On, or in the near vicinity of Wed, 18 Jun 2003 18:34:09 -0700 (PDT)
Mustafa Tan <[EMAIL PROTECTED]> has thus spoken:
> Another question is that, why hosting guys avoid using
> mod_perl. Is it just because mod_perl is memory
> hungry?
>
One reason I've heard is because of namespace security issues. Ie. if ISPs
allow all their users access to mod_perl on the same Apache server, then any
user can potentially interfere with/have access to other users' mod_perl
modules. Don't know if this is a really valid reason (it seems with
Apache::Registry this would not be a problem), it's just something I've heard.
Has anyone in the mod_perl community given namespace security much thought?
> Finally how can I dynamically ban an ip address in
> mod_perl. For example, normally you can specify
> certain ip addresses with Allow, Deny directives. How
> can I do that dynamically using mod_perl.
>
You would need to write your own AuthzHandler, and specify it with a
PerlAuthzHandler directive in your Apache conf file. See the mod_perl
docs/guide/books etc. Very briefly, you'll want to do something like:
package My::IPFilter;
use Apache::Constants qw(:common M_GET FORBIDDEN REDIRECT);
sub ip_filter {
my ($class, $r) = @_;
my $ip = $r->connection->remote_ip;
my @banned_ips = ('w.x.y.z', 'a.b.c.d', ...);
if (grep($ip eq $_, @banned_ips)) {
return FORBIDDEN;
}
return OK;
}
Then, in your httpd.conf:
<Location "/secure_uris">
SetHandler perl-script
PerlAuthzHandler My::IPFilter->ip_filter
</Location>
This is a very minimal example of what you need, just to get you started in the
right direction - you should consult the docs to get you further. You may want
to use "require" statements in your conf file, in which case you'll need more
than that. I recommend Apache::AuthCookie as it has good builtin support for
custom require methods in mod_perl.
-Adi
