Re: Apache 2.4 Upgrade
I compiled RC3 and I'm seeing the same behavior with my application. I'll
have to do some more digging to see if I can narrow down the problem at all.
On Tue, Jun 16, 2015 at 2:16 AM, Jie Gao j@sydney.edu.au wrote:
* John Dunlap j...@lariat.co wrote:
Date: Mon, 15 Jun 2015 17:20:09 -0400
From: John Dunlap j...@lariat.co
To: Kevin A. McGrail kmcgr...@pccc.com
CC: Vincent Veyron vv.li...@wanadoo.fr, mod_perl list
modperl@perl.apache.org
Subject: Re: Apache 2.4 Upgrade
Where do I get the source for 2.09-rc3? I don't see a tag for it in SVN.
http://people.apache.org/~stevehay/mod_perl-2.0.9-rc3.tar.gz
-Jie
On Mon, Jun 15, 2015 at 5:12 PM, Kevin A. McGrail kmcgr...@pccc.com
wrote:
On 6/15/2015 5:02 PM, John Dunlap wrote:
I am getting the client ip address in every request and checking it
against an access control list which is stored in my database(so that
the
user can maintain the ACL's without the assistance of an
administrator).
These are the code snippets which are grabbing the IP address:
Begin Snippet 1
# Check which method is available and use the correct one. For some
# reason, remote_ip was changed to client_ip in Apache 2.4
if ($connection-can('client_ip')) {
$R-{remote_host} = $connection-client_ip();
} elsif($connection-can('remote_ip')) {
$R-{remote_host} = $connection-remote_ip();
} else {
die(I don't know how to find the client's ip address);
}
End Snippet 1
Begin Snippet 2
if ($connection-can('client_ip')) { # Apache = 2.4
return $connection-client_addr-ip_get;
} else { # Apache = 2.2
return $connection-remote_addr-ip_get;
}
End Snippet 2
Looks to me like someone has already made Apache 2.4 modifications to
the
code.
You might want to compile the mod perl 2.09-rc3 and test with that as I
don't know what SVN version debian is working with.
regards,
KAM
--
John Dunlap
*CTO | Lariat *
*Direct:*
*j...@lariat.co j...@lariat.co*
*Customer Service:*
877.268.6667
supp...@lariat.co
--
John Dunlap
*CTO | Lariat *
*Direct:*
*j...@lariat.co j...@lariat.co*
*Customer Service:*
877.268.6667
supp...@lariat.co
Re: Apache 2.4 Upgrade
The plot thickens... My login problem is session related. I connected to my
application through the Charles web proxy to watch what was happening. On
both Debian 7 and Debian 8, my login executes correctly and sends a
Set-Cookie header up to the browser with the session cookie/id. However,
the user is then redirected to my /index.pl page. On the Debian 7
server(with bit for bit identical code, Client OS, and browser) a Cookie
header is sent down to the server by the browser and everything is fine. On
the Debian 8 server(with bit for bit identical code, Client OS, and
browser) the Cookie header is not sent down to the server when accessing /
index.pl after logging in and then, because a session cookie wasn't sent to
the server, the security framework thinks that the user isn't logged in and
sends them back to the login page. What is stranger still is that once in a
blue moon I manage to log into the Debian 8 environment without issue.
My confusion is this:
1) How can the server side be the problem if sending the cookie back to the
server is the responsibility of the browser?
2) How can the server not be the problem when the only things which are
different are on the server side?
3) Why is the problem inconsistent?
Since writing the above, I *might* have found the problem but it's one of
those things that seems like it *shouldn't* make a difference and yet does.
From my proxy logs, I noticed a potentially significant difference between
the cookies being sent up by the two different environments.
Debian 7: session=0f7fb992dacae8585b8ed3867613017a; path=/;
Debian 8: path=/; session=3159f5587ccd4fe82ccdbcbd1f9e87df;
I noticed that the key order is different and then went looking for the
code which was sending the cookie and found this:
BEGIN
sub set_cookie {
my ($this, $args) = @_;
my $values;
assert_hashref($args);
# Loop through the arguments and build the header
for my $key (keys %{$args}) {
$values .= sprintf(%s=%s; , $key, $args-{$key});
}
# Set the header
$this-apache-headers_out-{'Set-Cookie'} = $values;
}
END
Remembering that hash key order is supposed to be random, I changed it to
this for testing purposes:
BEGIN
sub set_cookie {
my ($this, $args) = @_;
my $values;
assert_hashref($args);
$values .= sprintf(session=%s; , $args-{'session'});
$values .= sprintf(path=%s; , $args-{'path'});
# Set the header
$this-apache-headers_out-{'Set-Cookie'} = $values;
}
END
Since making that change, I haven't been able to make the Debian 8
environment misbehave. So, in answer to my own questions, my current theory
is as follows:
1) The browser may not be respecting the Set-Cookie header if it's
expecting the values to appear in a specific sequence(Though I don't know
why it would care).
