD2.x on 5.8.0) XML::Simple (Active State5.6.1 is only at 1.06 missing some critical features from the current ~2.05) [ ... ] Text::Aspell ... egad... One of my co-workers has compiled this for 5.6.1 ActiveState on Win2k/WinXP Pro using MSCV++ 6.0 if anyone is interested since ActiveState has nothing. We have the above three packages in our 5.8 repository at http://theoryx5.uwinnipeg.ca/ppms/. -- best regards, randy kobes
Re: SubRequest in Filter MP2 [QUESTION]
Hello again.. On Thu, 2003-09-04 at 14:21, Geoffrey Young wrote: see Apache::SSI for mp1 - it does exactly what you are trying to do and is subclassable, so you can add your own tags/functionality if you want. That is exactly what I am already doing. When using #exec directive I noticed I could not set the headers properly. see recipe 5.7 in the mod_perl developer's cookbook for that, or look at the Apache::SSI source, which does it a different way. That is something i have yet to get my hands on! -- Craig Shelley [EMAIL PROTECTED] Homepage: http://www.microtron.org.uk -- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html
Re: SubRequest in Filter MP2 [QUESTION]
Craig Shelley wrote: Hello again.. On Thu, 2003-09-04 at 14:21, Geoffrey Young wrote: see Apache::SSI for mp1 - it does exactly what you are trying to do and is subclassable, so you can add your own tags/functionality if you want. That is exactly what I am already doing. When using #exec directive I noticed I could not set the headers properly. typically, a subrequest gets its headers from the current request. if you want to alter them, use $r-headers_in-set, but this is generally only used to test what-if scenarios: what if the current request had a cookie, could it access this document? anyway, if you need that, then you could probably create your own subclass and override ssi_exec to simply set the incoming headers and then SUPER::ssi_exec. or something like that (off the top of my head, anyway ;) see recipe 5.7 in the mod_perl developer's cookbook for that, or look at the Apache::SSI source, which does it a different way. That is something i have yet to get my hands on! the book has a simpler example as well, but you should be able to figure out the important LWP bits from the online code example http://www.modperlcookbook.org/code/ch05/Cookbook/SubRequestContent.pm --Geoff -- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html
Re: SubRequest in Filter MP2 [QUESTION]
Hello.. Just Forwarding this to the list Having no idea as to how the internals of modperl and apache actually work, this may seem like a bit of a dumb suggestion. When doing a subrequest from within a filter, the most ideal situation would be to have access to the output from within the same filter. I don't know how this would be best done, but one example i can think of would be maybe to be given access to file handle which can be read from. The data from the subrequest can then be processed and incorporated as required. The reason I have ended up fiddling around with subrequests in filters is because i was originally writing a few extensions for SSI in MP1. My original plan was to create a small library of includable objects such as hit counters, fortune generators and photo albums etc The idea then was that other people with local access to my server can create simple html files that contain SSI directives to include the various objects. It was all going extremely well, until I tried to set a cookie from within a subrequest. After that, i ran into a whole load of trouble trying to capture the output from a subrequest, and ended up turning to mp2 I was wondering if there are any other avenues I should explore in order to set up such a system. Thank you for spending time on this problem I appreciate it greatly - On Thu, 2003-09-04 at 14:21, Geoffrey Young wrote: see Apache::SSI for mp1 - it does exactly what you are trying to do and is subclassable, so you can add your own tags/functionality if you want. After that, i ran into a whole load of trouble trying to capture the output from a subrequest see recipe 5.7 in the mod_perl developer's cookbook for that, or look at the Apache::SSI source, which does it a different way. -- Craig Shelley [EMAIL PROTECTED] Homepage: http://www.microtron.org.uk -- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html
Re: SubRequest in Filter MP2 [QUESTION]
Hi All,
On Wed, 2003-08-27 at 02:33, Geoffrey Young wrote:
hi craig.
before we continue, please try the latest cvs (without the patch I sent)
and see if your stuff segfaults there. if not, at least we know we've
isolated the segfault and just have bad logic to fix :)
Well:
It seg faulted again :(
Here is what the log got:
[Fri Aug 29 17:45:00 2003] [notice] child pid 14541 exit signal Segmentation fault (11)
Here is a Backtrace:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 14541)]
0x4052295c in modperl_wbucket_flush (wb=0x0, add_flush_bucket=0) at
modperl_filter.c:180
180 if (wb-outcnt) {
(gdb) backtrace
#0 0x4052295c in modperl_wbucket_flush (wb=0x0, add_flush_bucket=0) at
modperl_filter.c:180
#1 0x406801f2 in ?? ()
When i run gdb on the core file...
#0 0x4052295c in modperl_wbucket_flush (wb=0x0, add_flush_bucket=0) at
modperl_filter.c:180
180 if (wb-outcnt) {
(gdb) backtrace
#0 0x4052295c in modperl_wbucket_flush (wb=0x0, add_flush_bucket=0) at
modperl_filter.c:180
#1 0x406801f2 in mpxs_ap_run_sub_req (my_perl=0x8148580, r=0x81a9418) at
Apache__SubRequest.h:10
#2 0x406808da in XS_Apache__SubRequest_run (my_perl=0x8148580, cv=0x81965fc) at
SubRequest.xs:83
#3 0x405bc7ef in Perl_pp_entersub () from /usr/lib/libperl.so.5.8
#4 0x405b620a in Perl_runops_standard () from /usr/lib/libperl.so.5.8
#5 0x4055ea32 in Perl_call_sv () from /usr/lib/libperl.so.5.8
#6 0x4055e837 in Perl_call_sv () from /usr/lib/libperl.so.5.8
#7 0x4051d6d5 in modperl_callback (my_perl=0x8148580, handler=0x80db808, p=0x815c920,
r=0x815c958, s=0x80db858, args=0x8145598)
at modperl_callback.c:53
#8 0x405231cd in modperl_run_filter (filter=0x8162938) at modperl_filter.c:400
#9 0x40523f51 in modperl_output_filter_handler (f=0x815e440,
bb=0x815e5a8) at modperl_filter.c:761
#10 0x0807e66b in ap_pass_brigade ()
#11 0x08084c15 in ap_core_translate ()
#12 0x08073b0a in ap_run_handler ()
#13 0x0807401e in ap_invoke_handler ()
#14 0x0806767f in ap_process_request ()
#15 0x080638ed in _start ()
#16 0x0815c958 in ?? ()
#17 0x0004 in ?? ()
#18 0x0815c958 in ?? ()
If you would like some more info please let me know, because I am eager
to help solve this problem.
PS -- I am running the same test scripts as I mentioned in previous
posts.
--
Craig Shelley [EMAIL PROTECTED]
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
Re: SubRequest in Filter MP2 [QUESTION]
Craig Shelley wrote: MP_AP_PREFIX = /home/craig/temp/mod_perl-1.99_09/ hi craig. before we continue, please try the latest cvs (without the patch I sent) and see if your stuff segfaults there. if not, at least we know we've isolated the segfault and just have bad logic to fix :) if you need help with cvs, see http://perl.apache.org/docs/2.0/user/install/install.html#Downloading_the_mod_perl_Source --Geoff -- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html
Re: SubRequest in Filter MP2 [QUESTION]
Geoffrey Young wrote:
Stas Bekman wrote:
Craig Shelley wrote:
I'll take a look at it. But you didn't supply a complete bug report
as explained http://perl.apache.org/bugs/. Please do so.
I think I've got this figured out.
the problem is with the r-main logic in mpxs_ap_run_sub_req.
with that logic, what ends up happening is that the data currently being
operated on is explicity flushed. this is bad within a (streaming)
filter where you are expected to call $f-print yourself, as the data is
sent without your permission (you may be operating on it or not want to
send it at all). it also seemed to cause infinite loop in my tests
because the filter was seeing the same data over and over again.
I can't really understand the reason behind the code anyway, since I
can't see anywhere in core where such logic is applied before
ap_run_sub_request - everyone seems to call without regard to where in
the data stream they happen to be, so I don't get why mod_perl should be
any different. indeed commenting it out fixes the problem for me.
however, removing that logic causes api/lookup_uri2.t to fail, but I
suspect this is an issue with puts() rather than the subrequest
mechanism - changing puts() to print() makes everything work just fine.
does puts() write directly to the wire, bypassing filters?
Sorry, but that's cheating ;)
rputs() never flushes data,
print() flushes if $| == 1;
Please don't remove rputs, it's there for a reason.
If you fix lookup_uri2's handler to be:
sub handler {
my $r = shift;
subrequest($r, 'myplan');
local $| = 0;
$r-print(ok 2\n);
subrequest($r, 'ok3');
Apache::OK;
}
You get:
ok 1
ok 3
ok 2
Confused test output: test 3 answered after test 3
ok
which is wrong.
So there is no problem with the r-main logic in mpxs_ap_run_sub_req, it's
there for exactly this reason.
I wonder why $| is on? must have forgotten to localize $| setting somewhere.
anyway, attached is a patch against current cvs - fixes and a few
filtering subrequest tests. note that the patch does not mention the
removal of xs/Apache/SubRequest/Apache__SubRequest.h, which is no longer
needed, so I guess you should remove that file by hand before compiling.
craig - note that this patch affects the autogenerated code, so in order
to get it to work you'll need to apply it, then run make realclean, perl
Makefile.PL, etc.
and you forgot to add to the patch a new file
#t/htdocs/filter/subrequest.txt
core subrequest
regarding new tests, do you mind calling them:
out_str_subreq_core
out_str_subreq_perl
since 'sub' is too confusing, or even better:
out_str_subreq_default
out_str_subreq_modperl
since these correspond to the SetHandler settings.
Thanks.
__
Stas BekmanJAm_pH -- Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide --- http://perl.apache.org
mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
Re: SubRequest in Filter MP2 [QUESTION]
however, removing that logic causes api/lookup_uri2.t to fail, but I suspect this is an issue with puts() rather than the subrequest mechanism - changing puts() to print() makes everything work just fine. does puts() write directly to the wire, bypassing filters? Sorry, but that's cheating ;) rputs() never flushes data, print() flushes if $| == 1; ah, ok, that's the difference. So there is no problem with the r-main logic in mpxs_ap_run_sub_req, it's there for exactly this reason. no, there is definitely something wrong. someplace :) if I'm in a filter and call sub-run (which is what mod_include essentially does), mod_perl is silently passing along the data I'm in the middle of filtering. so, if the filter sees datatagdata and wants to substitute something for tag via a subrequest, it won't work - mpxs_ap_run_sub_req is flushing tag along before the filter gets the chance to decide about the data. as I said, nowhere in any of the module shipped with core do I find logic like this - mod_include and mod_cgi both seem to call ap_run_sub_req without flushing the main data stream (though mod_include does split the stream and send the data _prior to the tag_ off). I don't see why mod_perl needs to behave differently in this respect, but if flushing is required for other reasons I can't see, making it a tacit part of $sub-run seems the wrong solution since it goes against the intent of output filters. and you forgot to add to the patch a new file #t/htdocs/filter/subrequest.txt core subrequest yes, sorry. or even better: out_str_subreq_default out_str_subreq_modperl since these correspond to the SetHandler settings. will do. --Geoff -- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html
Re: SubRequest in Filter MP2 [QUESTION]
Geoffrey Young wrote: the problem is with the r-main logic in mpxs_ap_run_sub_req. with that logic, what ends up happening is that the data currently being operated on is explicity flushed. this is bad within a (streaming) filter where you are expected to call $f-print yourself, as the data is sent without your permission (you may be operating on it or not want to send it at all). it also seemed to cause infinite loop in my tests because the filter was seeing the same data over and over again. That's is the problem with streaming filters. Nothing indicates to mod_perl whether the currently executed filter is a streaming filter or not, in fact I think you can mix and match both methods in the same filter. So $f-print is not expected, really. What you are right about is that mpxs_ap_run_sub_req should flush only if run from the non-filter handler, and do nothing if run from the filter handler. I have somewhere a prototype for the new API which tells what phase we are in, but it's possible that there is a more efficient way to tell the difference. __ Stas BekmanJAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide --- http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com -- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html
Re: SubRequest in Filter MP2 [QUESTION]
Geoffrey Young wrote: [...] as I said, nowhere in any of the module shipped with core do I find logic like this - mod_include and mod_cgi both seem to call ap_run_sub_req without flushing the main data stream (though mod_include does split the stream and send the data _prior to the tag_ off). I don't see why mod_perl needs to behave differently in this respect, but if flushing is required for other reasons I can't see, making it a tacit part of $sub-run seems the wrong solution since it goes against the intent of output filters. but that's how it works in mp1, no? Are you required to flush any data before issuing a subrequest? If I remember correctly you aren't. __ Stas BekmanJAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide --- http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com -- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html
Re: SubRequest in Filter MP2 [QUESTION]
