On 05/19/10 17:11, André Warnier wrote:
Chris Bennett wrote:
After getting it to work just fine on my desktop, without any virtual
hosts, I can't get it to work right on my server in a virtual host.
I have Apache::AuthCookie (and several derived versions) working fine in
multiple VirtualHost sections, on several servers.
I just mention this so that you would not think that there is some
incompatibility between Apache::AuthCookie and VirtualHost setups.
There isn't.
Apart from that, it is difficult to help you without having any idea of
your configuration (meaning the main httpd.conf and the virtual hosts
config, your login form etc..).
I am working off the example from mod_perl cookbook
relevant part of startup.pl
use Apache::RegistryBB();
use Apache::Request();
use Apache::Cookie();
use HTML::Entities();
use Encode();
use List::Util();
use Getopt::Std();
use MIME::Parser();
use Mail::POP3Client();
use HTML::Tagset();
use HTML::Parser();
use HTML::TreeBuilder();
#require HTML::FormatText();
#require B::TerseSize();
use Cwd();
use Apache::DBI();
use DBD::Pg();
use Carp::Heavy();
use Exporter();
use File::Copy();
use Apache::AuthCookie::Util();
use Apache::AuthCookie();
use MyPerl::FormEmail2();
use MyPerl::FormEmail3();
use MyPerl::Articulator();
use MyPerl::ArticulatorBETA();
use MyPerl::Utils();
use MyPerl::Authenticate();
###################################################
use lib qw(/var/www/var/www/htdocs/users/mwforum/cgi/mwf);
use MwfConfigLSMB();
use MwfConfigCAPU();
use MwfMain();
use MwfConfigGlobal();
use MwfCGI();
use MwfDefaults();
use MwfEnglish();
use MwfGerman();
use MwfPlgIncludeCAPU();
use MwfPlgIncludeLSMB();
use MwfCaptcha();
use DBD::mysql();
use Carp();
require qw(utf8_heavy.pl);
require qw(unicore/PVA.pl);
require qw(unicore/Exact.pl);
require qw(unicore/Canonical.pl);
require qw(unicore/To/Fold.pl);
require qw(unicore/lib/gc_sc/SpacePer.pl);
use Apache::Constants();
use Apache::Connection();
use Apache::File();
use Apache::Util();
use Apache();
use POSIX();
use IPC::Run();
use Digest::MD5();
use Time::HiRes();
use GD();
use Unicode::Normalize();
use Mail::Sender();
use MIME::QuotedPrint();
######################################################
#use CGI();
#use CGI::Carp();
require qw(/usr/local/libdata/perl5/site_perl/auto/Image/Size/jpegsize.al);
use Image::Size();
use DB_File();
I have httpd.conf split up with individual conf files for gzip, SSL, and
each virtual host and its SSL, if relevant.
httpd.conf:
# $OpenBSD: httpd.conf,v 1.19 2006/02/22 15:07:12 henning Exp $
ServerType standalone
ServerRoot "/var/www"