2) It's possible that, in this specific scenario, there existed a bug in
the version of Perl which shipped with Debian 7 which didn't properly
randomize the hash key order and that, by pure coincidence, they were being
written into the cookie in the sequence which the browser expected.
3) The behavior on Debian may be inconsistent because the version of Perl
which shipped with it correctly randomizes the key order so that the order
of the values in the session cookie *sometimes* appear in the sequence
which the browser is anticipating.
Does that sound plausible to you guys?
On Tue, Jun 16, 2015 at 12:24 PM, John Dunlap j...@lariat.co wrote:
I compiled RC3 and I'm seeing the same behavior with my application. I'll
have to do some more digging to see if I can narrow down the problem at all.
On Tue, Jun 16, 2015 at 2:16 AM, Jie Gao j@sydney.edu.au wrote:
* John Dunlap j...@lariat.co wrote:
Date: Mon, 15 Jun 2015 17:20:09 -0400
From: John Dunlap j...@lariat.co
To: Kevin A. McGrail kmcgr...@pccc.com
CC: Vincent Veyron vv.li...@wanadoo.fr, mod_perl list
modperl@perl.apache.org
Subject: Re: Apache 2.4 Upgrade
Where do I get the source for 2.09-rc3? I don't see a tag for it in SVN.
http://people.apache.org/~stevehay/mod_perl-2.0.9-rc3.tar.gz
-Jie
On Mon, Jun 15, 2015 at 5:12 PM, Kevin A. McGrail kmcgr...@pccc.com
wrote:
On 6/15/2015 5:02 PM, John Dunlap wrote:
I am getting the client ip address in every request and checking it
against an access control list which is stored in my database(so that
the
user can maintain the ACL's without the assistance of an
administrator).
These are the code snippets which are grabbing the IP address:
Begin Snippet 1
# Check which method is available and use the correct one. For some
# reason, remote_ip was changed to client_ip in Apache 2.4
if ($connection-can('client_ip')) {
$R-{remote_host} = $connection-client_ip();
} elsif($connection-can('remote_ip')) {
$R-{remote_host} = $connection-remote_ip();
} else {
die(I don't know how
Re: Apache 2.4 Upgrade
* John Dunlap j...@lariat.co wrote:
Date: Mon, 15 Jun 2015 17:20:09 -0400
From: John Dunlap j...@lariat.co
To: Kevin A. McGrail kmcgr...@pccc.com
CC: Vincent Veyron vv.li...@wanadoo.fr, mod_perl list
modperl@perl.apache.org
Subject: Re: Apache 2.4 Upgrade
Where do I get the source for 2.09-rc3? I don't see a tag for it in SVN.
http://people.apache.org/~stevehay/mod_perl-2.0.9-rc3.tar.gz
-Jie
On Mon, Jun 15, 2015 at 5:12 PM, Kevin A. McGrail kmcgr...@pccc.com wrote:
On 6/15/2015 5:02 PM, John Dunlap wrote:
I am getting the client ip address in every request and checking it
against an access control list which is stored in my database(so that the
user can maintain the ACL's without the assistance of an administrator).
These are the code snippets which are grabbing the IP address:
Begin Snippet 1
# Check which method is available and use the correct one. For some
# reason, remote_ip was changed to client_ip in Apache 2.4
if ($connection-can('client_ip')) {
$R-{remote_host} = $connection-client_ip();
} elsif($connection-can('remote_ip')) {
$R-{remote_host} = $connection-remote_ip();
} else {
die(I don't know how to find the client's ip address);
}
End Snippet 1
Begin Snippet 2
if ($connection-can('client_ip')) { # Apache = 2.4
return $connection-client_addr-ip_get;
} else { # Apache = 2.2
return $connection-remote_addr-ip_get;
}
End Snippet 2
Looks to me like someone has already made Apache 2.4 modifications to the
code.