I'll take a look at it. But you didn't supply a complete bug report as explained http://perl.apache.org/bugs/. Please do so. Hi, Here is that bug report related to the earlier postings. -8-- Start Bug Report 8-- 1. Problem Description: [DESCRIBE THE PROBLEM HERE] 2. Used Components and their Configuration: *** using lib/Apache/BuildConfig.pm *** Makefile.PL options: MP_AP_PREFIX = /home/craig/temp/mod_perl-1.99_09/ MP_COMPAT_1X = 1 MP_GENERATE_XS = 1 MP_LIBNAME = mod_perl MP_USE_DSO = 1 MP_USE_STATIC = 1 *** /usr/local/bin/httpd -V Server version: Apache/2.0.47 Server built: Jul 15 2003 14:07:14 Server's Module Magic Number: 20020903:4 Architecture: 32-bit Server compiled with -D APACHE_MPM_DIR=server/mpm/prefork -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_SYSVSEM_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D HTTPD_ROOT= -D SUEXEC_BIN=/usr/lib/apache2/suexec2 -D DEFAULT_PIDLOG=/var/run/httpd.pid -D DEFAULT_SCOREBOARD=logs/apache_runtime_status -D DEFAULT_LOCKFILE=/var/run/accept.lock -D DEFAULT_ERRORLOG=logs/error_log -D AP_TYPES_CONFIG_FILE=/etc/apache2/mime.types -D SERVER_CONFIG_FILE=/etc/apache2/apache2.conf *** /usr/bin/perl -V Summary of my perl5 (revision 5.0 version 8 subversion 0) configuration: Platform: osname=linux, osvers=2.4.21-xfs+ti1211, archname=i386-linux-thread-multi uname='linux kosh 2.4.21-xfs+ti1211 #1 sat jul 12 10:35:04 est 2003 i686 gnulinux ' config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN -Dcccdlflags=-fPIC -Darchname=i386-linux -Dprefix=/usr -Dprivlib=/usr/share/perl/5.8.0 -Darchlib=/usr/lib/perl/5.8.0 -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5 -Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local -Dsitelib=/usr/local/share/perl/5.8.0 -Dsitearch=/usr/local/lib/perl/5.8.0 -Dman1dir=/usr/share/man/man1 -Dman3dir=/usr/share/man/man3 -Dman1ext=1 -Dman3ext=3perl -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Uusesfio -Uusenm -Duseshrplib -Dlibperl=libperl.so.5.8.0 -Dd_dosuid -des' hint=recommended, useposix=true, d_sigaction=define usethreads=define use5005threads=undef useithreads=define usemultiplicity=define useperlio=define d_sfio=undef uselargefiles=define usesocks=undef use64bitint=undef use64bitall=undef uselongdouble=undef usemymalloc=n, bincompat5005=undef Compiler: cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64', optimize='-O3', cppflags='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-aliasing' ccversion='', gccversion='3.3.1 20030722 (Debian prerelease)', gccosandvers='' intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234 d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12 ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8 alignbytes=4, prototype=define Linker and Libraries: ld='cc', ldflags =' -L/usr/local/lib' libpth=/usr/local/lib /lib /usr/lib libs=-lgdbm -ldb -ldl -lm -lpthread -lc -lcrypt perllibs=-ldl -lm -lpthread -lc -lcrypt libc=/lib/libc-2.3.1.so, so=so, useshrplib=true, libperl=libperl.so.5.8.0 gnulibc_version='2.3.1' Dynamic Linking: dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-rdynamic' cccdlflags='-fPIC', lddlflags='-shared -L/usr/local/lib' Characteristics of this binary (from libperl): Compile-time options: MULTIPLICITY USE_ITHREADS USE_LARGE_FILES PERL_IMPLICIT_CONTEXT Built under linux Compiled at Jul 30 2003 10:52:58 %ENV: PERL_LWP_USE_HTTP_10=1 @INC: /etc/perl /usr/local/lib/perl/5.8.0 /usr/local/share/perl/5.8.0 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.8.0 /usr/share/perl/5.8.0 /usr/local/lib/site_perl . 3. This is the core dump trace: (if you get a core dump): [CORE TRACE COMES HERE] This report was generated by t/REPORT on Tue Aug 26 17:17:34 2003 GMT. -8-- End Bug Report --8-- __ Stas BekmanJAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide --- http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com -- Craig Shelley [EMAIL PROTECTED] -- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html
Re: SubRequest in Filter MP2 [QUESTION]
Craig Shelley wrote: I'll take a look at it. But you didn't supply a complete bug report as explained http://perl.apache.org/bugs/. Please do so. Here is that bug report related to the earlier postings. -8-- Start Bug Report 8-- 1. Problem Description: [...] 3. This is the core dump trace: (if you get a core dump): [CORE TRACE COMES HERE] Thanks, but you have missed the core dump's backtrace. __ Stas BekmanJAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide --- http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com -- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html
Re: SubRequest in Filter MP2 [QUESTION]
On Tue, 2003-08-26 at 19:03, Stas Bekman wrote: Thanks, but you have missed the core dump's backtrace. I am sorry but I have never used core files before, so forgive me if I have done this all wrong. I configured apache to only have one server process. Then using gdb, I connected to the server process and told it to continue execution. I then made a request to the server, causing it to crash. Heres what I got: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 16384 (LWP 22572)] 0x4051cf58 in modperl_wbucket_flush () from /usr/lib/apache2/modules/mod_perl.so (gdb) backtrace #0 0x4051cf58 in modperl_wbucket_flush () from /usr/lib/apache2/modules/mod_perl.so #1 0x4066f5de in ?? () (gdb) generate-core-file Saved corefile core.22572 (gdb) quit # gdb /usr/sbin/apache2 core.22572 Gdb reported various libraries loading here #0 0x4051cf58 in modperl_wbucket_flush () from /usr/lib/apache2/modules/mod_perl.so (gdb) backtrace #0 0x4051cf58 in modperl_wbucket_flush () from /usr/lib/apache2/modules/mod_perl.so #1 0x4066f5de in XS_Apache__SubRequest_run () from /usr/local/lib/perl/5.8.0/auto/Apache/SubRequest/SubRequest.so #2 0x405ad7ef in Perl_pp_entersub () from /usr/lib/libperl.so.5.8 #3 0x405a720a in Perl_runops_standard () from /usr/lib/libperl.so.5.8 #4 0x4054fa32 in Perl_call_sv () from /usr/lib/libperl.so.5.8 #5 0x4054f837 in Perl_call_sv () from /usr/lib/libperl.so.5.8 #6 0x405195da in modperl_callback () from /usr/lib/apache2/modules/mod_perl.so #7 0x4051c7ae in modperl_run_filter () from /usr/lib/apache2/modules/mod_perl.so #8 0x4051cba7 in modperl_output_filter_handler () from /usr/lib/apache2/modules/mod_perl.so #9 0x0807e66b in ap_pass_brigade () #10 0x08084c15 in ap_core_translate () #11 0x08073b0a in ap_run_handler () #12 0x0807401e in ap_invoke_handler () #13 0x0806767f in ap_process_request () #14 0x080638ed in _start () #15 0x0815e3f8 in ?? () #16 0x0004 in ?? () #17 0x0815e3f8 in ?? () I have not included the core file here because it was ~ 3Mb If you need it please let me know -- Craig Shelley [EMAIL PROTECTED] -- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html
Re: SubRequest in Filter MP2 [QUESTION]
Craig Shelley wrote: On Tue, 2003-08-26 at 19:03, Stas Bekman wrote: Thanks, but you have missed the core dump's backtrace. I am sorry but I have never used core files before, so forgive me if I have done this all wrong. No worries, this task is not trivial. Your trace is almost perfect. The only missing things are the arguments to the functions in the trace. In order to get the arguments you need to rebuild mp with MP_DEBUG=1 as explained here: http://perl.apache.org/docs/2.0/user/help/help.html#Resolving_Segmentation_Faults (gdb) backtrace #0 0x4051cf58 in modperl_wbucket_flush () from /usr/lib/apache2/modules/mod_perl.so #1 0x4066f5de in XS_Apache__SubRequest_run () from /usr/local/lib/perl/5.8.0/auto/Apache/SubRequest/SubRequest.so Normally you should rebuild perl and apache with appropriate options as explained at the URL above to get the arguments for the perl and apache functions, but in this case the bug is most likely in mod_perl, so only rebuilding mod_perl with MP_DEBUG=1, getting a new segfault and a new trace will do. #2 0x405ad7ef in Perl_pp_entersub () from /usr/lib/libperl.so.5.8 #3 0x405a720a in Perl_runops_standard () from /usr/lib/libperl.so.5.8 #4 0x4054fa32 in Perl_call_sv () from /usr/lib/libperl.so.5.8 #5 0x4054f837 in Perl_call_sv () from /usr/lib/libperl.so.5.8 #6 0x405195da in modperl_callback () from /usr/lib/apache2/modules/mod_perl.so #7 0x4051c7ae in modperl_run_filter () from /usr/lib/apache2/modules/mod_perl.so #8 0x4051cba7 in modperl_output_filter_handler () from /usr/lib/apache2/modules/mod_perl.so #9 0x0807e66b in ap_pass_brigade () #10 0x08084c15 in ap_core_translate () #11 0x08073b0a in ap_run_handler () #12 0x0807401e in ap_invoke_handler () #13 0x0806767f in ap_process_request () #14 0x080638ed in _start () #15 0x0815e3f8 in ?? () #16 0x0004 in ?? () #17 0x0815e3f8 in ?? () I have not included the core file here because it was ~ 3Mb If you need it please let me know That was a wise decision. A core file is not very useful for our purposes if taken away from the setup it was originated from. Not talking about the fact that posting large emails is not appreciated. If such a need rises, one needs to upload the file somewhere on the web and post the URL to that file instead. __ Stas BekmanJAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide --- http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com -- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html
Re: SubRequest in Filter MP2 [QUESTION]
Stas Bekman wrote:
Craig Shelley wrote:
I'll take a look at it. But you didn't supply a complete bug report
as explained http://perl.apache.org/bugs/. Please do so.
I think I've got this figured out.
the problem is with the r-main logic in mpxs_ap_run_sub_req.
with that logic, what ends up happening is that the data currently being
operated on is explicity flushed. this is bad within a (streaming) filter
where you are expected to call $f-print yourself, as the data is sent
without your permission (you may be operating on it or not want to send it
at all). it also seemed to cause infinite loop in my tests because the
filter was seeing the same data over and over again.
I can't really understand the reason behind the code anyway, since I can't
see anywhere in core where such logic is applied before ap_run_sub_request -
everyone seems to call without regard to where in the data stream they
happen to be, so I don't get why mod_perl should be any different. indeed
commenting it out fixes the problem for me.
however, removing that logic causes api/lookup_uri2.t to fail, but I suspect
this is an issue with puts() rather than the subrequest mechanism - changing
puts() to print() makes everything work just fine. does puts() write
directly to the wire, bypassing filters?
anyway, attached is a patch against current cvs - fixes and a few filtering
subrequest tests. note that the patch does not mention the removal of
xs/Apache/SubRequest/Apache__SubRequest.h, which is no longer needed, so I
guess you should remove that file by hand before compiling.
craig - note that this patch affects the autogenerated code, so in order to
get it to work you'll need to apply it, then run make realclean, perl
Makefile.PL, etc.
--Geoff
Index: t/response/TestAPI/lookup_uri2.pm
===
RCS file: /home/cvspublic/modperl-2.0/t/response/TestAPI/lookup_uri2.pm,v
retrieving revision 1.3
diff -u -r1.3 lookup_uri2.pm
--- t/response/TestAPI/lookup_uri2.pm 27 Apr 2003 04:19:18 - 1.3
+++ t/response/TestAPI/lookup_uri2.pm 26 Aug 2003 19:55:50 -
@@ -11,7 +11,7 @@
sub myplan {
my $r = shift;
-$r-puts(1..3\nok 1\n);
+$r-print(1..3\nok 1\n);
Apache::OK;
}
@@ -19,7 +19,7 @@
sub ok3 {
my $r = shift;
-$r-puts(ok 3\n);
+$r-print(ok 3\n);
Apache::OK;
}
@@ -35,7 +35,7 @@
subrequest($r, 'myplan');
-$r-puts(ok 2\n);
+$r-print(ok 2\n);
subrequest($r, 'ok3');
Index: xs/maps/apache_functions.map
===
RCS file: /home/cvspublic/modperl-2.0/xs/maps/apache_functions.map,v
retrieving revision 1.64
diff -u -r1.64 apache_functions.map
--- xs/maps/apache_functions.map12 Jun 2003 23:27:03 - 1.64
+++ xs/maps/apache_functions.map26 Aug 2003 19:55:51 -
@@ -95,7 +95,7 @@
PACKAGE=Apache::SubRequest ISA=Apache::RequestRec
ap_destroy_sub_req | | r | DESTROY
- ap_run_sub_req | mpxs_ | | run
+ ap_run_sub_req | | r | run
MODULE=Apache::RequestIO PACKAGE=Apache::RequestRec
ap_discard_request_body
Index: xs/tables/current/ModPerl/FunctionTable.pm
===
RCS file: /home/cvspublic/modperl-2.0/xs/tables/current/ModPerl/FunctionTable.pm,v
retrieving revision 1.119
diff -u -r1.119 FunctionTable.pm
--- xs/tables/current/ModPerl/FunctionTable.pm 20 Aug 2003 23:20:14 - 1.119
+++ xs/tables/current/ModPerl/FunctionTable.pm 26 Aug 2003 19:55:56 -
@@ -6170,24 +6170,6 @@
]
},
{
-'return_type' = 'int',
-'name' = 'mpxs_ap_run_sub_req',
-'attr' = [
- 'static',
- '__inline__'
-],
-'args' = [
- {
-'type' = 'PerlInterpreter *',
-'name' = 'my_perl'
- },
- {
-'type' = 'request_rec *',
-'name' = 'r'
- }
-]
- },
- {
'return_type' = 'apr_size_t',
'name' = 'mpxs_ap_rvputs',
'attr' = [
--- /dev/null 2003-01-30 05:24:37.0 -0500
+++ t/filter/TestFilter/out_str_sub_core.pm 2003-08-26 15:51:40.0 -0400
@@ -0,0 +1,78 @@
+package TestFilter::out_str_sub_core;
+
+use strict;
+use warnings FATAL = 'all';
+
+use Apache::Test;
+use Apache::TestUtil;
+
+use Apache::RequestRec ();
+use Apache::RequestIO ();
+use Apache::SubRequest ();
+
+use Apache::Filter ();
+
+use Apache::Const -compile = qw(OK);
+
+# include the contents of a subrequest
+# in the filter, a la mod_include's
+# !--#include virtual=/subrequest --
+
+sub include {
+
+my $filter = shift;
+
+unless ($filter-ctx) {
+# don't forget to remove the C-L header
+$filter-r-headers_out-unset('Content-Length');
+
+$filter-ctx(1);
+}
+
+while ($filter-read(my $buffer, 1024)){
+
+if ($buffer eq tag\n) {
+my $sub = $filter-r-lookup_uri('/core_subrequest/subrequest.txt');
+my $rc = $sub-run;
+
SubRequest in Filter MP2 [QUESTION]
Hello,
I am a newbie to this list, so please forgive me if this is not the
place where I should asking this question.
I am writing a filter module for MP2 that will parse its input for
certain embedded commands.
One of these commands should cause the filter to issue a SubRequest to
get the output of another file or cgi script on the server.
The output of the SubRequest will also be processed, and I will need to
have access to the headers it returned, I can then set cookies etc.
In MP1 I had big problems when it came to processing the output of a
SubRequest because there was no way of capturing the output.
In MP2 Progress has been somewhat slower since I am unfamiliar with the
documentation.
Before porting all my code from MP1 to MP2 I decided to write some test
scripts to check that I was able to use the functionality that I
require.
Here is my test setup
Files ~ \.html
PerlOutputFilterHandler Apache::testfilter
/Files
package Apache::testfilter;
use strict;
use warnings;
use Apache::Filter ();
use Apache::SubRequest ();
use Apache::RequestRec ();
use APR::Table ();
use Apache::Const -compile = qw(OK);
use constant BUFF_LEN = 1024;
sub handler {
my $f = shift;
unless ($f-ctx) {
$f-r-headers_out-unset('Content-Length');
$f-ctx(1);
my $rr = $f-r-lookup_uri(subrequest.txt);
#$rr-run;
}
#From the filter example on perl.apache.org */
while ($f-read(my $buffer, BUFF_LEN)) {
$buffer =~ s/[\r\n]//g;
$f-print($buffer);
}
$f-print(\nEnd of Filter\n);
return Apache::OK;
}
1;
For some reason, the server segfaults when the above code is run (with
the $rr-run line present)
[Mon Aug 25 16:16:12 2003] [notice] Graceful restart requested, doing restart
apache2: Could not determine the server's fully qualified domain name, using
127.0.0.1 for ServerName
[Mon Aug 25 16:16:12 2003] [notice] Apache/2.0.47 (Debian GNU/Linux) mod_perl/1.99_09
Perl/v5.8.0 configured -- resuming normal operations
Then when I make a request...
