Re: is mpm_event safe for modperl handler?
thanks. that does sound sorry. No and neither is mod_worker. The only mpm you can safely use is prefork. This is, in my opinion, mod_perl's fatal flaw which will doom it.
Re: is mpm_event safe for modperl handler?
No and neither is mod_worker. The only mpm you can safely use is prefork. This is, in my opinion, mod_perl's fatal flaw which will doom it. On Thu, Aug 4, 2022 at 2:27 AM pengyh wrote: > Hello > > yes i know mpm_prefork is pretty good for modperl applications. > if I run modperl handler (for example, PerlAccessHandler) under > mpm_event, is it safe for a production environment? > > thanks. > -- John Dunlap *CTO | Lariat * *Direct:* *j...@lariat.co * *Customer Service:* 877.268.6667 supp...@lariat.co
Re: PerlAccessHandler for POST access
On Aug 4, 2022, at 5:09 AM, pengyh wrote: >> LoadModule apreq_module modules/mod_apreq2.so >> in your httpd.conf? > > yes. as you see: > lrwxrwxrwx 1 root root 27 Aug 4 14:00 perl.load -> > ../mods-available/perl.load > lrwxrwxrwx 1 root root 29 Aug 4 14:01 apreq2.load -> > ../mods-available/apreq2.load > > >> Have you tried it with mpm_prefork? > > the development environment is mpm_prefork. > >> What version of Apache and mod_perl are you using exactly? > > Apache/2.4.41 (Ubuntu) mod_apreq2-20101207/2.8.0 mod_perl/2.0.11 Perl/v5.30.0 > configured > > > ubuntu 20.04 x64 OS. I presume you installed these things using apt-get? Is Apache2::Request version 2.16? I apologize in advance if the following suggestions are obvious things you've already tried: Could you try changing the handler to log or display the values of $ts and $key? What do they contain if anything? I'd log or display $r->as_string as well. Also, try putting an eval { } block around the code inside your handler and then log or display the value of $@. Something like this: package MyApacheAccessHandler; use strict; use Apache2::RequestRec (); use Apache2::RequestIO (); use Apache2::Connection (); use APR::Table (); use Apache2::Const -compile => qw(OK FORBIDDEN); use Apache2::ServerUtil (); use Apache2::Log (); use Apache2::Request; use Digest::MD5 qw(md5_hex); sub handler { my $r = shift; my $s = Apache2::ServerUtil->server; eval { $s->log_error("r = ", $r->as_string); my $req = Apache2::Request->new($r); my $ts = $req->param("timestamp"); my $key = $req->param("authkey"); my $digest = md5_hex($ts); $s->log_error("ts = ", $ts); $s->log_error("key = ", $key); $s->log_error("digest = ", $digest); }; if ($@) { $s->log_error("exception: ", $@); } return $key eq $digest ? Apache2::Const::OK : Apache2::Const::FORBIDDEN; } After testing the above, what's does the error_log file show? Later, Ed
Re: PerlAccessHandler for POST access
LoadModule apreq_module modules/mod_apreq2.so in your httpd.conf? yes. as you see: lrwxrwxrwx 1 root root 27 Aug 4 14:00 perl.load -> ../mods-available/perl.load lrwxrwxrwx 1 root root 29 Aug 4 14:01 apreq2.load -> ../mods-available/apreq2.load Have you tried it with mpm_prefork? the development environment is mpm_prefork. What version of Apache and mod_perl are you using exactly? Apache/2.4.41 (Ubuntu) mod_apreq2-20101207/2.8.0 mod_perl/2.0.11 Perl/v5.30.0 configured ubuntu 20.04 x64 OS. Thanks
Re: PerlAccessHandler for POST access
multiple -d "x=y" should be working. -d "param1=value1=value2"
Re: PerlAccessHandler for POST access
> On Aug 4, 2022, at 3:29 AM, pengyh wrote: > OK as you can test this GET works: > > http://fb.cloudcache.net/?timestamp=12345=906434463477769dba188a4b670ef425 > > but this POST doesn't work: > > curl -X POST -d 'timestamp=12345' \ >-d 'authkey=906434463477769dba188a4b670ef425' \ >http://fb.cloudcache.net/ > > The server responds with: > > Forbidden > You don't have permission to access this resource. > > So how to fix it? Hmmm Do you have LoadModule apreq_module modules/mod_apreq2.so in your httpd.conf? Have you tried it with mpm_prefork? What version of Apache and mod_perl are you using exactly? Later, Ed
Re: PerlAccessHandler for POST access
-d "param1=value1=value2" On Thu, Aug 4, 2022 at 12:29 AM pengyh wrote: > > > > > You need to share the complete GET & POST request with the data section. > > OK as you can test this GET works: > > > http://fb.cloudcache.net/?timestamp=12345=906434463477769dba188a4b670ef425 > > but this POST doesn't work: > > curl -X POST -d 'timestamp=12345' \ > -d 'authkey=906434463477769dba188a4b670ef425' \ > http://fb.cloudcache.net/ > > > The server responds with: > > Forbidden > You don't have permission to access this resource. > > > So how to fix it? > > Thanks >
Re: PerlAccessHandler for POST access
You need to share the complete GET & POST request with the data section. OK as you can test this GET works: http://fb.cloudcache.net/?timestamp=12345=906434463477769dba188a4b670ef425 but this POST doesn't work: curl -X POST -d 'timestamp=12345' \ -d 'authkey=906434463477769dba188a4b670ef425' \ http://fb.cloudcache.net/ The server responds with: Forbidden You don't have permission to access this resource. So how to fix it? Thanks
Re: PerlAccessHandler for POST access
It only means that Apache::Request did not parse your POST request correctly. It is not form encoded or there is a typo. You need to share the complete GET & POST request with the data section. On Wed, Aug 3, 2022 at 5:52 AM pengyh wrote: > > > > > Have you checked that the values of $key and $digest are equal? > > as i have said, GET always works, but POST doesn't. so I am not sure > where is wrong. > >
is mpm_event safe for modperl handler?
Hello yes i know mpm_prefork is pretty good for modperl applications. if I run modperl handler (for example, PerlAccessHandler) under mpm_event, is it safe for a production environment? thanks.