You might want to compile the mod perl 2.09-rc3 and test with that as I
don't know what SVN version debian is working with.
regards,
KAM
--
John Dunlap
*CTO | Lariat *
*Direct:*
*j...@lariat.co j...@lariat.co*
*Customer Service:*
877.268.6667
supp...@lariat.co
Re: Apache 2.4 Upgrade
On 6/15/2015 1:38 PM, John Dunlap wrote: I'm trying to upgrade my application from Apache 2.2.22(Debian 7) to Apache 2.4.10(Debian 8) and I'm running into some truly weird behaviors that I'm having trouble tracking down. I'm not sure if it's a bug in my code(most likely) or a bug in mod_perl. Are there any behavioral changes that I should be aware of when migrating to Apache 2.4? What version of mod_perl does your system have because I've seen some weird 2.0.7 mod_perl releases on some Debian systems. 2.0.9-rc3 was just rolled last week (thanks Steve Hay) and is the first mod_perl with 2.4 support so not sure if you have something with a cart before the horse.
Re: Apache 2.4 Upgrade
root@cosmos:/var/log/apache2# perl -Mmod_perl2\ 999 mod_perl2 version 999 required--this is only version 2.09. BEGIN failed--compilation aborted. root@cosmos:/var/log/apache2# On Mon, Jun 15, 2015 at 2:30 PM, Kevin A. McGrail kmcgr...@pccc.com wrote: On 6/15/2015 1:38 PM, John Dunlap wrote: I'm trying to upgrade my application from Apache 2.2.22(Debian 7) to Apache 2.4.10(Debian 8) and I'm running into some truly weird behaviors that I'm having trouble tracking down. I'm not sure if it's a bug in my code(most likely) or a bug in mod_perl. Are there any behavioral changes that I should be aware of when migrating to Apache 2.4? What version of mod_perl does your system have because I've seen some weird 2.0.7 mod_perl releases on some Debian systems. 2.0.9-rc3 was just rolled last week (thanks Steve Hay) and is the first mod_perl with 2.4 support so not sure if you have something with a cart before the horse. -- John Dunlap *CTO | Lariat * *Direct:* *j...@lariat.co j...@lariat.co* *Customer Service:* 877.268.6667 supp...@lariat.co
Re: Apache 2.4 Upgrade
On 6/15/2015 3:30 PM, John Dunlap wrote: One thing I have noticed is that sometimes some of my objects seem to persist between Apache restarts(which makes no sense to me at all). The concrete behavior that I'm seeing is that I can't log into my application. The problem could very well be a bug in my code but, if it is, I'm not sure why it happens on Debian 8 and not Debian 7. I realize that, at this point, that's not something you can help me with unless I can get you some more detailed information. My thought in contacting the list, at this point, was to(hopefully) get some idea of what has changed so that I could have a better idea of where to start looking for problems. There are changes in httpd 2.4 debian 8 vs httpd 2.2 in debian 7 that are above just getting a mod_perl that works with apache 2.4 where your application might need some code changes to support both. For example, paraphrasing a post I wrote a few days ago, if you look at https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7197 and https://svn.apache.org/viewvc?view=revisionrevision=1681228, you'll see how the changes in httpd 2.4 rippled down to MP and how I implemented $c-client_ip instead of $c-remote_ip. The documentation at http://httpd.apache.org/docs/2.4/developer/new_api_2_4.html about the changes is a good starting point. Beyond that, I would look at error logs to see if you have any specific issues to comment on. regards, KAM
Re: Apache 2.4 Upgrade
One thing I have noticed is that sometimes some of my objects seem to persist between Apache restarts(which makes no sense to me at all). The concrete behavior that I'm seeing is that I can't log into my application. The problem could very well be a bug in my code but, if it is, I'm not sure why it happens on Debian 8 and not Debian 7. I realize that, at this point, that's not something you can help me with unless I can get you some more detailed information. My thought in contacting the list, at this point, was to(hopefully) get some idea of what has changed so that I could have a better idea of where to start looking for problems. On Mon, Jun 15, 2015 at 3:16 PM, Kevin A. McGrail kmcgr...@pccc.com wrote: On 6/15/2015 3:14 PM, John Dunlap wrote: root@cosmos:~# dpkg -l libapache2-mod-perl2 Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-==---== ii libapache2-mod-perl2 2.0.9~1624218-2 amd64 Integration of perl with the Apache2 web server root@cosmos:~# Well that at least is theoretically something from SVN if not a release candidate that might work. What issue are you having with mod_perl because yes, things changed with 2.4 and some code might need modification. Regards, KAM -- John Dunlap *CTO | Lariat * *Direct:* *j...@lariat.co j...@lariat.co* *Customer Service:* 877.268.6667 supp...@lariat.co
Re: Apache 2.4 Upgrade
On 6/15/2015 3:14 PM, John Dunlap wrote: root@cosmos:~# dpkg -l libapache2-mod-perl2 Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-==---== ii libapache2-mod-perl2 2.0.9~1624218-2 amd64 Integration of perl with the Apache2 web server root@cosmos:~# Well that at least is theoretically something from SVN if not a release candidate that might work. What issue are you having with mod_perl because yes, things changed with 2.4 and some code might need modification. Regards, KAM
Re: Apache 2.4 Upgrade
On Mon, 15 Jun 2015 15:30:00 -0400
John Dunlap j...@lariat.co wrote:
My thought in contacting the list, at
this point, was to(hopefully) get some idea of what has changed so that I
could have a better idea of where to start looking for problems.