[Mon Aug 25 16:16:16 2003] [notice] child pid 13250 exit signal Segmentation fault
(11)
I know I am doing something wrong because I have still not figured out a
way to obtain the output from the subrequest.
After a few hours of trying different things, I found that a subrequest
will work if it is in one of the handler modules eg PerlResponseHandler
I would like to thank anyone (in advance) for helping me solve this
problem.
--
Craig Shelley [EMAIL PROTECTED]
A goto in Perl falls into the category of hard things that should be
possible, not easy things that should be easy.
-- Larry Wall in [EMAIL PROTECTED]
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
Re: SubRequest in Filter MP2 [QUESTION]
my $rr = $f-r-lookup_uri(subrequest.txt); #$rr-run; For some reason, the server segfaults when the above code is run (with the $rr-run line present) does anything change if you use $rr = $f-$r-lookup_uri(subrequest.txt, $f-next); ? --Geoff -- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html
Re: SubRequest in Filter MP2 [QUESTION]
does anything change if you use $rr = $f-$r-lookup_uri(subrequest.txt, $f-next); No it doesn't seem any different, the server still seg faults. When it does this, it produces no output at all. telnet 127.0.0.1 80 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. GET / HTTP/1.0 Connection closed by foreign host. Thank you for looking into this. -- Craig Shelley [EMAIL PROTECTED] Just don't create a file called -rf. :-) -- Larry Wall in [EMAIL PROTECTED] -- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html
Re: SubRequest in Filter MP2 [QUESTION]
Craig Shelley wrote: does anything change if you use $rr = $f-$r-lookup_uri(subrequest.txt, $f-next); No it doesn't seem any different, the server still seg faults. When it does this, it produces no output at all. telnet 127.0.0.1 80 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. GET / HTTP/1.0 Connection closed by foreign host. I'll take a look at it. But you didn't supply a complete bug report as explained http://perl.apache.org/bugs/. Please do so. __ Stas BekmanJAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide --- http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com -- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html
Re: Apache 2.0, mod_perl filter question
Hello,
I am trying to filter DECRYPTED, PLAIN TEXT data. I
attached my two configuration files. If more
information needed i can send my logs.
Ideally I want to make a setup where
encryption/decryption being done twice in order to
filter DECRYPTED, PLAIN TEXT data(correct me if I am
wrong)
Like SSL-enabled browser - Proxy (SSL, Apache) -
Proxy (non SSL, Apache, here goes filtering) -
another Proxy ( SSL, Apache) - Server (SSL)
At this time i made some little perl script
and it works for GET, having some troubles with POST,
so if you are aware about this problem SSL + proxy +
POST, please let me know (sorry for offtopic)
#!/usr/bin/perl -w
use URI::URL;
use LWP::UserAgent;
use HTTP::Request;
use HTTP::Request::Common;
use HTTP::Request::Form;
use HTML::TreeBuilder 3.0;
use HTTP::Cookies;
my $ua = LWP::UserAgent-new;
$ua-proxy('https','https://localhost');
my $url = url 'https://some.server.com:1200/';
my $cookie_jar = HTTP::Cookies-new();
my $res = $ua-request(GET $url);
my $tree = HTML::TreeBuilder-new;
$tree-parse($res-content);
$tree-eof();
my @forms = $tree-find_by_tag_name('FORM');
my $f = HTTP::Request::Form-new($forms[0], $url);
$f-field(nm, user);
$f-field(pwd, password);
my $response = $ua-request($f-press(submit));
$cookie_jar-extract_cookies($response);
$cookie_jar-save();
print $response-content if $response-is_success;
ie, non-SSL browser - proxy + mod_ssl + mod_perl
filter - server works for me for GET
If I do the same with IE, ie Tools-Internet
Options-Connections-Lan Settings-use a proxy server
and put here address of my apache server, I am getting
403 Forbidden.
I cannot explain this.
Any help, ideas, etc are highly appreciated.
Thanks,
Ilia
--- Stas Bekman [EMAIL PROTECTED] wrote:
Ilia Rassadzin wrote:
Hello mod_perl,
I have some problems with filtering HTTPS traffic.
I modified for my needs FilterSnoop module from
Stas
Bekman filter tutorial. It perfectly sees HTTP
data,
but not HTTPS.
Does anyone have any suggestions(ideas) about how
to
implement a filter which will see HTTPS?
Thanks in advance
I need more input from you. Are you trying to filter
an encrypted data stream?
mod_perl connection filters, happen after the
incoming data has been decrypted
and the outgoing data hasn't been yet encrypted.
__
Stas BekmanJAm_pH -- Just Another
mod_perl Hacker
http://stason.org/ mod_perl Guide ---
http://perl.apache.org
mailto:[EMAIL PROTECTED] http://use.perl.org
http://apacheweek.com
http://modperlbook.org http://apache.org
http://ticketmaster.com
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info:
http://perl.apache.org/maillist/modperl.html
__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com#
# Based upon the NCSA server configuration files originally by Rob McCool.
#
# This is the main Apache server configuration file. It contains the
# configuration directives that give the server its instructions.
# See URL:http://httpd.apache.org/docs-2.0/ for detailed information about
# the directives.
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
# The configuration directives are grouped into three basic sections:
# 1. Directives that control the operation of the Apache server process as a
# whole (the 'global environment').
# 2. Directives that define the parameters of the 'main' or 'default' server,
# which responds to requests that aren't handled by a virtual host.
# These directives also provide default values for the settings
# of all virtual hosts.
# 3. Settings for virtual hosts, which allow Web requests to be sent to
# different IP addresses or hostnames and have them handled by the
# same Apache server process.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with / (or drive:/ for Win32), the
# server will use that explicit path. If the filenames do *not* begin
# with /, the value of ServerRoot is prepended -- so logs/foo.log
# with ServerRoot set to /usr/local/apache2 will be interpreted by the
# server as /usr/local/apache2/logs/foo.log.
#
### Section 1: Global Environment
#
# The directives in this section affect the overall operation of Apache,
# such as the number of concurrent requests it can handle or where it
# can find its configuration files.
#
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE! If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the LockFile documentation (available
# at
Re: Apache 2.0, mod_perl filter question
Ilia Rassadzin wrote:
Hello,
I am trying to filter DECRYPTED, PLAIN TEXT data. I
attached my two configuration files. If more
information needed i can send my logs.
Ideally I want to make a setup where
encryption/decryption being done twice in order to
filter DECRYPTED, PLAIN TEXT data(correct me if I am
wrong)
Like SSL-enabled browser - Proxy (SSL, Apache) -
Proxy (non SSL, Apache, here goes filtering) -
another Proxy ( SSL, Apache) - Server (SSL)
So you try to use mod_perl 2.0 as a proxy, which decrypts the stream, does
something to it, encrypts it back and sends it further? I'm not sure whether
this should work, aren't you suppose to somehow reconstruct the keys in order
for this to work?
What would be the minimal setup to setup a test environment?
At this time i made some little perl script
and it works for GET, having some troubles with POST,
so if you are aware about this problem SSL + proxy +
POST, please let me know (sorry for offtopic)
#!/usr/bin/perl -w
use URI::URL;
use LWP::UserAgent;
use HTTP::Request;
use HTTP::Request::Common;
use HTTP::Request::Form;
use HTML::TreeBuilder 3.0;
use HTTP::Cookies;
my $ua = LWP::UserAgent-new;
$ua-proxy('https','https://localhost');
my $url = url 'https://some.server.com:1200/';
my $cookie_jar = HTTP::Cookies-new();
my $res = $ua-request(GET $url);
my $tree = HTML::TreeBuilder-new;
$tree-parse($res-content);
$tree-eof();
my @forms = $tree-find_by_tag_name('FORM');
my $f = HTTP::Request::Form-new($forms[0], $url);
$f-field(nm, user);
$f-field(pwd, password);
my $response = $ua-request($f-press(submit));
$cookie_jar-extract_cookies($response);
$cookie_jar-save();
print $response-content if $response-is_success;
ie, non-SSL browser - proxy + mod_ssl + mod_perl
filter - server works for me for GET
If I do the same with IE, ie Tools-Internet
Options-Connections-Lan Settings-use a proxy server
and put here address of my apache server, I am getting
403 Forbidden.
I cannot explain this.
Any help, ideas, etc are highly appreciated.
I'm not sure how this script helps to understand your problem with filtering.
Neither a huge config file, most of it irrelevant to the problem.
What we need is a set of short script/handlers and a minimal config file with
which we can reproduce the problem.
Ideally, if you can submit patches to our test suite to accomplish this setup
that would be the simplest. All we will have to do is to make it working.
__
Stas BekmanJAm_pH -- Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide --- http://perl.apache.org
mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
Re: Apache 2.0, mod_perl filter question
To the best of my knowledge, the 'proxy' that is used in LWP still cannot
support CONNECT style SSL proxies, meaning its very hit or miss if it
works - roughly 50/50 for the few hundred proxies ive checked recently.
try replacing *all* your $UA-proxy lines with
$ENV{HTTPS_PROXY} = http://localhost:80;;
this will work assuming you have Crypt::SSLeay installed (libwwwperl works
with either IO SOCKET SSL or crypt ssleay... but crypt ssleay is the one
that gives you low level proxy stuff.)
check out the docs on crypt::ssleay for more info on using proxies with
LWP, it was an eye opener.
as a side note, you may want to undef $ENV{HTTPS_PROXY} before creating
your agent. I dont use UserAgent much but i use WWW::Mechanize a ton
(sunbclass) and it has code to automagically set $ua-proxy if it detects
the ENV is set. which immediately breaks the ENV proxy since they are not
compatible... boo Mechanize =). I think that code is in Mechanize and not
UserAgent however so you should be safe - but im not positive.
The only downsides to this approach:
- UserAgent will report itself as not being proxied even though it is,
since its done at a lower level than its aware. for my code, i couldnt
care less.
- you have to https everything, since I havent found a way to use the
env-set style https proxy for ssl, but something different for http. you
cant mix and match the LWP style and the Crypt::SSL style proxies - the
lwp one will clobber whatever goodness is in crypt::ssleay's with stuff
that doesnt work.
I have no clue why you are getting 403 errors in a browser...
--
gedanken
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
Re: Apache 2.0, mod_perl filter question
Hello,
I am trying to use as a proxy Apache 2.0 which
includes mod_proxy and mod_ssl.
I am trying to use mod_perl for parsing/changing
decrypted plain text HTML data passed over SSL.
maybe there are other ways to do this, let me know.
The script shows that it is theoretically possibly to
parse/modify HTML passed over SSL in case of GET
(working on POST at this time) with a given setup:
SSL-unaware browser - mod_proxy+mod_ssl+mod_perl -
SSL server
this question should probably be like 'How to setup
Apache + mod_ssl + mod_proxy + mod_perl to make
filtering of plain HTML passed over SSL possible?'
minimal setup:
IfModule mod_proxy.c
PerlModule MyApache::FilterSnoop
Proxy *
PerlOutputFilterHandler
MyApache::FilterSnoop::connection
/Proxy
/IfModule
VirtualHost _default_:443
SSLEngine on
SSLProxyEngine on
SetHandler modperl
PerlOutputFilterHandler
MyApache::FilterSnoop::connection
AllowCONNECT 80 443 563 1200 1300
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile
/usr/local/apache2/conf/ssl.crt/server.crt
SSLCertificateKeyFile
/usr/local/apache2/conf/ssl.key/server.key
CustomLog logs/ssl_request_log \
%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x
\%r\ %b
/VirtualHost
--- Stas Bekman [EMAIL PROTECTED] wrote:
Ilia Rassadzin wrote:
Hello,
I am trying to filter DECRYPTED, PLAIN TEXT data.
I
attached my two configuration files. If more
information needed i can send my logs.
Ideally I want to make a setup where
encryption/decryption being done twice in order to
filter DECRYPTED, PLAIN TEXT data(correct me if I
am
wrong)
Like SSL-enabled browser - Proxy (SSL, Apache)
-
Proxy (non SSL, Apache, here goes filtering) -
another Proxy ( SSL, Apache) - Server (SSL)
So you try to use mod_perl 2.0 as a proxy, which
decrypts the stream, does
something to it, encrypts it back and sends it
further? I'm not sure whether
this should work, aren't you suppose to somehow
reconstruct the keys in order
for this to work?
What would be the minimal setup to setup a test
environment?
At this time i made some little perl script
and it works for GET, having some troubles with
POST,
so if you are aware about this problem SSL + proxy
+
POST, please let me know (sorry for offtopic)
#!/usr/bin/perl -w
use URI::URL;
use LWP::UserAgent;
use HTTP::Request;
use HTTP::Request::Common;
use HTTP::Request::Form;
use HTML::TreeBuilder 3.0;
use HTTP::Cookies;
my $ua = LWP::UserAgent-new;
$ua-proxy('https','https://localhost');
my $url = url 'https://some.server.com:1200/';
my $cookie_jar = HTTP::Cookies-new();
my $res = $ua-request(GET $url);
my $tree = HTML::TreeBuilder-new;
$tree-parse($res-content);
$tree-eof();
my @forms = $tree-find_by_tag_name('FORM');
my $f = HTTP::Request::Form-new($forms[0], $url);
$f-field(nm, user);
$f-field(pwd, password);
my $response = $ua-request($f-press(submit));
$cookie_jar-extract_cookies($response);
$cookie_jar-save();
print $response-content if $response-is_success;
ie, non-SSL browser - proxy + mod_ssl + mod_perl
filter - server works for me for GET
If I do the same with IE, ie Tools-Internet
Options-Connections-Lan Settings-use a proxy
server
and put here address of my apache server, I am
getting
403 Forbidden.
I cannot explain this.
Any help, ideas, etc are highly appreciated.
I'm not sure how this script helps to understand
your problem with filtering.
Neither a huge config file, most of it irrelevant to
the problem.
What we need is a set of short script/handlers and a
minimal config file with
which we can reproduce the problem.
Ideally, if you can submit patches to our test suite
to accomplish this setup
that would be the simplest. All we will have to do
is to make it working.
__
Stas BekmanJAm_pH -- Just Another
mod_perl Hacker
http://stason.org/ mod_perl Guide ---
http://perl.apache.org
mailto:[EMAIL PROTECTED] http://use.perl.org
http://apacheweek.com
http://modperlbook.org http://apache.org
http://ticketmaster.com
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info:
http://perl.apache.org/maillist/modperl.html
__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
Re: Apache 2.0, mod_perl filter question
Ilia Rassadzin wrote: Hello mod_perl, I have some problems with filtering HTTPS traffic. I modified for my needs FilterSnoop module from Stas Bekman filter tutorial. It perfectly sees HTTP data, but not HTTPS. Does anyone have any suggestions(ideas) about how to implement a filter which will see HTTPS? Thanks in advance I need more input from you. Are you trying to filter an encrypted data stream? mod_perl connection filters, happen after the incoming data has been decrypted and the outgoing data hasn't been yet encrypted. __ Stas BekmanJAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide --- http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com -- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html
Re: Coding Style Question - Using exit
Hi!
