On Fri, Oct 9, 2009 at 11:00 AM, Barry Scott <[email protected]> wrote: > Barry Scott wrote: >> >> William A. Rowe, Jr. wrote: >> > Thanks to Jeff's catch, we scuttled 2.3.3. We have yet another >> > candidate >> > for your consideration. Please fetch up the newly minted >> > mod_fcgid-2.3.4.tar.gz >> > (or .tar.bz2) or the win32/netware suitable package >> > mod_fcgid-2.3.3-crlf.zip from: >> > >> > http://httpd.apache.org/dev/dist/mod_fcgid/ >> > >> > review, take it for a spin, and cast your choice >> > >> > [ ] -1 for any release of 2.3.4 (regressed from 2.3.1?) >> > [ ] +1 to release as 2.3.4-beta >> > [ ] +1 to release as 2.3.4-GA >> > >> > For getting started, >> > >> > http://svn.apache.org/repos/asf/httpd/mod_fcgid/tags/2.3.4/README-FCGID >> > >> > >> >> Further testing of our application has shown up a problem. >> >> With the following configuration we are seeing the request body >> of POST messages get stripped out if FcgidAuthorizer is used for >> Location /player. If we comment out the "Require onelan magic" the >> POSTs work. >> >> Have I misconfigured or is this a bug in mod_fcgid? >> >> Barry >> >> >> ... >> LoadModule fcgid_module modules/mod_fcgid.so >> >> FcgidCmdOptions /usr/local/onelan/html/dsmauthorizer.fcgi MaxProcesses 1 >> FcgidCmdOptions /usr/local/onelan/html/dsm.fcgi MaxProcesses 1 >> FcgidCmdOptions /usr/local/onelan/html/dsmxml.fcgi MaxProcesses 1 >> >> >> <VirtualHost *:80> >> >> #+ Rewrite Web API Rules >> RewriteEngine on >> >> # security - deny TRACE and TRACK requests >> RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) >> RewriteRule .* - [F] >> #- Rewrite Web API Rules >> >> #+ Rewrite Web API Rules >> # make the URLs hide the use of dsm.fcgi >> RewriteRule ^/$ /dsm.fcgi [L] >> RewriteRule ^/(status|options|organisation|tools|setup|help)($|.*$) >> /dsm.fcgi/$1$2 [L] >> #- Rewrite Web API Rules >> >> #+ Rewrite XML API Rules >> # make the URLs hide the use of dsmxml.fcgi >> RewriteRule ^/(XML)($|.*$) /dsmxml.fcgi/$1$2 [L] >> #- Rewrite XML API Rules >> >> #+ Rewrite VPN >> ReWriteMap ntb_ip_address >> prg:/usr/local/onelan/dsm/bin/vpn_lookup_ip_address >> RewriteRule ^/player/(\d+)\.(.*) >> http://${ntb_ip_address:$1}:8080/player/$1.$2 [P] >> #- Rewrite VPN >> >> #+ Locations Web VPN API >> <Location /player> >> #+ HTTP auth file >> Order allow,deny >> Allow from all >> AuthType Digest >> AuthName "Manager System" >> AuthGroupFile /etc/onelan/common/http.group >> AuthUserFile /etc/onelan/common/http.passwd >> Require onelan magic >> #- HTTP auth file >> >> FcgidAuthorizer /usr/local/onelan/html/dsmauthorizer.fcgi >> </Location> >> </VirtualHost> >> >> > > Looking at bridge_request we see the code is reading the input buckets > and feeding then to the Authorizer. > > It seems to us that: > > Either this must not happen if the fcgid is an authorizer > or the buckets must be put back for whatever handles > the POST to process.
yeah; looks like bridge_request() doesn't look at role (FCGI_RESPONDER vs. FCGID_AUTHORIZER) (unless you think this is a regression, start a new thread and/or open a Bugzilla entry)