PidFile logs/httpd.pid
ScoreBoardFile logs/apache_runtime_status
Timeout 45
LimitRequestBody 10485760
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
MinSpareServers 5
MaxSpareServers 10
StartServers 5
MaxClients 150
MaxRequestsPerChild 0
MaxCPUPerChild 0
MaxDATAPerChild 0
MaxNOFILEPerChild 0
MaxRSSPerChild 0
MaxSTACKPerChild 0
Listen *:80
Listen *:8080
Listen *:8081
# Note: The order is which modules are loaded is important. Don't change
# the order below without expert advice.
# "anonymous" user access to authenticated areas
# LoadModule anon_auth_module /usr/lib/apache/modules/mod_auth_anon.so
# user authentication using Berkeley DB files
# LoadModule db_auth_module /usr/lib/apache/modules/mod_auth_db.so
# user authentication using DBM files
# LoadModule dbm_auth_module /usr/lib/apache/modules/mod_auth_dbm.so
# authentication using new-style MD5 Digest Authentication (experimental)
LoadModule digest_auth_module /usr/lib/apache/modules/mod_auth_digest.so
# CERN httpd metafile semantics
# LoadModule cern_meta_module /usr/lib/apache/modules/mod_cern_meta.so
# configuration defines ($xxx)
# LoadModule define_module /usr/lib/apache/modules/mod_define.so
# user authentication using old-style MD5 Digest Authentication
# LoadModule digest_module /usr/lib/apache/modules/mod_digest.so
# generation of Expires HTTP headers according to user-specified criteria
# LoadModule expires_module /usr/lib/apache/modules/mod_expires.so
# customization of HTTP response headers
# LoadModule headers_module /usr/lib/apache/modules/mod_headers.so
# comprehensive overview of the server configuration
# LoadModule info_module /usr/lib/apache/modules/mod_info.so
# logging of the client user agents (deprecated in favor of mod_log_config)
# LoadModule agent_log_module /usr/lib/apache/modules/mod_log_agent.so
# logging of referers (deprecated in favor of mod_log_config)
# LoadModule referer_log_module /usr/lib/apache/modules/mod_log_referer.so
# determining the MIME type of a file by looking at a few bytes of its
contents
# LoadModule mime_magic_module /usr/lib/apache/modules/mod_mime_magic.so
# mmap()ing of a statically configured list of frequently requested but
# not changed files (experimental)
# LoadModule mmap_static_module /usr/lib/apache/modules/mod_mmap_static.so
# rule-based rewriting engine to rewrite requested URLs on the fly
LoadModule rewrite_module /usr/lib/apache/modules/mod_rewrite.so
# attempt to correct misspellings of URLs that users might have entered
# LoadModule speling_module /usr/lib/apache/modules/mod_speling.so
# provides an environment variable with a unique identifier for each request
# LoadModule unique_id_module /usr/lib/apache/modules/mod_unique_id.so
# uses cookies to provide for a clickstream log of user activity on a site
# LoadModule usertrack_module /usr/lib/apache/modules/mod_usertrack.so
# dynamically configured mass virtual hosting
# LoadModule vhost_alias_module /usr/lib/apache/modules/mod_vhost_alias.so
# caching proxy
# LoadModule proxy_module /usr/lib/apache/modules/libproxy.so
# PHP Module
# LoadModule php4_module /usr/lib/apache/modules/libphp4.so
# LoadModule php5_module /usr/local/lib/php/libphp5.so
# mod_perl module
LoadModule perl_module /usr/lib/apache/modules/mod_perl.so
LoadModule gzip_module /usr/lib/apache/modules/mod_gzip.so
#Do I really need to add this? From External Instructions --Chris
#AddModule mod_vhost_alias.c
#AddModule mod_perl.c
#AddModule mod_gzip.c
#ExtendedStatus On
#
# Include extra module configuration files. from 4.3 OpenBSD httpd.conf
--Chris
#
Include /var/www/conf/modules/*.conf
### Section 2: 'Main' server configuration
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
Port 443
Port 444
Port 80
Port 8080
Port 8081
PerlRequire /var/www/startup.pl
##
<IfDefine SSL>
Listen 443
Listen 444
</IfDefine>
User www
Group www
ServerAdmin webmas...@bennettconstruction.us
# If your host doesn't have a registered DNS name, enter its IP address
here.
# You will have to access it by its address (e.g., http://123.45.67.89/)
# anyway, and this will make redirections work in a sensible way.
#
ServerName bennettconstruction.us
PerlTaintCheck On
DocumentRoot /var/www/var/www/htdocs/users
<Directory />
Options None
AllowOverride None
Order Deny,Allow
Deny from all
</Directory>
UserDir disabled root
DirectoryIndex index.html
AccessFileName .htaccess
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
UseCanonicalName Off
TypesConfig conf/mime.types
DefaultType text/plain
<IfModule mod_mime_magic.c>
MIMEMagicFile conf/magic
</IfModule>
#LogLevel debug
LogLevel warn
HostnameLookups Off
ErrorLog logs/error_log
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn
LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog logs/access_log combined
ServerSignature Off
ServerTokens Prod
#
# Aliases: Add here as many aliases as you need (with no limit). The
format is
# Alias fakename realname
#
# Note that if you include a trailing / on fakename then the server will
# require it to be present in the URL. So "/icons" isn't aliased in this
# example, only "/icons/"..
#
Alias /icons/ "/var/www/icons/"
<Directory "/var/www/icons">
Options None
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<Directory "/var/www/htdocs/manual">
Options None
AllowOverride None
Order allow,deny
Allow from all
</Directory>
Alias /perl/capu/ "/var/www/var/www/htdocs/users/mwforum/cgi/mwf/"
Alias /perl/lsmb/ "/var/www/var/www/htdocs/users/mwforum/cgi/mwf/"
<Directory /mwforum/cgi/mwf>
Options +ExecCGI +SymLinksIfOwnerMatch +MultiViews
SetHandler perl-script
PerlHandler Apache::RegistryBB
PerlSetupEnv Off
PerlSendHeader Off
</Directory>
#
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the realname directory are treated as applications and
# run by the server when requested rather than as documents sent to the
client.