On Mon, Aug 18, 2003 at 08:07:30 -0400, Chris Faust wrote:
Example To Help Explain:
sub handler {
$r = shift;
init_global_vals();
$back_url = determine_proper_action();
my $back_url = ;
$r-headers_out-set(Location = $back_url);
return Apache::REDIRECT;
}
Why not let determine_proper_action() return undef (or OK, or whatever) if
you do not want to redirect? And in your handler do:
my $rv=determine_proper_action();
if ($rv) { # or ($rv == Apache::Constants::OK)
# redirect
} else
# done
}
One problem I can see is if you're exiting somewhere deep in a nested sub
and you cannot propagate the return value back to the handler (easily).
--
#!/usr/bin/perl http://domm.zsi.at
for(ref bless{},just'another'perl'hacker){s-:+-$-gprint$_.$/}
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
Re: Coding Style Question - Using exit
Thanks for the reply Thomas,
Why not let determine_proper_action() return undef (or OK, or whatever) if
you do not want to redirect? And in your handler do:
my $rv=determine_proper_action();
if ($rv) { # or ($rv == Apache::Constants::OK)
# redirect
} else
# done
}
One problem I can see is if you're exiting somewhere deep in a nested sub
and you cannot propagate the return value back to the handler (easily).
That seems to be working well, I've changed that part of the handler to:
**
($request_type,$back_url) = determine_proper_action();
# Properly Exit the Handler from all subs within Determine Proper Action
if ($request_type eq 'Apache::REDIRECT') {
$r-headers_out-set(Location = $back_url);
return Apache::REDIRECT;
} else {
return Apache::OK;
}
*
Then in every sub within determine_proper_action I'm returning either
Apache::OK or Apache::REDIRECT.
Still got a lot of testing to do, but so far I've been able to get rid of
all exits from my script!
Thanks
-Chris
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
Coding Style Question - Using exit
Folks,
In the continuing effort to make my code better,
I'm trying to get rid"exit" in my scripts and clean up some things that
just don't sit well (but they work).
Almost 95% of my pages are served up via a template
system (H::T) and the rest are a redirects.
Currently I use a subroutine that all my other subs
pass content to, to display my templates- at the end of this sub I call
"exit" so I do not go any further.
In the case where I want to redirect to a URL, I
then "return" to the handler with the URL.
Although it works, it doesn't seem right to
me..
Example To Help Explain:
sub handler {$r = shift;
init_global_vals();
$back_url = determine_proper_action();
my $back_url =
"";$r-headers_out-set(Location =
$back_url);return Apache::REDIRECT;
}
"Determine proper action" is a dispatch list of all
the subroutines that make up the script, including the sub where I display the
templates and exit.
So for almost 95% of my requests, I'm "exiting"
within determine_proper_action().
Does that make sense? Is it a bad
thing?
Thanks
-Chris
Question about mod_perl startup script
I am getting up and running a server that wants mod_perl. The instructions
talks about a startup script. I'm very new, so I don't know how I'm
supposed to get this step completed.
Do I copy the provided script to a location? Do I edit an existing script?
Do I edit some configuration file?
Thank you.
The instructions I'm following is quoted below, it is from
http://doc.otrs.org/1.1/html/install-cli.html#INSTALL-CLI-WEBSERVER
You may want to use a mod_perl startup script. Compiled modules on startup
(speed!)! Use the mod_perl startup script which comes with otrs
(scripts/apache-perl-startup.pl).
- Change the default startup script location of your httpd to
$OTRS_HOME/scripts/apache-perl-startup.pl in httpd.conf
[...]
# load all otrs modules
Perlrequire /opt/otrs/scripts/apache-perl-startup.pl
[...]
Edit the scripts/apache-perl-startup.pl script:
- Establish datababase connections on process startup (httpd).
[...]
use Apache ();
use Apache::DBI ();
Apache::DBI-connect_on_init('DBI:mysql:otrs', 'otrs', 'some-pass');
# Apache::DBI-connect_on_init($data_source, $username, $auth, \%attr)
[...]
- Change the otrs lib dir (if needed)!
[...]
# --
# set otrs lib path!
# --
use lib /path/to/otrs/;
use lib /path/to/otrs/Kernel/cpan-lib;
[...]
Nice! You will love mod_perl! ,-)
--
Wes Plate
Automatic Duck, Inc.
http://www.wesplate.com
http://www.automaticduck.com
Apache 2.0, mod_perl filter question
Hello mod_perl, I have some problems with filtering HTTPS traffic. I modified for my needs FilterSnoop module from Stas Bekman filter tutorial. It perfectly sees HTTP data, but not HTTPS. Does anyone have any suggestions(ideas) about how to implement a filter which will see HTTPS? Thanks in advance Ilia __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
Re: [QUESTION] Can't read out verified username (auth)
- Original Message -
From: Martin Wickman [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, July 21, 2003 4:41 PM
Subject: Re: [QUESTION] Can't read out verified username (auth)
On Mon, Jul 21, 2003 at 12:36:55PM +0200, Fatih Gey wrote:
On Mon, Jul 21, 2003 at 01:05:58AM +0200, Fatih Gey wrote:
i was writing my own AuthHandler with modperl v2 (v1.99_09).
[...]
After having entered user/pass via html-form, this authentification
does his job well, but on the following request (on same browser)
$obj-user doesnt seem to return any value.. so this handler tries
to compare http post data ( which arent present this time) with
userdata in mysql-table.. resulting in an Auth_Required error.
Well, how do you suppose that the browser should know how and what
credentials to send?
Unless you (a) create a session-cookie, (b) encode a session-kei into
each url or (c) use the simple but proper Basic Authentication scheme,
there is no way to accomplish this. And from what I gather you are not
doing any of that?
I supposed the browser to resend always an unique bowser session
id, which is used by apache to save certain values, like
$ENV{'REMOTE_USER'} (similiar to a session-cookie with uid and
serverbased $vars) .. Isn't this the way Basic Authentication
scheme works ? ..
Nope. When the browser gets a 401 response from the server, it will
(most likely) pop up a dialog asking the user for name and
password. These credentials gets mangled into an Authorization header
which gets sent with the next request once the user klicks OK in the
dialog. Now, you can perform your authen-code as you like.
Cookies and forms' got nothing to do with it, really.
Read more here: http://www.faqs.org/rfcs/rfc2617.html
Oh OK.., now i get it: In Basic Auth-Scheme, the Useragent -after getting the
required user and pass info from Client- resends his Authorization-String in every
Requestheader
submitted to the Server. So the webserver have not to recognize an already authorized
user,
as long as he's possible to authorize the user on every request.
So there's no way, to use an http-form instead of browser's ugly authorization-box and
perfrom the
Basic Authorization (without Cookies or taking an sessionkey with the url)?
Re: [QUESTION] Can't read out verified username (auth)
On Mon, Jul 21, 2003 at 01:05:58AM +0200, Fatih Gey wrote: i was writing my own AuthHandler with modperl v2 (v1.99_09). [...] After having entered user/pass via html-form, this authentification does his job well, but on the following request (on same browser) $obj-user doesnt seem to return any value.. so this handler tries to compare http post data ( which arent present this time) with userdata in mysql-table.. resulting in an Auth_Required error. Well, how do you suppose that the browser should know how and what credentials to send? Unless you (a) create a session-cookie, (b) encode a session-kei into each url or (c) use the simple but proper Basic Authentication scheme, there is no way to accomplish this. And from what I gather you are not doing any of that?
Re: [QUESTION] Can't read out verified username (auth)
On Mon, Jul 21, 2003 at 01:05:58AM +0200, Fatih Gey wrote:
i was writing my own AuthHandler with modperl v2 (v1.99_09).
[...]
After having entered user/pass via html-form, this authentification
does his job well, but on the following request (on same browser)
$obj-user doesnt seem to return any value.. so this handler tries
to compare http post data ( which arent present this time) with
userdata in mysql-table.. resulting in an Auth_Required error.
Well, how do you suppose that the browser should know how and what
credentials to send?
Unless you (a) create a session-cookie, (b) encode a session-kei into
each url or (c) use the simple but proper Basic Authentication scheme,
there is no way to accomplish this. And from what I gather you are not
doing any of that?
I supposed the browser to resend always an unique bowser session id, which
is used by apache to save certain values, like $ENV{'REMOTE_USER'}
(similiar to a session-cookie with uid and serverbased $vars) ..
Isn't this the way Basic Authentication scheme works ? ..
Question to mod_perl gurus. Take 1 minute. Just choose right answer from list!
Hi,
recently I got in trouble with old Apache::ePerl module
(I know there a lot of better html toolkits, but this one is suits for
my WAP-related tasks)
so the question:
we have package, handler for *.perl-embed files
package Apache::ePerl;
use vars qw ($Cache);
$Cache = {};
sub handler {
my ($r) = @_;
my ($filename, $func);
send some content type header
if (CALL_SCRIPT_1) {
# if not precompiled yet
if (!$Cache{SCRIPT_1}) {
eval { $func = sub { package Apache::ePerlCache;
SCRIPT_1 }; }
$Cache{SCRIPT_1} = $func;
} else {
$func = $Cache{SCRIPT_1};
}
eval {$func};
} elsif (EVAL_SCRIPT_2) {
# if not precompiled
if (!$Cache{SCRIPT_2}) {
eval { $func = sub { package Apache::ePerlCache;
SCRIPT_2 }; }
$Cache{SCRIPT_2} = $func;
} else {
$func = $Cache{SCRIPT_2};
}
eval {$func};
}
return OK;
}
=== SCRIPT_1
print some header
# the main code
main_deck();
sub main_deck {
print Hi, it's SCRIPT_1!;
}
=end
=== SCRIPT_2
print some header
# the main code
main_deck();
# the same name!
sub main_deck {
print Bye, it was SCRIPT_2!;
}
=end
now we call:
CALL_SCRIPT_1
CALL_SCRIPT_2
got all scripts in Cache:
and now call
CALL_SCRIPT_1 again
so the question:
which sub main_deck will be executed?
1. Hi, it's SCRIPT_1!
2. Bye, it was SCRIPT_2!
-vlad
Re: [QUESTION] Can't read out verified username (auth)
Hi!
On Mon, Jul 21, 2003 at 12:36:55 +0200, Fatih Gey wrote:
I supposed the browser to resend always an unique bowser session id, which
is used by apache to save certain values, like $ENV{'REMOTE_USER'}
(similiar to a session-cookie with uid and serverbased $vars) ..
Isn't this the way Basic Authentication scheme works ? ..
I do not know how much Auth stuff changed in Apache 2.0/mod_perl 2, but you
seem to mix up checking user credentials in the response phase (as done in
CGI or PHP) with writing you own Auth Handlers that replace the standard
Apache ones.
If you get the user credentials via a web form, you are usually NOT using
BASIC Auth but your own scheme (or something like Apache::AuthCookie). Thus,
$r-connection-user is not set.
Take a look at:
* Chapter 6 of the Eagel book, available online at:
http://modperl.com:9000/book/chapters/ch6.html
* Chapter 13.7 of the mod_perl Cookbook
* Apache::AuthCookie
At least that's how it works with mod_perl 1.x ...
--
#!/usr/bin/perl http://domm.zsi.at
for(ref bless{},just'another'perl'hacker){s-:+-$-gprint$_.$/}
Re: [QUESTION] Can't read out verified username (auth)
On Mon, Jul 21, 2003 at 12:36:55PM +0200, Fatih Gey wrote:
On Mon, Jul 21, 2003 at 01:05:58AM +0200, Fatih Gey wrote:
i was writing my own AuthHandler with modperl v2 (v1.99_09).
[...]
After having entered user/pass via html-form, this authentification
does his job well, but on the following request (on same browser)
$obj-user doesnt seem to return any value.. so this handler tries
to compare http post data ( which arent present this time) with
userdata in mysql-table.. resulting in an Auth_Required error.
Well, how do you suppose that the browser should know how and what
credentials to send?
Unless you (a) create a session-cookie, (b) encode a session-kei into
each url or (c) use the simple but proper Basic Authentication scheme,
there is no way to accomplish this. And from what I gather you are not
doing any of that?
I supposed the browser to resend always an unique bowser session
id, which is used by apache to save certain values, like
$ENV{'REMOTE_USER'} (similiar to a session-cookie with uid and
serverbased $vars) .. Isn't this the way Basic Authentication
scheme works ? ..
Nope. When the browser gets a 401 response from the server, it will
(most likely) pop up a dialog asking the user for name and
password. These credentials gets mangled into an Authorization header
which gets sent with the next request once the user klicks OK in the
dialog. Now, you can perform your authen-code as you like.
Cookies and forms' got nothing to do with it, really.
Read more here: http://www.faqs.org/rfcs/rfc2617.html
Re: Question to mod_perl gurus. Take 1 minute. Just choose rightanswer from list!
On Mon, 2003-07-21 at 07:31, wrote: so the question: which sub main_deck will be executed? 1. Hi, it's SCRIPT_1! 2. Bye, it was SCRIPT_2! I think #2, because it was the last one eval'ed, and you can only have one sub with a given name in one package namespace. Apache::ePerl does not really support the use of in-line subs. You have to put them in a separate module. - Perrin
Another newbie question: SetPerlVar
Hello, If I use SetPerlVar in my apache-perl httpd.conf by just plainly stating. SetPerlVar Foo Bar Apache-perl won't start: Syntax error on line xxx of /etc/apache-perl/httpd.conf: Invalid command 'SetPerlVar', perhaps mis-spelled or defined by a module not included in the server configuration /usr/sbin/apache-perl-ctl start: httpd could not be started What is the obvious thing I am overlooking? Regards, Walter -- Like almost everyone, I receive a lot of spam every day, much of it offering to help me get out of debt or get rich quick. It's ridiculous. (Bill Gates)
Re: Another newbie question: SetPerlVar
On Today at 6:47pm, WHvH=Walter H. van Holst [EMAIL PROTECTED]...: WHvH Hello, WHvH WHvH If I use SetPerlVar in my apache-perl httpd.conf by just plainly WHvH stating. WHvH WHvH SetPerlVar Foo Bar WHvH Try PerlSetVar instead. For 1.0 http://perl.apache.org/docs/1.0/guide/config.html#PerlSetVar_and_PerlAddVar For 2.0 http://perl.apache.org/docs/2.0/user/config/config.html#C_PerlSetVar_ -- Haroon Rafique [EMAIL PROTECTED]
Re: Another newbie question: SetPerlVar
On 17 Jul 2003 18:47:06 +0200 Walter H. van Holst [EMAIL PROTECTED] wrote: Hello, If I use SetPerlVar in my apache-perl httpd.conf by just plainly stating. SetPerlVar Foo Bar Apache-perl won't start: Syntax error on line xxx of /etc/apache-perl/httpd.conf: Invalid command 'SetPerlVar', perhaps mis-spelled or defined by a module not included in the server configuration /usr/sbin/apache-perl-ctl start: httpd could not be started What is the obvious thing I am overlooking? It's PerlSetVar not SetPerlVar. - Frank Wiles [EMAIL PROTECTED] http://frank.wiles.org -
Re: Another newbie question: SetPerlVar
On Thu, 2003-07-17 at 18:56, Frank Wiles wrote: What is the obvious thing I am overlooking? It's PerlSetVar not SetPerlVar. * Blush * Thanks. Regards, Walter -- All things that are, are with more spirit chased than enjoyed. -- Shakespeare, Merchant of Venice
Re: Question about Apache::Request and query strings
Tom Gazzini wrote:
I have a perl function which, amongst other things, needs to redirect
the request to another page.
