Paul wrote:
I'm doing a 45 minute seminar at UAB tomorrow on mod_perl, and would bethe best way to check for whether you're using SSL is by checking $r->subprocess_env('HTTPS') rather than the port. see the archives for why.
very grateful if anyone would point out holes in this code before I try
to show it to a roomful of attendees:
========================================
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# module for Apache/mod_perl PerlPostReadRequestHandler to redirect
# users on the nonsecure port over to SSL (hopefully saving bookmarks)
#______________________________________________________________________
package Apache::PortCorrect; # define the package space
use strict; # pragma for clean code
use Apache::Constants qw( :response ); # installed with mod_perl
sub handler { # default methodname
my($r) = @_; # the request object
return OK if 443 == $r->get_server_port; # ok if already SSL
how about $r->uri instead of $r->the_request? actually, since there's sometimes more involved in the request, like the port and query string, the right way to change a URI scheme is reallymy $uri = "https://myserver.com"; # DNS literal * . (split /\s+/, $r->the_request)[1]; # requested "page"
my $uri = Apache::URI->parse($r);
$uri->scheme('https');
my $new_uri = $uri->unparse;
you can see
http://www.modperlcookbook.org/code/ch04/Cookbook/SSLStatus.pm
or recipes 5.3 and 5.4 in the cookbook for a few more examples of Apache::URI, and 5.4 shows $r->subprocess_env('HTTPS') (with some errata in the code in the first edition, unfortunately).
$r->custom_response(MOVED,$uri); # for re-request
return MOVED; # page moved!
you can certainly do that, but most people just use a redirect here.
so... i'd probably end up with something like
package Apache::RedirectToSSL;
use strict;
use Apache::Constants qw( OK REDIRECT );
use Apache::URI;
sub handler {
my $r = shift;
return OK if $r->subprocess_env('HTTPS');
my $uri = Apache::URI->parse($r);
$uri->scheme('https');
$r->headers_out->set(Location => $uri->unparse);
return REDIRECT;
}
1;
but that's just me :)
I didn't have the chance to take a look, but it's nice to see people promoting mod_perl in as many places as possible :)If someone is interested in seeing the rest of the presentation, I've posted it at http://thesilentbard.com/ACM%20Seminar.ppt -- if you'd care to post it online anywhere else, please let me know first, but that's cool, too. Any corrections are welcome.
right, that's always the problem with presentations, and it usually comes down to a decision between overwhelming your audience with details and getting the main point across (even if that point isn't the whole truth, best way, etc...).I know it isn't clean (I tried to make sure it fit on one slide and didn't get too complicated for the topic, hence such non-portable features as the DNS literal, etc), but suggestions are still very welcome.
good luck.
--Geoff