# The same rules about trailing "/" apply to ScriptAlias directives as to
# Alias.
#
#ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
#
# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
#<Directory "/var/www/cgi-bin">
# AllowOverride None
# Options None
# Order allow,deny
# Allow from all
#</Directory>
#
# Redirect allows you to tell clients about documents which used to exist in
# your server's namespace, but do not anymore. This allows you to tell the
# clients where to look for the relocated document.
# Format: Redirect old-URI new-URL
#
#
# Directives controlling the display of server-generated directory listings.
IndexOptions FancyIndexing
# AddIcon* directives tell the server which icon to show for different
# files or filename extensions. These are only displayed for
# FancyIndexed directories.
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
DefaultIcon /icons/unknown.gif
#AddDescription "GZIP compressed document" .gz
#AddDescription "tar archive" .tar
#AddDescription "GZIP compressed tar archive" .tgz
ReadmeName README
HeaderName HEADER
# IndexIgnore is a set of filenames which directory indexing should ignore
# and not include in the listing. Shell-style wildcarding is permitted.
#
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
#
AddEncoding x-compress Z
AddEncoding x-gzip gz
AddLanguage en .en
AddLanguage fr .fr
AddLanguage de .de
AddLanguage da .da
AddLanguage el .el
AddLanguage it .it
AddLanguage es .es
LanguagePriority en es fr de
AddType application/x-httpd-cgi .cgi
AddType application/x-httpd-cgi .pl
AddType application/x-httpd-php .php
AddHandler cgi-script cgi pl
AddType text/html .html
AddHandler server-parsed .html
#
# Action lets you define media types that will execute a script whenever
# a matching file is called. This eliminates the need for repeated URL
# pathnames for oft-used CGI file processors.
# Format: Action media/type /cgi-script/location
# Format: Action handler-name /cgi-script/location
#
#
# MetaDir: specifies the name of the directory in which Apache can find
# meta information files. These files contain additional HTTP headers
# to include when sending the document
#
#MetaDir .web
#
# MetaSuffix: specifies the file name suffix for the file containing the
# meta information.
#
#MetaSuffix .meta
#
# Customizable error response (Apache style)
# these come in three flavors
#
# 1) plain text
#ErrorDocument 500 "The server made a boo boo.
# n.b. the (") marks it as text, it does not get output
#
# 2) local redirects
#ErrorDocument 404 /missing.html
# to redirect to local URL /missing.html
#ErrorDocument 404 /cgi-bin/missing_handler.pl
# N.B.: You can redirect to a script or a document using
server-side-includes.