It also needs to pass all the query parameters of the original request
(both GET and POST) to the redirected page, and also add one parameter
of it's own (an error message).
Sounds simple enough, but I'm having problems with the passing paramters
bit.
Here's what I have:
sub show_error {
my ($r, $error) = @_;
# $r is an Apache:Request object passed by the caller
my $uri = URI-new($url);
foreach my $p (@params) {
$uri-query_form($p = $r-param($p));
}
$uri-query_form(error = $error);
$r-internal_redirect($uri-canonical);
}
But this doesn't work. The '?error=' query string gets passed, but the
orginal request query strings don't.
What am I doing wrong? And is there an easier way?
This example may help:
http://perl.apache.org/docs/1.0/guide/snippets.html#Reusing_Data_from_POST_request
__
Stas BekmanJAm_pH -- Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide --- http://perl.apache.org
mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com
Re: mp2: architectural question re authentication handlers
Quoting Carl Brewer [EMAIL PROTECTED]: Forgive me for asking yet another fundamentally basic question. I'm cutting a web app over from PHP to mod_perl 2, and am wondering how 'best' (for which there are many flavours ...) to handle authentication. At present I've knocked up a site that does auth via a form and state tracking with Session.pm. The form checks usernames passwords against a MySQL database, and the state is maintained by Session. This seems quite logical to me, coming from essentially a CGI background, but the discussion of handlers around here makes me believe there's a better way? I would highly recommend the Eagle book if you are looking to move beyond CGI when using mod_perl. I know that you are looking at mod_perl2, and the Eagle book does not cover mod_perl2, but it will give you great insight into how mod_perl and Apache works. And lucky for you, since you are interested in Authentication and Authorization, that chapter happens to be available online. http://modperl.com:9000/book/chapters/ch6.html Also checkout the great documentation available at http://perl.apache.org/ If you want a good example of how to implement Authentication and Authorization in mod_perl, then look on CPAN for the man Apache::Auth* modules. I have used Apache::AuthCookie in many projects and it has relatively good documentation. You will also find tonnes of info on Authentication if you search the mailing list archives. I see threads here discussing the use of handlers, which I don't really understand how they fit into the picture, they seem to my poor understanding to be a hardcoded chunk in httpd.conf, for handling authentation/state. Is there anywhere a dumb beginers guide to how this works? The easiest way to explain it is to just look at Apache's Basic Authentication support at first. The one where the browser pops up a window and you type in your username and password, and Apache authenticates the user for you before it will allow the CGI script to be executed or the html file to be downloaded. You configure that in httpd.conf or in .htaccess files, telling Apache who has access to specific files and directories. This is just your standard access control stuff. Now imagine that you can use that same core functionality in Apache, but write the routines yourself in perl. And instead of the ugly login popup you can instead create an HTML login page. Do they set environment variables or something that a script can then look for that the script can be sure is legit? Yes, they set the HTTP_USER variable to the users login when a user is authenticated. But your script doesn't need to even worry about that, because Apache won't execute the script unless the user is authorized. So if the script is executing, then the user is authenticated... for now I'm continuing with my form based authentication, but is there a 'better' way? And if so, what makes it better? The biggest benefit I find is that you can separate your authentication code from the rest of the code. With an Authentication handler, your CGI script or content handler will never even be executed unless the user has been authenticated. Also, how would you use a CGI based authentication scheme to limit access to a static HTML file, or an image? It can't be done cleanly. But with Authentication handlers, you can hook them to a Location or Directory directive or even a Files directive in the httpd.conf file. So you can protect an entire directory with ease. Cheers, Cees
Re: mp2: architectural question re authentication handlers
Cees Hek wrote: [chomp] Thanks Cees, that's exactly what I needed :) My stuff is all completely generated by scripts where I need access control, but I certainly see the use for controlling static entity access. Carl
mp2: architectural question re authentication handlers
Forgive me for asking yet another fundamentally basic question. I'm cutting a web app over from PHP to mod_perl 2, and am wondering how 'best' (for which there are many flavours ...) to handle authentication. At present I've knocked up a site that does auth via a form and state tracking with Session.pm. The form checks usernames passwords against a MySQL database, and the state is maintained by Session. This seems quite logical to me, coming from essentially a CGI background, but the discussion of handlers around here makes me believe there's a better way? I see threads here discussing the use of handlers, which I don't really understand how they fit into the picture, they seem to my poor understanding to be a hardcoded chunk in httpd.conf, for handling authentation/state. Is there anywhere a dumb beginers guide to how this works? Do they set environment variables or something that a script can then look for that the script can be sure is legit? Or am I completely missing the point? Do I need to buy a book? It seems really bad to go hacking into httpd.conf, but maybe that's just my old-school conservatism? for now I'm continuing with my form based authentication, but is there a 'better' way? And if so, what makes it better? Carl
Re: Newbie question about mod_perl capabilities
On Monday, Jul 7, 2003, at 20:50 Europe/London, Ged Haywood wrote: On 7 Jul 2003, Walter H. van Holst wrote: I am new to mod_perl and am trying to figure out whether it suits my needs or not. Can I use it to intercept any http CONNECT requests Apache receives and answer those? The concept of a connection is at the transport level, way below HTTP. The HTTP protocol simply assumes a reliable transport (you don't even need an Internet:) and deals with exchanges of messages. See RFC1945. Sorry Ged, Walter is talking about CONNECT which is a proxy request. It goes in place of GET or POST in the request line: CONNECT mail.openrelay.com:25 HTTP/1.1 I *think* mod_perl will be able to intercept this, but I've never tried it. You might need to do it very early on in the request, and make sure it gets passed through to mod_proxy later on or things just won't work. Matt.
Re: Newbie question about mod_perl capabilities
On Tue, 2003-07-08 at 10:14, Matt Sergeant wrote: Sorry Ged, Walter is talking about CONNECT which is a proxy request. It goes in place of GET or POST in the request line: CONNECT mail.openrelay.com:25 HTTP/1.1 I *think* mod_perl will be able to intercept this, but I've never tried it. You might need to do it very early on in the request, and make sure it gets passed through to mod_proxy later on or things just won't work. Well, thanks to a someone on IRC I have found a code snippet that might do exactly that. So it appears that mod_perl can do this. And yes, it is intended for exactly the kind of CONNECT requests you describe. Regards, Walter -- Like almost everyone, I receive a lot of spam every day, much of it offering to help me get out of debt or get rich quick. It's ridiculous. (Bill Gates)
Re: Newbie question about mod_perl capabilities
Hi there, On 8 Jul 2003, Walter H. van Holst wrote: On Tue, 2003-07-08 at 10:14, Matt Sergeant wrote: Sorry Ged, Walter is talking about CONNECT which is a proxy request. Argh. :) Well, thanks to a someone on IRC I have found a code snippet that might do exactly that. So it appears that mod_perl can do this. And yes, it is intended for exactly the kind of CONNECT requests you describe. :) 73, Ged.
Newbie question about mod_perl capabilities
Hi, I am new to mod_perl and am trying to figure out whether it suits my needs or not. Can I use it to intercept any http CONNECT requests Apache receives and answer those? Regards, Walter -- Like almost everyone, I receive a lot of spam every day, much of it offering to help me get out of debt or get rich quick. It's ridiculous. (Bill Gates)
Re: Newbie question about mod_perl capabilities
Hi there, On 7 Jul 2003, Walter H. van Holst wrote: I am new to mod_perl and am trying to figure out whether it suits my needs or not. Can I use it to intercept any http CONNECT requests Apache receives and answer those? The concept of a connection is at the transport level, way below HTTP. The HTTP protocol simply assumes a reliable transport (you don't even need an Internet:) and deals with exchanges of messages. See RFC1945. Read the Eagle Book (*), for more information about where mod_perl fits into the scheme of things. Chapter 3 has a good explanation of the Apache request cycle. 73, Ged. (*) Writing Apache Modules with Perl and C, ISBN 1-56592-567-X
Re: Stupid question of the day...
Randy Kobes wrote: On Wed, 25 Jun 2003 [EMAIL PROTECTED] wrote: I've built and installed a new Apache (2.0.46) with mod_ssl and mod_perl... My goal is authentication via NIS, so I have the following in an .htaccess file: AuthName TEST AuthType Basic PerlAuthenHandler Apache::AuthenNIS; require valid-user My efforts, however, have been thwarted by the following error message: Wed Jun 25 15:44:54 2003] [error] failed to resolve handler `Apache::AuthenNIS;' [Wed Jun 25 15:44:55 2003] [error] [client xxx.xxx.xxx.xxx] Can't locate object method boot via package mod_perl::boot at /opt/apache/lib/perl/Apache/Constants.pm line 8. Compilation failed in require at /opt/apache/lib/perl/Apache/AuthenNIS.pm line 4. BEGIN failed--compilation aborted at /opt/apache/lib/perl/Apache/AuthenNIS.pm line 4. Compilation failed in require at (eval 6) line 1. Apache::Constants is a mod_perl 1 package, whereas you're using mod_perl 2 (for Apache 2). If use of Apache::compat isn't enough to get this working, some porting of the module may be required - see the discussion of porting Apache Perl modules from mod_perl 1 to 2 at http://perl.apache.org/. Feel free to contact me, as well. I have contacted the author about porting the module, and if I can use you as a test environment, I can this ported rather quickly :) (I don't have a NIS environment for me to test on, but I can make the changes, and you can test the install for me, and then we can get this mod to work for both versions of modperl...) Anyone have an installation of apache 1 that is using NIS for authentication? (I will need to be able to test the ported mod for compatibility with modperl 1, as well.) speeves cws PS We should probably attack Apache::AuthzNIS at the same time... It isn't much more work :)
Re: Question about Apache::Request and query strings
Tom
Where's @params coming from ?
Are you sure it's not empty ?
Swen
|-+
| | Tom Gazzini|
| | [EMAIL PROTECTED]|
| | uk |
| ||
| | 06/26/2003 04:42 |
| | PM |
| ||
|-+
--|
|
|
| To: [EMAIL PROTECTED]
|
| cc:
|
| Subject: Question about Apache::Request and query strings
|
|
|
|
|
--|
I have a perl function which, amongst other things, needs to redirect
the request to another page.
It also needs to pass all the query parameters of the original request
(both GET and POST) to the redirected page, and also add one parameter
of it's own (an error message).
Sounds simple enough, but I'm having problems with the passing paramters
bit.
Here's what I have:
sub show_error {
my ($r, $error) = @_;
# $r is an Apache:Request object passed by the caller
my $uri = URI-new($url);
foreach my $p (@params) {
$uri-query_form($p = $r-param($p));
}
$uri-query_form(error = $error);
$r-internal_redirect($uri-canonical);
}
But this doesn't work. The '?error=' query string gets passed, but the
orginal request query strings don't.
What am I doing wrong? And is there an easier way?
Thanks,
Tom
Stupid question of the day...
All- I've built and installed a new Apache (2.0.46) with mod_ssl and mod_perl... My goal is authentication via NIS, so I have the following in an .htaccess file: AuthName TEST AuthType Basic PerlAuthenHandler Apache::AuthenNIS; require valid-user My efforts, however, have been thwarted by the following error message: Wed Jun 25 15:44:54 2003] [error] failed to resolve handler `Apache::AuthenNIS;' [Wed Jun 25 15:44:55 2003] [error] [client xxx.xxx.xxx.xxx] Can't locate object method boot via package mod_perl::boot at /opt/apache/lib/perl/Apache/Constants.pm line 8. Compilation failed in require at /opt/apache/lib/perl/Apache/AuthenNIS.pm line 4. BEGIN failed--compilation aborted at /opt/apache/lib/perl/Apache/AuthenNIS.pm line 4. Compilation failed in require at (eval 6) line 1. Any ideas or help would be greatly appreciated! Thanks so much! Carl
Re: Stupid question of the day...
On Wed, 25 Jun 2003 [EMAIL PROTECTED] wrote: I've built and installed a new Apache (2.0.46) with mod_ssl and mod_perl... My goal is authentication via NIS, so I have the following in an .htaccess file: AuthName TEST AuthType Basic PerlAuthenHandler Apache::AuthenNIS; require valid-user My efforts, however, have been thwarted by the following error message: Wed Jun 25 15:44:54 2003] [error] failed to resolve handler `Apache::AuthenNIS;' [Wed Jun 25 15:44:55 2003] [error] [client xxx.xxx.xxx.xxx] Can't locate object method boot via package mod_perl::boot at /opt/apache/lib/perl/Apache/Constants.pm line 8. Compilation failed in require at /opt/apache/lib/perl/Apache/AuthenNIS.pm line 4. BEGIN failed--compilation aborted at /opt/apache/lib/perl/Apache/AuthenNIS.pm line 4. Compilation failed in require at (eval 6) line 1. Apache::Constants is a mod_perl 1 package, whereas you're using mod_perl 2 (for Apache 2). If use of Apache::compat isn't enough to get this working, some porting of the module may be required - see the discussion of porting Apache Perl modules from mod_perl 1 to 2 at http://perl.apache.org/. -- best regards, randy kobes
install upgrade for mod_perl+apache 2.046 onto apache 2.044 question
I have apache 2.044 installed on win2k. I want to install the mod_perl which comes with apache included (version 2.046).What do I need to do with the current 2.044 version before installing the new version? Do I uninstall it, stop it, or nothing?Once I install the new version what are the steps to revert back to the old version if I run into problems?This is an active site, so I do not want to figure this out by experimentation, if possible.Thanks for any guidance.dan Do you Yahoo!? Free online calendar with sync to Outlook(TM).