I've had a problem with the priority of perloutputfilterhandler and mod_deflate
: the order of the filter chain changed in 2.4.
Solved by modifying mod_deflate.conf :
#replaced
AddOutputFilterByType DEFLATE text/html text/plain text/xml
#with (found at https://github.com/h5bp/html5-boilerplate/issues/1012)
FilterDeclare COMPRESS CONTENT_SET
FilterProvider COMPRESS DEFLATE %{CONTENT_TYPE} =~ m#^text/(html|plain)#
FilterChain COMPRESS
FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no
--
Salutations, Vincent Veyron
https://legalcase.libremen.com/
Legal case, contract and insurance claim management software
Re: Apache 2.4 Upgrade
On 6/15/2015 4:56 PM, John Dunlap wrote: Could that result in inconsistent request behavior? Because one of the things that I'm noticing is that, for no apparent reason, sometimes I can log in normally and sometimes I can't with identical request parameters(even if I delete the session and restart the server in between). Sure if there is something that tries to get the IP address of the connection, for example... But I would have expected it to bomb out but could be eval blocks, etc. Without error messages or code, way too much could be's. Regards, KAM
Re: Apache 2.4 Upgrade
On Mon, 15 Jun 2015 17:02:12 -0400
John Dunlap j...@lariat.co wrote:
I am getting the client ip address in every request and checking it against
an access control list which is stored in my database(so that the user can
maintain the ACL's without the assistance of an administrator). These are
the code snippets which are grabbing the IP address:
Begin Snippet 1
# Check which method is available and use the correct one. For some
# reason, remote_ip was changed to client_ip in Apache 2.4
I think it's explained here :
http://httpd.apache.org/docs/2.4/developer/new_api_2_4.html
conn_rec-remote_ip and conn_rec-remote_addr
These fields have been renamed in order to distinguish between the client
IP address of the connection and the useragent IP address of the request
(potentially overridden by a load balancer or proxy). References to either of
these fields must be updated with one of the following options, as appropriate
for the module [...]
if ($connection-can('client_ip')) {
So, is that in a filter? because something definitely changed there, although I
found no references to it. In my case it was consistent.
I described the symptoms here :
http://www.gossamer-threads.com/lists/modperl/modperl/108254?search_string=vincent%20veyron%20deflate;#108254
--
Salutations, Vincent Veyron
https://marica.fr/
Gestion des contentieux, des dossiers de sinistres assurance et des contrats
pour le service juridique
Re: Apache 2.4 Upgrade
Could that result in inconsistent request behavior? Because one of the
things that I'm noticing is that, for no apparent reason, sometimes I can
log in normally and sometimes I can't with identical request
parameters(even if I delete the session and restart the server in between).
On Mon, Jun 15, 2015 at 4:51 PM, Vincent Veyron vv.li...@wanadoo.fr wrote:
On Mon, 15 Jun 2015 15:30:00 -0400
John Dunlap j...@lariat.co wrote:
My thought in contacting the list, at
this point, was to(hopefully) get some idea of what has changed so that I
could have a better idea of where to start looking for problems.
I've had a problem with the priority of perloutputfilterhandler and
mod_deflate : the order of the filter chain changed in 2.4.
