Re: is mpm_event safe for modperl handler?
thanks. that does sound sorry. No and neither is mod_worker. The only mpm you can safely use is prefork. This is, in my opinion, mod_perl's fatal flaw which will doom it.
Re: is mpm_event safe for modperl handler?
No and neither is mod_worker. The only mpm you can safely use is prefork. This is, in my opinion, mod_perl's fatal flaw which will doom it. On Thu, Aug 4, 2022 at 2:27 AM pengyh wrote: > Hello > > yes i know mpm_prefork is pretty good for modperl applications. > if I run modperl handler (for example, PerlAccessHandler) under > mpm_event, is it safe for a production environment? > > thanks. > -- John Dunlap *CTO | Lariat * *Direct:* *j...@lariat.co * *Customer Service:* 877.268.6667 supp...@lariat.co
Re: PerlAccessHandler for POST access
On Aug 4, 2022, at 5:09 AM, pengyh wrote:
>> LoadModule apreq_module modules/mod_apreq2.so
>> in your httpd.conf?
>
> yes. as you see:
> lrwxrwxrwx 1 root root 27 Aug 4 14:00 perl.load ->
> ../mods-available/perl.load
> lrwxrwxrwx 1 root root 29 Aug 4 14:01 apreq2.load ->
> ../mods-available/apreq2.load
>
>
>> Have you tried it with mpm_prefork?
>
> the development environment is mpm_prefork.
>
>> What version of Apache and mod_perl are you using exactly?
>
> Apache/2.4.41 (Ubuntu) mod_apreq2-20101207/2.8.0 mod_perl/2.0.11 Perl/v5.30.0
> configured
>
>
> ubuntu 20.04 x64 OS.
I presume you installed these things using apt-get? Is Apache2::Request version
2.16?
I apologize in advance if the following suggestions are obvious things you've
already tried:
Could you try changing the handler to log or display the values of $ts and
$key? What do they contain if anything?
I'd log or display $r->as_string as well.
Also, try putting an eval { } block around the code inside your handler and
then log or display the value of $@.
Something like this:
package MyApacheAccessHandler;
use strict;
use Apache2::RequestRec ();
use Apache2::RequestIO ();
use Apache2::Connection ();
use APR::Table ();
use Apache2::Const -compile => qw(OK FORBIDDEN);
use Apache2::ServerUtil ();
use Apache2::Log ();
use Apache2::Request;
use Digest::MD5 qw(md5_hex);
sub handler {
my $r = shift;
my $s = Apache2::ServerUtil->server;
eval {
$s->log_error("r = ", $r->as_string);
my $req = Apache2::Request->new($r);
my $ts = $req->param("timestamp");
my $key = $req->param("authkey");
my $digest = md5_hex($ts);
$s->log_error("ts = ", $ts);
$s->log_error("key = ", $key);
$s->log_error("digest = ", $digest);
};
if ($@) {
$s->log_error("exception: ", $@);
}
return $key eq $digest ? Apache2::Const::OK : Apache2::Const::FORBIDDEN;
}
After testing the above, what's does the error_log file show?
Later,
Ed
Re: PerlAccessHandler for POST access
LoadModule apreq_module modules/mod_apreq2.so in your httpd.conf? yes. as you see: lrwxrwxrwx 1 root root 27 Aug 4 14:00 perl.load -> ../mods-available/perl.load lrwxrwxrwx 1 root root 29 Aug 4 14:01 apreq2.load -> ../mods-available/apreq2.load Have you tried it with mpm_prefork? the development environment is mpm_prefork. What version of Apache and mod_perl are you using exactly? Apache/2.4.41 (Ubuntu) mod_apreq2-20101207/2.8.0 mod_perl/2.0.11 Perl/v5.30.0 configured ubuntu 20.04 x64 OS. Thanks
Re: PerlAccessHandler for POST access
multiple -d "x=y" should be working. -d "param1=value1=value2"
Re: PerlAccessHandler for POST access
> On Aug 4, 2022, at 3:29 AM, pengyh wrote: > OK as you can test this GET works: > > http://fb.cloudcache.net/?timestamp=12345=906434463477769dba188a4b670ef425 > > but this POST doesn't work: > > curl -X POST -d 'timestamp=12345' \ >-d 'authkey=906434463477769dba188a4b670ef425' \ >http://fb.cloudcache.net/ > > The server responds with: > > Forbidden > You don't have permission to access this resource. > > So how to fix it? Hmmm Do you have LoadModule apreq_module modules/mod_apreq2.so in your httpd.conf? Have you tried it with mpm_prefork? What version of Apache and mod_perl are you using exactly? Later, Ed
Re: PerlAccessHandler for POST access
-d "param1=value1=value2" On Thu, Aug 4, 2022 at 12:29 AM pengyh wrote: > > > > > You need to share the complete GET & POST request with the data section. > > OK as you can test this GET works: > > > http://fb.cloudcache.net/?timestamp=12345=906434463477769dba188a4b670ef425 > > but this POST doesn't work: > > curl -X POST -d 'timestamp=12345' \ > -d 'authkey=906434463477769dba188a4b670ef425' \ > http://fb.cloudcache.net/ > > > The server responds with: > > Forbidden > You don't have permission to access this resource. > > > So how to fix it? > > Thanks >
Re: PerlAccessHandler for POST access
You need to share the complete GET & POST request with the data section. OK as you can test this GET works: http://fb.cloudcache.net/?timestamp=12345=906434463477769dba188a4b670ef425 but this POST doesn't work: curl -X POST -d 'timestamp=12345' \ -d 'authkey=906434463477769dba188a4b670ef425' \ http://fb.cloudcache.net/ The server responds with: Forbidden You don't have permission to access this resource. So how to fix it? Thanks
Re: PerlAccessHandler for POST access
It only means that Apache::Request did not parse your POST request correctly. It is not form encoded or there is a typo. You need to share the complete GET & POST request with the data section. On Wed, Aug 3, 2022 at 5:52 AM pengyh wrote: > > > > > Have you checked that the values of $key and $digest are equal? > > as i have said, GET always works, but POST doesn't. so I am not sure > where is wrong. > >
is mpm_event safe for modperl handler?
Hello yes i know mpm_prefork is pretty good for modperl applications. if I run modperl handler (for example, PerlAccessHandler) under mpm_event, is it safe for a production environment? thanks.