Re: install upgrade for mod_perl+apache 2.046 onto apache 2.044 question
Hi - - Original Message - From: dan martin To: [EMAIL PROTECTED] Sent: Sunday, June 08, 2003 11:08 AM Subject: install upgrade for mod_perl+apache 2.046 onto apache 2.044 question I have apache 2.044 installed on win2k. I want to install the mod_perl which comes with apache included (version 2.046).What do I need to do with the current 2.044 version before installing the new version? Do I uninstall it, stop it, or nothing? Once I install the new version what are the steps to revert back to the old version if I run into problems?This is an active site, so I do not want to figure this out by experimentation, if possible.Thanks for any guidance.dan It's been a while since I've installed on Windows, but here goes: 1. Wait 'till the wee hours. 2. Stop your current server. 3. Uninstall the service (apache -k uninstall (?)). 4. Back it up. 5. If memory serves, Apache 2 is pretty well self contained in one directory; C:\Apache2 (?). Rename this directory to something like C:\Apache2.old 6. Download/install your new Apache2. 7. Copy your configuration file(s) from old to new - you shouldn't have to make any changes between 44 and 46. Don't worry about setting up mod_perl yet. 8 Start your new server and test. 9. If all is well, install the service (apache -k install (?)) and reboot and test again. Now you can move on to mod_perl. To revert: 1. Stop new 2. Uninstall service. 3. rename C:\Apache2 to C:\apache2.new 4. rename C:\Apache2.old to C:\Apache2. 5. install service. 6. start old. THIS IS NOT A GOOD WAY TO FLY. I strongly recommend getting a testing server setup on a different box so that you can make changes such as this without interrupting your active site. You SHOULD be able to experiment with the new software without fear of disrupting your traffic! If there is no way you can do that, please drop me an off-list email and perhaps I can let you install/test remotely on one of my windows boxes. Aloha = Beau;
Re: [Question] Handler executing twice!?!
AHA! That's the culprit! mod_dir implements this at the fix-up stage to allow the directive in .htaccess files, hence my confusion. Thank you Stas! It all makes sense now. -Vince Stas Bekman wrote: Vince Veselosky wrote: [...] The thing that triggered it was the fact that the url was an index.pl file. When called as example.com/index.pl, everything worked as expected, but when called as example.com/, apache (or something) generated a subrequest for index.pl. NOW my question is, why does apache generate the subrequest *after* the HeaderParser phase, causing it to execute twice? This seems like a pure URI translation issue, and I would expect it to happen in the URI translation phase, *before* the HeaderParser executes at all. I'm wondering if this happens in all requests, or if it is related to Apache::Registry in the content handler. I didn't take the time to track down exactly where the subrequest originates, so I'm not sure if it is a mod_perl issue or just an apache issue. I might one day build some test cases and figure it out, but not soon. Anyone have some insight to add? Do you have mod_dir (DirectoryIndex) configured? It performs a rewrite/sub_request-redirect in the fixup stage. http://httpd.apache.org/docs/mod/mod_dir.html __ Stas Bekman JAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide --- http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com
Re: [Question] Handler executing twice!?!
Vince Veselosky wrote: [...] Now here is the thing. The PerlHeaderParserHandler executes TWICE for every request. The second time through is apparently a different Apache Could it be that something in your code pushes the handler on the stack again? I'd suggest debugging with Apache::ShowRequest? http://search.cpan.org/author/DOUGM/Apache-Module-0.11/lib/Apache/ShowRequest.pm Do tracing: http://perl.apache.org/docs/1.0/guide/debug.html#Debug_Tracing Use the 'h' setting PerlSetEnv MOD_PERL_TRACE h Try to use $r-get_handlers() and see what you get. Finally, if nothing helps, go with gdb. Also what happens if you don't use Apache::Request? __ Stas BekmanJAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide --- http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com
Re: [Question] Handler executing twice!?!
Whew, okay, I have an answer, but I also still have a question. The short explanation: The bug in my code was the fact that I forgot that a request might also be a subrequest, so now I check if the request is_initial_req and short circuit if not. (And a tiny bug in my trace code caused my debug log to report is_initial_req as true all the time. Stupid operator precedence bugs!) That solves my immediate problem and gives me something to watch for in future. The thing that triggered it was the fact that the url was an index.pl file. When called as example.com/index.pl, everything worked as expected, but when called as example.com/, apache (or something) generated a subrequest for index.pl. NOW my question is, why does apache generate the subrequest *after* the HeaderParser phase, causing it to execute twice? This seems like a pure URI translation issue, and I would expect it to happen in the URI translation phase, *before* the HeaderParser executes at all. I'm wondering if this happens in all requests, or if it is related to Apache::Registry in the content handler. I didn't take the time to track down exactly where the subrequest originates, so I'm not sure if it is a mod_perl issue or just an apache issue. I might one day build some test cases and figure it out, but not soon. Anyone have some insight to add? Thanks to everyone who sent help and suggestions! -Vince Veselosky http://ice.control-escape.com Vince Veselosky wrote: Now here is the thing. The PerlHeaderParserHandler executes TWICE for every request. The second time through is apparently a different Apache object from the first, as when I write to $r-notes, only the values from the second execution are visible to the content handler. Now, if I comment out the PerlHeaderParserHandler line in the conf file, the handler never executes at all (which is expected), so it isn't getting pushed onto handlers from somewhere else. Why is this thing running twice, and how can I make it stop??? I hope someone can hit me over the head with a clue-stick, because this thing is driving me completely bananas! All help is greatly appreciated, Vince Veselosky http://ice.control-escape.com
Re: [Question] Handler executing twice!?!
Vince Veselosky wrote: [...] The thing that triggered it was the fact that the url was an index.pl file. When called as example.com/index.pl, everything worked as expected, but when called as example.com/, apache (or something) generated a subrequest for index.pl. NOW my question is, why does apache generate the subrequest *after* the HeaderParser phase, causing it to execute twice? This seems like a pure URI translation issue, and I would expect it to happen in the URI translation phase, *before* the HeaderParser executes at all. I'm wondering if this happens in all requests, or if it is related to Apache::Registry in the content handler. I didn't take the time to track down exactly where the subrequest originates, so I'm not sure if it is a mod_perl issue or just an apache issue. I might one day build some test cases and figure it out, but not soon. Anyone have some insight to add? Do you have mod_dir (DirectoryIndex) configured? It performs a rewrite/sub_request-redirect in the fixup stage. http://httpd.apache.org/docs/mod/mod_dir.html __ Stas BekmanJAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide --- http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com
[Question] Handler executing twice!?!
I'm hoping someone can explain this one to me. I have a virtual host set
up like so:
VHOST
# This declares Apache::Webquills::InitSession::handler
PerlRequire /var/www/html/webquills/offline/wq_startup.pl
VirtualHost *
ServerName www.example.com
ServerAlias example.com
ServerPath /test
DocumentRoot /var/www/html/test
PerlHeaderParserHandler Apache::Webquills::InitSession
Directory /var/www/html/test
AllowOverride All
Options Indexes FollowSymLinks MultiViews ExecCGI
Order allow,deny
Allow from all
SetHandler perl-script
PerlHandler Apache::Registry
/Directory
/VirtualHost
VHOST
Now here is the thing. The PerlHeaderParserHandler executes TWICE for
every request. The second time through is apparently a different Apache
object from the first, as when I write to $r-notes, only the values
from the second execution are visible to the content handler.
Now, if I comment out the PerlHeaderParserHandler line in the conf file,
the handler never executes at all (which is expected), so it isn't
getting pushed onto handlers from somewhere else.
The handler code looks something like this:
CODE
use vars qw( $stupid );
my $DEBUG =1;
sub handler
{
# Always call 'instance' so as not to clobber params.
my ($r) = Apache::Request-instance(shift);
# Insane bug I cannot track causes this handler to execute twice
# for each request. It's driving me nuts.
if ( $stupid++ ) {
$r-log_error($r-current_callback . executed twice! Argh!);
$r-notes(HAND2 = HAND2);
$r-pnotes(HAND2 = HAND2);
} else {
$r-log_error($r-current_callback . executed once.);
$r-notes(HAND1 = HAND1);
$r-pnotes(HAND1 = HAND1);
return DECLINED;
}#END if
## SNIP -- Some standard Apache::Session stuff happens here.
## This Log Handler actually unties and closes the session.
## It executes just fine.
$r-push_handlers('PerlLogHandler', \closer);
if ( $DEBUG ) {
$r-log_error($$: . $r-current_callback);
$r-log_error($$: . $r-is_main ? is main : not main);
$r-log_error($$: . $r-is_initial_req ? is initial : not
initial);
}#END if
return OK;
}
CODE
The log messages get me this:
LOG
[Fri Mar 28 17:27:06 2003] [error] PerlHeaderParserHandler executed once.
[Fri Mar 28 17:27:06 2003] [error] PerlHeaderParserHandler executed
twice! Argh!
[Fri Mar 28 17:27:06 2003] [error] 19914: PerlHeaderParserHandler
[Fri Mar 28 17:27:06 2003] [error] is main
[Fri Mar 28 17:27:06 2003] [error] is initial
LOG
And the content handler sees values for HAND2 but not for HAND1.
Why is this thing running twice, and how can I make it stop??? I hope
someone can hit me over the head with a clue-stick, because this thing
is driving me completely bananas!
All help is greatly appreciated,
Vince Veselosky
http://ice.control-escape.com
Fw: Apache::GD::Thumbnail Question
Forgive my use of the list if this is a tad OT - but I seem to not be able
to contact Steven directly all of the sudden (my ISP got but on a RBL, I
think, and it will take them another bit to get off - that's why it took so
long, Steven)
Issac
On Tue, 2003-03-25 at 00:12, Issac Goldstand wrote:
- Original Message -
...snip...
From the man page:
* ThumbnailBaseDir
Sets the directory that contains the images to be thumbnailed.
Defaults
to
.. if not specified
Since the virtual directory /home/me/pics/thumbs/../ is where the
pictures
are (eg, /home/me/pics), I can use the default.
...snip...
Why don't you show me your exact configuration, and I'll see if I can
help
you out...
Issac
...another snip...
Hey Issac,
Ok, I've dumbed this down to the lowest common denominator ( in this
case, I qualify as this ). In my httpd.conf I have the following lines:
Alias /pics/ /data/httpd/htdocs/image1/pics/
Directory /data/httpd/htdocs/image1/pics
Order allow,deny
AllowOverride None
Order allow,deny
Allow from all
/Directory
Location /*/pics/thumbs
SetHandler perl-handler
PerlHandler Apache::GD::Thumbnail
PerlSetVar ThumbnailMaxSize 75
/Location
Why are you using /image1/pics/ for the thumbnails and /pics/ for the
pictures?
I would use: Location /pics/thumbs for the location block and then IMG
SRC=/pics/tumbs/roses.jpg/ in the HTML. See if that helps matters...
In my script source I have the following line:
$r-print ('PA href=/pics/roses1.jpgIMG
src=/image1/pics/thumbs/roses.jpg/A
I have tried this with the PerlSetVar ThumbnailBaseDir set to the
Location,
No - ThumbnailBaseDir, would you want to set it, should be set to
/data/httpd/htdocs/image1/pics/
with PerlModule Apache::GD::Thumbnail
you still need this (or use Apache::GD::Thumbnail; in mod_perl_start.pl)
, with the OBJECT tag
instead of the IMG tag
no - you want IMG
and they all yield the same 404 Not Found error.
At this point I think that I'm probably missing something really stupid,
considering I am following the man page to the letter. The only thing
missing from the man page is any example of HTML/script usage but that
looks to me as really basic - access the URL and the handler takes over.
Any suggestions would be appreciated.
Steve
--
Steven A. Adams [EMAIL PROTECTED]
Another wicked mod_perl question :)
Hi List, I know that it's possible to chain Apache handlers in a way that the next handler is executed if the previous handler returned DECLINED. I would like to have the following execution chain: Handler1 Handler2 ... HandlerN CGI script (running either as pure CGI or under Apache::Registry). Any ideas on how to do that? Cheers, -- Building a better web - http://www.mkdoc.com/ - Jean-Michel Hiver [EMAIL PROTECTED] - +44 (0)114 255 8097 Homepage: http://www.webmatrix.net/
Re: Another wicked mod_perl question :)
Jean-Michel Hiver wrote: I know that it's possible to chain Apache handlers in a way that the next handler is executed if the previous handler returned DECLINED. It sound like you're looking for this: http://perl.apache.org/docs/1.0/guide/config.html#Stacked_Handlers The next handler is also executed if you return OK. - Perrin
Re: Apache::GD::Thumbnail Question
Any word on this Issac? Are you as stumped as I am? I dug into it again
today and verified that the jpeg, png and freetype2 libraries were
installed and verified that they functioned. I also did a complete
rebuild of GD and a CPAN force install on Apache::GD::Thumbnail - all
went well with no errors or warnings ( all for not though, it still
refuses to work ).
On Tue, 2003-03-25 at 18:34, Steven A. Adams wrote:
On Tue, 2003-03-25 at 00:12, Issac Goldstand wrote:
- Original Message -
...snip...
From the man page:
* ThumbnailBaseDir
Sets the directory that contains the images to be thumbnailed. Defaults to
.. if not specified
Since the virtual directory /home/me/pics/thumbs/../ is where the pictures
are (eg, /home/me/pics), I can use the default.
...snip...
Why don't you show me your exact configuration, and I'll see if I can help
you out...
Issac
...another snip...
Hey Issac,
Ok, I've dumbed this down to the lowest common denominator ( in this
case, I qualify as this ). In my httpd.conf I have the following lines:
Alias /pics/ /data/httpd/htdocs/image1/pics/
Directory /data/httpd/htdocs/image1/pics
Order allow,deny
AllowOverride None
Order allow,deny
Allow from all
/Directory
Location /*/pics/thumbs
SetHandler perl-handler
PerlHandler Apache::GD::Thumbnail
PerlSetVar ThumbnailMaxSize 75
/Location
In my script source I have the following line:
$r-print ('PA href=/pics/roses1.jpgIMG
src=/image1/pics/thumbs/roses.jpg/A
I have tried this with the PerlSetVar ThumbnailBaseDir set to the
Location, with PerlModule Apache::GD::Thumbnail, with the OBJECT tag
instead of the IMG tag and they all yield the same 404 Not Found error.
At this point I think that I'm probably missing something really stupid,
considering I am following the man page to the letter. The only thing
missing from the man page is any example of HTML/script usage but that
looks to me as really basic - access the URL and the handler takes over.
Any suggestions would be appreciated.
Steve
--
Steven A. Adams [EMAIL PROTECTED]
Re: Apache::GD::Thumbnail Question
On Tue, 2003-03-25 at 00:12, Issac Goldstand wrote:
- Original Message -
...snip...
From the man page:
* ThumbnailBaseDir
Sets the directory that contains the images to be thumbnailed. Defaults to
.. if not specified
Since the virtual directory /home/me/pics/thumbs/../ is where the pictures
are (eg, /home/me/pics), I can use the default.