Solved by modifying mod_deflate.conf :
#replaced
AddOutputFilterByType DEFLATE text/html text/plain text/xml
#with (found at https://github.com/h5bp/html5-boilerplate/issues/1012)
FilterDeclare COMPRESS CONTENT_SET
FilterProvider COMPRESS DEFLATE %{CONTENT_TYPE} =~
m#^text/(html|plain)#
FilterChain COMPRESS
FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no
--
Salutations, Vincent Veyron
https://legalcase.libremen.com/
Legal case, contract and insurance claim management software
--
John Dunlap
*CTO | Lariat *
*Direct:*
*j...@lariat.co j...@lariat.co*
*Customer Service:*
877.268.6667
supp...@lariat.co
Re: Apache 2.4 Upgrade
I am getting the client ip address in every request and checking it against
an access control list which is stored in my database(so that the user can
maintain the ACL's without the assistance of an administrator). These are
the code snippets which are grabbing the IP address:
Begin Snippet 1
# Check which method is available and use the correct one. For some
# reason, remote_ip was changed to client_ip in Apache 2.4
if ($connection-can('client_ip')) {
$R-{remote_host} = $connection-client_ip();
} elsif($connection-can('remote_ip')) {
$R-{remote_host} = $connection-remote_ip();
} else {
die(I don't know how to find the client's ip address);
}
End Snippet 1
Begin Snippet 2
if ($connection-can('client_ip')) { # Apache = 2.4
return $connection-client_addr-ip_get;
} else { # Apache = 2.2
return $connection-remote_addr-ip_get;
}
End Snippet 2
On Mon, Jun 15, 2015 at 4:58 PM, Kevin A. McGrail kmcgr...@pccc.com wrote:
On 6/15/2015 4:56 PM, John Dunlap wrote:
Could that result in inconsistent request behavior? Because one of the
things that I'm noticing is that, for no apparent reason, sometimes I can
log in normally and sometimes I can't with identical request
parameters(even if I delete the session and restart the server in between).
Sure if there is something that tries to get the IP address of the
connection, for example... But I would have expected it to bomb out but
could be eval blocks, etc. Without error messages or code, way too much
could be's.
Regards,
KAM
--
John Dunlap
*CTO | Lariat *
*Direct:*
*j...@lariat.co j...@lariat.co*
*Customer Service:*
877.268.6667
supp...@lariat.co
Re: Apache 2.4 Upgrade
On 6/15/2015 5:02 PM, John Dunlap wrote:
I am getting the client ip address in every request and checking it
against an access control list which is stored in my database(so that
the user can maintain the ACL's without the assistance of an
administrator). These are the code snippets which are grabbing the IP
address:
Begin Snippet 1
# Check which method is available and use the correct one. For some
# reason, remote_ip was changed to client_ip in Apache 2.4
if ($connection-can('client_ip')) {
$R-{remote_host} = $connection-client_ip();
} elsif($connection-can('remote_ip')) {
$R-{remote_host} = $connection-remote_ip();
} else {
die(I don't know how to find the client's ip address);
}
End Snippet 1
Begin Snippet 2
if ($connection-can('client_ip')) { # Apache = 2.4
return $connection-client_addr-ip_get;
} else { # Apache = 2.2
return $connection-remote_addr-ip_get;
}
End Snippet 2
Looks to me like someone has already made Apache 2.4 modifications to
the code.
You might want to compile the mod perl 2.09-rc3 and test with that as I
don't know what SVN version debian is working with.
regards,
KAM
Re: Apache 2.4 Upgrade
Where do I get the source for 2.09-rc3? I don't see a tag for it in SVN.
On Mon, Jun 15, 2015 at 5:12 PM, Kevin A. McGrail kmcgr...@pccc.com wrote:
On 6/15/2015 5:02 PM, John Dunlap wrote:
I am getting the client ip address in every request and checking it
against an access control list which is stored in my database(so that the
user can maintain the ACL's without the assistance of an administrator).
These are the code snippets which are grabbing the IP address:
Begin Snippet 1
# Check which method is available and use the correct one. For some
# reason, remote_ip was changed to client_ip in Apache 2.4
if ($connection-can('client_ip')) {
$R-{remote_host} = $connection-client_ip();
} elsif($connection-can('remote_ip')) {
$R-{remote_host} = $connection-remote_ip();
} else {
die(I don't know how to find the client's ip address);
}
End Snippet 1
Begin Snippet 2
if ($connection-can('client_ip')) { # Apache = 2.4
return $connection-client_addr-ip_get;
} else { # Apache = 2.2
return $connection-remote_addr-ip_get;
}
End Snippet 2
Looks to me like someone has already made Apache 2.4 modifications to the
code.
You might want to compile the mod perl 2.09-rc3 and test with that as I
don't know what SVN version debian is working with.
regards,
KAM
--
John Dunlap
*CTO | Lariat *
*Direct:*
*j...@lariat.co j...@lariat.co*
*Customer Service:*
877.268.6667
supp...@lariat.co