...snip...
Why don't you show me your exact configuration, and I'll see if I can help
you out...
Issac
...another snip...
Hey Issac,
Ok, I've dumbed this down to the lowest common denominator ( in this
case, I qualify as this ). In my httpd.conf I have the following lines:
Alias /pics/ /data/httpd/htdocs/image1/pics/
Directory /data/httpd/htdocs/image1/pics
Order allow,deny
AllowOverride None
Order allow,deny
Allow from all
/Directory
Location /*/pics/thumbs
SetHandler perl-handler
PerlHandler Apache::GD::Thumbnail
PerlSetVar ThumbnailMaxSize 75
/Location
In my script source I have the following line:
$r-print ('PA href=/pics/roses1.jpgIMG
src=/image1/pics/thumbs/roses.jpg/A
I have tried this with the PerlSetVar ThumbnailBaseDir set to the
Location, with PerlModule Apache::GD::Thumbnail, with the OBJECT tag
instead of the IMG tag and they all yield the same 404 Not Found error.
At this point I think that I'm probably missing something really stupid,
considering I am following the man page to the letter. The only thing
missing from the man page is any example of HTML/script usage but that
looks to me as really basic - access the URL and the handler takes over.
Any suggestions would be appreciated.
Steve
--
Steven A. Adams [EMAIL PROTECTED]
Re: Apache::GD::Thumbnail Question
It does work - I use it on http://pics.beamartyr.net/ Remember that it's a tricky sorta configuration - you must configure it within a location block which will be the thumbnail directory, and specify the real source directory: Example: The below configuration maps /home/me/pictures to http://foo.bar/pictures/ and generates on-the-fly thumbnails in http://foo.bar/pictures/mythumbs/ Alias /pictures/ /home/me/pictures Directory /home/me/pictures Order allow,deny Allow from all /Directory Location /pictures/mythumbs SetHandler perl-handler PerlHandler Apache::GD::Thumbnail /Location Remember that it only works on JPEGs. Issac - Original Message - From: Steven A. Adams [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, March 24, 2003 3:06 AM Subject: Apache::GD::Thumbnail Question Does anyone use this handler to make on-the-fly thumbs? I've used the standard example code in my apache (1.3.27 with MP1) and it seems to ignore the handler. Any suggestions? -- Steven A. Adams [EMAIL PROTECTED]
Apache::GD::Thumbnail Question
Does anyone use this handler to make on-the-fly thumbs? I've used the standard example code in my apache (1.3.27 with MP1) and it seems to ignore the handler. Any suggestions? -- Steven A. Adams [EMAIL PROTECTED]
Re: Job tracking and publishing question.
Thomas Whitney wrote: I was looking at Bricolage, however it appears to be more suited to text content publishing. I currently use Template::Toolkit to print out the bids and I imagine I could do all the programming myself--naturally, it would be helpful to find some package that suited at least some of my requirements.. If you want to keep using Template Toolkit with some extra support for common things like sessions, users, etc., take a look at OpenInteract. - Perrin
Job tracking and publishing question.
Hi, I want to implement a job tracking and database publishing system and hoping for some assistance. My company does short run 4 color digital printing. Because it is short urn we handle multiple jobs every day. I developed an online bidding system; it use Apache, mod_perl, and mysql. Now I would like to move to tracking jobs online; first, for internal purposes -- it would make the workflow much easier to follow -- and later for customers to view the status of their jobs on the web. Each bid has about 38 data fields associated with it and each job will have a few more fields along with an image file in the form of a pdf. Each job needs to be tracked through production with operators at each stage having being able to update its status or add notes. After the job is finished an invoice would be printed to go out with the job. Web based applications are good for this because we use Mac's and PC's, and both must be able to have access to that job. I was looking at Bricolage, however it appears to be more suited to text content publishing. I currently use Template::Toolkit to print out the bids and I imagine I could do all the programming myself--naturally, it would be helpful to find some package that suited at least some of my requirements.. I would really appreciate any thoughts or suggestions. Thanks, Thomas Whitney
Re: Job tracking and publishing question.
From: Thomas Whitney [EMAIL PROTECTED] I want to implement a job tracking and database publishing system and hoping for some assistance. My company does short run 4 color digital printing. Because it is short urn we handle multiple jobs every day. I developed an online bidding system; it use Apache, mod_perl, and mysql. Now I would like to move to tracking jobs online; first, for internal purposes -- it would make the workflow much easier to follow -- and later for customers to view the status of their jobs on the web. Each bid has about 38 data fields associated with it and each job will have a few more fields along with an image file in the form of a pdf. You would have to customize it quite a bit but you might look at 'Request Tracker' as a starting point: http://www.bestpractical.com/rt/ It uses mason with sql or postgresql as the framework. A new version is on the way so if you would probably want to get the latest beta from http://www.fsck.com/pub/rt/devel/ (2.1.86 now) to start. --- Les Mikesell [EMAIL PROTECTED]
Authorization question
Hi List, In theory Authentication / Authorization handlers are very cool, because the application underneath it doesn't need to know the logic of it, and as long as you design web applications with nice, RESTful, sensible URIs it would all work beautifully. BUT, I cannot figure out how to 'ask' apache wether a request would succeed or not. I'm wondering wether there would be a way to do: my $ok = $r-would_be_authorized ($uri); # or my $ok = $r-would_be_authorized ($uri, 'GET'); # or my $ok = $r-would_be_authorized ($uri, 'POST', $fh); This would be handy because for example in your web application you might want certain controls or links to be replaced by proper messages rather than directing the user to a location that he/she doesn't have access to. If I missed something obvious please point out a URI so that I can RTFM! All ideas appreciated! Cheers, -- Building a better web - http://www.mkdoc.com/ - Jean-Michel Hiver [EMAIL PROTECTED] - +44 (0)114 255 8097 Homepage: http://www.webmatrix.net/
Re: Authorization question
I've never had any reason to do this so there might be a shortcut but I
think something along the lines of the following should work (As long as
your access/auth handler doesnt make use of $r-is_intial_req())
use Apache::Constants (:common);
my $subr = $r-lookup_uri('/new/request/?foo=bar');
my $status = $subr-status;
my $ok = $status==AUTH_REQUIRED ? 0:1;
Ric.
- Original Message -
From: Jean-Michel Hiver [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, February 27, 2003 10:42 AM
Subject: Authorization question
Hi List,
In theory Authentication / Authorization handlers are very cool, because
the application underneath it doesn't need to know the logic of it, and
as long as you design web applications with nice, RESTful, sensible URIs
it would all work beautifully.
BUT, I cannot figure out how to 'ask' apache wether a request would
succeed or not. I'm wondering wether there would be a way to do:
my $ok = $r-would_be_authorized ($uri);
# or
my $ok = $r-would_be_authorized ($uri, 'GET');
# or
my $ok = $r-would_be_authorized ($uri, 'POST', $fh);
This would be handy because for example in your web application you
might want certain controls or links to be replaced by proper messages
rather than directing the user to a location that he/she doesn't have
access to.
If I missed something obvious please point out a URI so that I can RTFM!
All ideas appreciated!
Cheers,
--
Building a better web - http://www.mkdoc.com/
-
Jean-Michel Hiver
[EMAIL PROTECTED] - +44 (0)114 255 8097
Homepage: http://www.webmatrix.net/
Re: Authorization question
On Thu 27-Feb-2003 at 11:39:32AM -, Richard Clarke wrote:
I've never had any reason to do this so there might be a shortcut but I
think something along the lines of the following should work (As long as
your access/auth handler doesnt make use of $r-is_intial_req())
use Apache::Constants (:common);
my $subr = $r-lookup_uri('/new/request/?foo=bar');
my $status = $subr-status;
my $ok = $status==AUTH_REQUIRED ? 0:1;
Wow! Thanks for the tip :)
Is there a way to tell Apache::SubRequest that you're doing a HEAD / GET
/ POST / PUT / etc? Authorization handlers might behave differently
depending on the HTTP method being used.
Cheers,
--
Building a better web - http://www.mkdoc.com/
-
Jean-Michel Hiver
[EMAIL PROTECTED] - +44 (0)114 255 8097
Homepage: http://www.webmatrix.net/
Re: Authorization question
Jean-Michel Hiver wrote:
On Thu 27-Feb-2003 at 11:39:32AM -, Richard Clarke wrote:
I've never had any reason to do this so there might be a shortcut but I
think something along the lines of the following should work (As long as
your access/auth handler doesnt make use of $r-is_intial_req())
I've decided that the
return DECLINED if $r-is_inital_req;
bit is a bad idea. after a few hours debugging an authorization
application, I realized that this does nothing but cause problems - if you
DECLINE a subrequest then it's picked up by mod_auth which, if you're not
configured for flat file auth (in addition to your custom auth), mod_auth
will return AUTH_REQUIRED (or worse).
you may want to
return OK if $r-is_inital_req;
but DECLINED is almost certainly a bad idea.
use Apache::Constants (:common);
my $subr = $r-lookup_uri('/new/request/?foo=bar');
my $status = $subr-status;
my $ok = $status==AUTH_REQUIRED ? 0:1;
I'd change that to
my $ok = $status == HTTP_OK ? 1 : 0;
since there are lots of other things that can be thrown other than
AUTH_REQUIRED - for instance FORBIDDEN from an access handler.
we talk about this in Recipe 3.15 in the Cookbook (which came up yesterday,
so see the archives for where you can find it for free).
Wow! Thanks for the tip :)
Is there a way to tell Apache::SubRequest that you're doing a HEAD / GET
/ POST / PUT / etc? Authorization handlers might behave differently
depending on the HTTP method being used.
unfortunately, no - GET is hardcoded in Apache:
API_EXPORT(request_rec *) ap_sub_req_lookup_uri(const char *new_file,
const request_rec *r)
{
return ap_sub_req_method_uri(GET, new_file, r);
}
and by the time you get the subrequest object back, it's too late to call
$sub-method('POST'). of course, theoretically GET and HEAD should be
equivalent :) but I see your point. I guess there's no way around that in
this case.
--Geoff
Re: Authorization question
On Thu, 27 Feb 2003, Jean-Michel Hiver wrote:
Hi List,
In theory Authentication / Authorization handlers are very cool, because
the application underneath it doesn't need to know the logic of it, and
as long as you design web applications with nice, RESTful, sensible URIs
it would all work beautifully.
BUT, I cannot figure out how to 'ask' apache wether a request would
succeed or not. I'm wondering wether there would be a way to do:
my $ok = $r-would_be_authorized ($uri);
# or
my $ok = $r-would_be_authorized ($uri, 'GET');
# or
my $ok = $r-would_be_authorized ($uri, 'POST', $fh);
This would be handy because for example in your web application you
might want certain controls or links to be replaced by proper messages
rather than directing the user to a location that he/she doesn't have
access to.
If I missed something obvious please point out a URI so that I can RTFM!
All ideas appreciated!
Salut,
I think this may be solved by architecture. If you have an Authz layer
maybe it needs to be called sooner than right when you need it.
I have a Session-based auth system. When the user successfully
authenticates the Auth handler does a lookup in a db where we store all
users' authz information. The db has an access level for each user for
each widget in the application. These are all loaded into a hashref and
stored in the serverside session. An encrypted cookie has the key to the
session.
All of this is tied into the UI such that the user's authz level
determines the content they see. Data such as '$student-first_name' are
displayed by a UI handler according to perms; the UI's methods can write
out either:
First Name: $val or
First Name: input type='text' name ='first_name' val='$val' or
whatever, depending on the user's perms.
HTH,
- nick
--
Nick Tonkin {|8^)
Re: Authorization question
On Thu, 27 Feb 2003, Geoffrey Young wrote:
I've decided that the
return DECLINED if $r-is_inital_req;
bit is a bad idea. after a few hours debugging an authorization
application, I realized that this does nothing but cause problems - if you
DECLINE a subrequest then it's picked up by mod_auth which, if you're not
configured for flat file auth (in addition to your custom auth), mod_auth
will return AUTH_REQUIRED (or worse).
you may want to
return OK if $r-is_inital_req;
but DECLINED is almost certainly a bad idea.
What was the idea behind
return DECLINED if $r-is_inital_req;
in auth handlers in the first place?
- nick
--
Nick Tonkin {|8^)
Re: Authorization question
but DECLINED is almost certainly a bad idea. What was the idea behind return DECLINED if $r-is_inital_req; in auth handlers in the first place? I think it stems from the Eagle book, thus from Doug, but I'm not sure - I can't remember exactly. it was probably an attempt to reduce overhead for subrequests when authentication is expensive (say, a DB query) and you don't really care about whether lookups are authenticated or not. I tried to word it carefully in the book, saying using it depends on what you want to do in your application. clearly if you want to depend on proper authentication for lookups, then you don't want to use is_initial_req() logic at all. it wasn't until after it was too late that I realized DECLINED is problematic. my own particular problem with it was with the subrequests that mod_dir makes - IIRC, on a protected directory returning DECLINED on the subrequest really mucks things up. HTH --Geoff
Re: Authorization question
I think this may be solved by architecture. If you have an Authz layer maybe it needs to be called sooner than right when you need it. I have a Session-based auth system. When the user successfully authenticates the Auth handler does a lookup in a db where we store all users' authz information. The db has an access level for each user for each widget in the application. These are all loaded into a hashref and stored in the serverside session. An encrypted cookie has the key to the session. Yes, but you're then making the authorization layer inseparable from your applicative layer, and hence you loose the interest of using separate handlers. I think it would be much nicer to write webapps on which you can plug any authorization / authentication handler chain and maintain those things as separate as possible. Then if your application uses the REST paradigm, all access control can be done using URIs, which is very neat. Cheers, -- Building a better web - http://www.mkdoc.com/ - Jean-Michel Hiver [EMAIL PROTECTED] - +44 (0)114 255 8097 Homepage: http://www.webmatrix.net/
Re: Authorization question
On Thu, 27 Feb 2003, Jean-Michel Hiver wrote:
I think this may be solved by architecture. If you have an Authz layer
maybe it needs to be called sooner than right when you need it.
I have a Session-based auth system. When the user successfully
authenticates the Auth handler does a lookup in a db where we store all
users' authz information. The db has an access level for each user for
each widget in the application. These are all loaded into a hashref and
stored in the serverside session. An encrypted cookie has the key to the
session.
Yes, but you're then making the authorization layer inseparable from
your applicative layer, and hence you loose the interest of using
separate handlers.
True. For the type of application I deal with, where authorization levels
and security are paramount, this is not a bad thing. And really, in my
system, the UI modules only need to know the user's authz level (0-4) to
produce content ... they do not care how the authz level was generated.
- nick
--
Nick Tonkin {|8^)
Re: Authorization question
Jean-Michel Hiver wrote: Yes, but you're then making the authorization layer inseparable from your applicative layer, and hence you loose the interest of using separate handlers. It's pretty hard to truly separate these things. Nobody wants to use basic auth, which means there is a need for forms and handlers. Then you have to keep that information in either cookies or URLs, and there is usually a need to talk to an external data database with a site-specific schema. The result is that plug and play auth schemes only work (unmodified) for the simplest sites. - Perrin
Re: Authorization question
On Thu, 27 Feb 2003, Perrin Harkins wrote: Jean-Michel Hiver wrote: Yes, but you're then making the authorization layer inseparable from your applicative layer, and hence you loose the interest of using separate handlers. It's pretty hard to truly separate these things. Nobody wants to use basic auth, which means there is a need for forms and handlers. Then you have to keep that information in either cookies or URLs, and there is usually a need to talk to an external data database with a site-specific schema. The result is that plug and play auth schemes only work (unmodified) for the simplest sites. Anyone using PubCookie? http://www.washington.edu/pubcookie/ -- Bill Moseley [EMAIL PROTECTED]
Re: Authorization question
It's pretty hard to truly separate these things. Nobody wants to use basic auth, which means there is a need for forms and handlers. How do you mean, 'nobody'? Users certainly don't mind! Then you have to keep that information in either cookies or URLs, and there is usually a need to talk to an external data database with a site-specific schema. I admit that it's hard to get away without cookies and URI encoding schemes, but not impossible. There's a lot of tricks that you can do with path_info... For example, http://www.example.com/some/address/hello.txt,do_something This URL is easy to protect / authorize using LocationMatch directives. Basically I think you can use these simple schemes in complex applications if you're careful about your URIs. But it's true that it can be a real mindf*ck :) Basically each state of your application needs a different URI... However I find it well worth it, the promess of a truly modular, standard, pluggable authorization system is seducing, and also very 'marketable' I think. Cheers, -- Building a better web - http://www.mkdoc.com/ - Jean-Michel Hiver [EMAIL PROTECTED] - +44 (0)114 255 8097 Homepage: http://www.webmatrix.net/
Re: Authorization question
On Thu, 27 Feb 2003, Bill Moseley wrote:
On Thu, 27 Feb 2003, Perrin Harkins wrote:
Jean-Michel Hiver wrote:
Yes, but you're then making the authorization layer inseparable from
your applicative layer, and hence you loose the interest of using
separate handlers.
It's pretty hard to truly separate these things. Nobody wants to use
basic auth, which means there is a need for forms and handlers. Then
you have to keep that information in either cookies or URLs, and there
is usually a need to talk to an external data database with a
site-specific schema. The result is that plug and play auth schemes
only work (unmodified) for the simplest sites.
Anyone using PubCookie?
http://www.washington.edu/pubcookie/
All C, no?
- nick
--
Nick Tonkin {|8^)
Re: Authorization question
Jean-Michel Hiver wrote: It's pretty hard to truly separate these things. Nobody wants to use basic auth, which means there is a need for forms and handlers. How do you mean, 'nobody'? Users certainly don't mind! Sure they do. They want a nice HTML login screen, and features like remember this login on this computer (using cookies) which is standard on most major sites now. I admit that it's hard to get away without cookies and URI encoding schemes, but not impossible. There's a lot of tricks that you can do with path_info... But path_info is URI encoding. Also, most of the auth/access modules, including ones that stick to the auth and access phases, use cookies or URIs. There really is no other option except basic auth. If you build a generalized auth system, there may well be other people interested in it. However, it would have to be very easy to change the mechanisms for maintaining state (cookies, URIs, basic auth) and checking credentials (any kind of database with any kind of schema). The latter probably means some custom development on every installation. - Perrin
Upgrading to perl 5.8.0 (newbie question)
Hi, I have a server which has the following pre-installed on it: Apache/1.3.27 mod_perl/1.27 Perl/5.6.1 If I upgrade to Perl/5.8.0 will I have to upgrade mod_perl to a newer version as well? Thanks, NG
Re: Upgrading to perl 5.8.0 (newbie question)
Hi, mod_perl 1.27 is the latest stable version of mod_perl 1. You're fine. Regards, Sven. Am Mon, 2003-02-24 um 12.24 schrieb Gazi, Nasser (London): Hi, I have a server which has the following pre-installed on it: Apache/1.3.27 mod_perl/1.27 Perl/5.6.1 If I upgrade to Perl/5.8.0 will I have to upgrade mod_perl to a newer version as well? Thanks, NG
Re: Upgrading to perl 5.8.0 (newbie question)
Hi, mod_perl 1.27 is the latest stable version of mod_perl 1. You're fine. Regards, Sven. Am Mon, 2003-02-24 um 12.24 schrieb Gazi, Nasser (London): Hi, I have a server which has the following pre-installed on it: Apache/1.3.27 mod_perl/1.27 Perl/5.6.1 If I upgrade to Perl/5.8.0 will I have to upgrade mod_perl to a newer version as well? You'll have to rebuild it after the new perl is installed though. http://perl.apache.org/docs/1.0/guide/install.html#Should_I_Rebuild_mod_perl_if_I_have_Upgraded_Perl_ dave
RE: Upgrading to perl 5.8.0 (newbie question)
Hi, mod_perl 1.27 is the latest stable version of mod_perl 1. You're fine. Regards, Sven. Am Mon, 2003-02-24 um 12.24 schrieb Gazi, Nasser (London): Hi, I have a server which has the following pre-installed on it: Apache/1.3.27 mod_perl/1.27 Perl/5.6.1 If I upgrade to Perl/5.8.0 will I have to upgrade mod_perl to a newer version as well? You'll have to rebuild it after the new perl is installed though. http://perl.apache.org/docs/1.0/guide/install.html#Should_I_Rebuild_mod_per l_if_I_have_Upgraded_Perl_ dave Thanks. I should go and read the docs! (typical newbie...)
Re: Upgrading to perl 5.8.0 (newbie question)
No, but you will need to recompile it plus lots of other modules, basically any module that includes XS code. Consider using CPAN's autobundle feature. :-) Wes Sheldahl Gazi, Nasser (London) [EMAIL PROTECTED] on 02/24/2003 06:24:32 AM To:[EMAIL PROTECTED] cc: Subject:Upgrading to perl 5.8.0 (newbie question) Hi, I have a server which has the following pre-installed on it: Apache/1.3.27 mod_perl/1.27 Perl/5.6.1 If I upgrade to Perl/5.8.0 will I have to upgrade mod_perl to a newer version as well? Thanks, NG
Re: Help installing mod_perl 1.27 and apache 1.3.27. newbie question.
On Thursday, February 20, 2003, at 08:13 AM, Charlie Smith wrote: I get errors on installing mod_perl/Apache 1.3.27, under the root account when running perl Makefile.PL. I'm running perl 5.8 on solaris. gcc 2.95. # # # perl Makefile.PL Configure mod_perl with ../apache_1.3.27/src ? [y] Shall I build httpd in ../apache_1.3.27/src for you? [y] sh: make: not found It can't find the 'make' program. You either need to install make, or, if it is isntalled, make sure it's in your $PATH. Cory 'G' Watson http://gcdb.spleck.net
RE: Help installing mod_perl 1.27 and apache 1.3.27. newbie question.
Charlie, It just seems like you need to add make in your path (sh: make: not found). Cheers, Martin Martin Scantland IP Services, Internet Engineering, Nortel Networks Phone: 613.765.4052, ESN 395.4052 -Original Message-From: Charlie Smith [mailto:[EMAIL PROTECTED]]Sent: Thursday, February 20, 2003 9:14 AMTo: [EMAIL PROTECTED]Subject: Help installing mod_perl 1.27 and apache 1.3.27. newbie question. I get errors on installing mod_perl/Apache 1.3.27, under the root account when running perl Makefile.PL. I'm running perl 5.8 on solaris. gcc 2.95. ### perl Makefile.PLConfigure mod_perl with ../apache_1.3.27/src ? [y]Shall I build httpd in ../apache_1.3.27/src for you? [y]sh: make: not foundAppending mod_perl to src/ConfigurationUsing config file: /www/Apache/src/mod_perl-1.27/src/ConfigurationCreating Makefile+ configured for Solaris 280 platform+ setting C compiler to gcc+ setting C pre-processor to gcc -E+ checking for system header files+ adding selected modules o perl_module uses ConfigStart/End + mod_perl build type: OBJ + setting up mod_perl build environment + id: mod_perl/1.27 + id: Perl/v5.8.0 (solaris) [perl] + adjusting Apache build environment + enabling Perl support for SSI (mod_include)./helpers/TestCompile: make: not found+ using builtin Expat./Configure: make: not found+ checking sizeof various data types./helpers/TestCompile: make: not found./helpers/TestCompile: make: not found./helpers/TestCompile: make: not found./helpers/TestCompile: make: not found./helpers/TestCompile: make: not found./helpers/TestCompile: make: not found./helpers/TestCompile: make: not found./helpers/TestCompile: make: not found./helpers/TestCompile: make: not found+ doing sanity check on compiler and options./helpers/TestCompile: make: not found** A test compilation with your Makefile configuration** failed. The below error output from the compilation** test will give you an idea what is failing. Note that** Apache requires an ANSI C Compiler, such as gcc. Error Output for sanity check ./helpers/TestCompile: make: not found= End of Error Report = Aborting!PerlDispatchHandler.disabled (enable with PERL_DISPATCH=1)PerlChildInitHandlerenabledPerlChildExitHandlerenabledPerlPostReadRequestHandler..disabled (enable with PERL_POST_READ_REQUEST=1)PerlTransHandlerdisabled (enable with PERL_TRANS=1)PerlHeaderParserHandler.disabled (enable with PERL_HEADER_PARSER=1)PerlAccessHandler...disabled (enable with PERL_ACCESS=1)PerlAuthenHandler...disabled (enable with PERL_AUTHEN=1)PerlAuthzHandlerdisabled (enable with PERL_AUTHZ=1)PerlTypeHandler.disabled (enable with PERL_TYPE=1)PerlFixupHandlerdisabled (enable with PERL_FIXUP=1)PerlHandler.enabledPerlLogHandler..disabled (enable with PERL_LOG=1)PerlInitHandler.disabled (enable with PERL_INIT=1)PerlCleanupHandler..disabled (enable with PERL_CLEANUP=1)PerlRestartHandler..disabled (enable with PERL_RESTART=1)PerlStackedHandlers.disabled (enable with PERL_STACKED_HANDLERS=1)PerlMethodHandlers..disabled (enable with PERL_METHOD_HANDLERS=1)PerlDirectiveHandlers...disabled (enable with PERL_DIRECTIVE_HANDLERS=1)PerlTableApidisabled (enable with PERL_TABLE_API=1)PerlLogApi..disabled (enable with PERL_LOG_API=1)PerlUriApi..disabled (enable with PERL_URI_API=1)PerlUtilApi.disabled (enable with PERL_UTIL_API=1)PerlFileApi.disabled (enable with PERL_FILE_API=1)PerlConnectionApi...enabledPerlServerApi...enabledPerlSectionsdisabled (enable with PERL_SECTIONS=1) PerlSSI.disabled (enable with PERL_SSI=1) Will run tests as User: 'nobody' Group: 'other'Checking CGI.pm VERSION..okChecking for LWP::UserAgent..okChecking for HTML::HeadParserokWriting Makefile for ApacheWriting Makefile for Apache::ConnectionWriting Makefile for Apache::ConstantsWriting Makefile for Apache::FileWriting Makefile for Apache::LeakWriting Makefile for Apache::LogWriting Makefile for Apache::ModuleConfigWriting Makefile for Apache::PerlRunXSWriting Makefile for Apache::ServerWriting Makefile for Apache::SymbolWriting Makefile for Apache::TableWriting Makefile for Apache::URIWriting Makefile for Apache::UtilWriting Makefile for mod_perl# --This message may contain confidential information, and is intended only for the use of the individual(s) to whom it is addressed.==
Re: mod_perl 2.0 question about $r-connection-auth_type
I've just about got the Apache::AuthCookieDBI to work with Apache 2.0.44 mod_perl 1.99_09-dev, but I ran into a problem with the $r-connection object not having auth_type or user defined. The $r-auth_type work just fine. Are these the same reference? What should I look for, or use? [snip] Geoff is working on the proper fix for your original problem. When that's done please check that test again. (see the dev list for developments) the fix has been committed, so you should be good to go based on the discussions we had over on dev@. remember, we added a new method, so you'll have to build mod_perl from CVS and make realclean before building if you want to pick up the new method. lemme know how it goes. --Geoff
Re: Semi-complicated question: modifying the content of a requestbefore passing to CGI?
Seldo wrote: Okay, so here's what I need to do: 1. Receive a request to a given URI, X 2. Based on that URI, change certain values with the request (e.g. change the names or values of variables posted by the user, modify the x-www-form-urlencoded data, whatever...) 3. Translate the URI to a new URI (one of a number of CGI programs) 4. Execute that CGI (such that the CGI runs in an environment with variables and posted data modified as per step 2 ) I'm running mod_perl 2.0 with Apache 2.0.x, and the documentation of these sorts of features: http://perl.apache.org/docs/2.0/api/Apache/RequestUtil.html ...is sort of incomplete. Whoopsie. We have very few hands, so coding is of a higher priority. Most of the API docs from 1.0 apply to 2.0. Almost all differrences are documented here: http://perl.apache.org/docs/2.0/user/compat/compat.html If something is missing, please post patches. Help with 2.0 docs is very welcome. My fault for being all bleeding-edge, right? Here's what I've got so far: 1. Can do. I can write a PerlTransHandler that catches the URI 2. Don't know how to do. The 1.0 documentation mentions the header_in() method which can apparently set headers in the request as well as get them. I can't find this method in the 2.0 documentation, does it or an equivalent exist? http://perl.apache.org/docs/2.0/user/compat/compat.html#C__r_E_gt_header_in_ And is there anything similar for the PUT/POST type data? what do you mean? check the above URL. 3. Can do. This bit is no problem. 4. Don't know how to do. How do you tell the server to execute a file using CGI protocol? Is this even possible? You don't need to do anything. Just configure your mod_cgi as usual, and once you've changed $r-filename to point to the location of cgi, Apache will take care of it. (I assume that you want the cgis to be run by mod_cgi, not mod_perl) The above method, assuming it's possible to do the two things I asked about, will work fine. If it doesn't work, then I'll be forced to make my PerlTransHandler re-implement CGI, which isn't *that* hard but sounds like a fairly stupid idea when the server does it already. But even in the case, I need to know how to set environment variables for CGI on a per-execution basis. Any help greatly appreciated, this project is now due in a week and I'm beginning to feel great big stormclouds of doom closing in :-) Your task is pretty trivial, so you should be fine. Seldo. P.S. I only recently noticed that Stas, who helped me out with my last question, is listed as the author/maintainer of the 2.0 documentation. Cool! :-) Hopefully this will change asap and other people will take over varous documents. __ Stas BekmanJAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide --- http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com