#
# 3) external redirects
#ErrorDocument 402 http://some.other_server.com/subscription_info.html
# N.B.: Many of the environment variables associated with the original
# request will *not* be available to such a script.
#
# The following directives modify normal HTTP response behavior.
# The first directive disables keepalive for Netscape 2.x and browsers that
# spoof it. There are known problems with these browser implementations.
# The second directive is for Microsoft Internet Explorer 4.0b2
# which has a broken HTTP/1.1 implementation and does not properly
# support keepalive when it is used on 301 or 302 (redirect) responses.
#
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
#
# The following directive disables HTTP/1.1 responses to browsers which
# are in violation of the HTTP/1.0 spec by not being able to grok a
# basic 1.1 response.
#
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
#
# Allow server status reports, with the URL of
http://servername/server-status
# Change the ".your_domain.com" to match your domain to enable.
#
#<Location /server-status>
# SetHandler server-status
# Order deny,allow
# Deny from all
# Allow from 70.112.48.107 72.177.54.134
#</Location>
#
# Allow remote server configuration reports, with the URL of
# http://servername/server-info (requires that mod_info.c be loaded).
# Change the ".your_domain.com" to match your domain to enable.
#
#<Location /server-info>
# SetHandler server-info
# Order deny,allow
# Deny from all
# Allow from 70.112.48.107 72.177.54.134
#</Location>
PerlModule Apache::DBI
### Section 3: Virtual Hosts
#
# VirtualHost: If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them.
# Please see the documentation at <URL:http://www.apache.org/docs/vhosts/>
# for further details before you try to setup virtual hosts.
# You may use the command line option '-S' to verify your virtual host
# configuration.
#
# If you want to use name-based virtual hosts you need to define at
# least one IP address (and port number) for them.
#
NameVirtualHost 64.85.161.47:80
NameVirtualHost 64.85.161.48:80
NameVirtualHost 64.85.161.47:8080
#NameVirtualHost 64.85.161.48:443
NameVirtualHost 64.85.161.47:8081
#NameVirtualHost 64.85.161.48:8080
#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
#
#<VirtualHost ip.address.of.host.some_domain.com>
# ServerAdmin webmas...@host.some_domain.com
# DocumentRoot /www/docs/host.some_domain.com
# ServerName host.some_domain.com
# ErrorLog logs/host.some_domain.com-error_log
# CustomLog logs/host.some_domain.com-access_log common
#</VirtualHost>
#<VirtualHost _default_:*>
#</VirtualHost>
and conf from virtual host I am using to test
<VirtualHost 64.85.161.47:80>
DocumentRoot /var/www/var/www/htdocs/users/edett.us
ServerName edett.us
ServerAlias www.edett.us
<Directory />
ErrorDocument 400 /errors/badreq.html
ErrorDocument 401 /errors/authreqd.html
ErrorDocument 403 /errors/forbid.html
ErrorDocument 404 /errors/missing.html
ErrorDocument 500 /errors/serverr.html
DirectoryIndex index.html
AllowOverride FileInfo AuthConfig Limit
Options -Indexes +SymLinksIfOwnerMatch +IncludesNoExec +ExecCGI
+MultiViews
Order allow,deny
Allow from all
<Limit GET POST OPTIONS PROPFIND>
Order allow,deny
Allow from all
</Limit>
<Limit PUT DELETE PATCH PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
Order deny,allow
Deny from all
</Limit>
</Directory>
<Location /ED>
AllowOverride FileInfo AuthConfig Limit
Options +Indexes +SymLinksIfOwnerMatch +IncludesNoExec
Order allow,deny
Allow from all
<Limit GET POST OPTIONS PROPFIND>
Order allow,deny
Allow from all
</Limit>
<Limit PUT DELETE PATCH PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
Order deny,allow
Deny from all
</Limit>
</Location>
PerlModule Apache::Registry
#PerlModule Apache::AuthCookie
<Location /perl>
SetHandler perl-script
PerlHandler Apache::Registry::handler
Options ExecCGI +SymLinksIfOwnerMatch
PerlSetupEnv Off
</Location>
PerlModule MyPerl::Authenticate
PerlSetVar protectedPath /
PerlSetVar protectedLoginScript /perl/login.pl
PerlSetVar protectedExpires +1h
<Location /login>
AuthType MyPerl::Authenticate
AuthName protected
SetHandler perl-script
PerlHandler MyPerl::Authenticate->login
</Location>
<Location /logout>
AuthType MyPerl::Authenticate
AuthName protected
SetHandler perl-script
PerlHandler MyPerl::Authenticate->logout
</Location>
# These documents require user to be logged in.
<Location /protected>
AuthType MyPerl::Authenticate
AuthName protected
PerlAuthenHandler MyPerl::Authenticate->authenticate
require valid-user
</Location>
User ed
Group ed
</VirtualHost>
and login.pl
#!/usr/bin/perl
use strict;
use warnings;
use mod_perl;
my $r = Apache->request;
# Setting the status to 200 here causes the default apache 403 page to be
# appended to the custom error document. We understand but the user may not
#$r->status(200);
my $uri = $r->prev->uri;
warn "uri = $uri";
my $creds = $r->prev->pnotes("protectedCreds");
warn "creds = $creds";
# if there are args, append that to the uri
my $args = $r->prev->args;
if ($args) {
$uri .= "?$args";
}
my $reason = $r->prev->subprocess_env("AuthCookieReason");
my $form = qq{
<html>
<head>
<title>Enter Login and Password</title>
</head>
<body onload="document.forms[0].credential_0.focus();">
};
# output creds in a comment so the test case can see them.
if (defined $creds) {
$form .= "<!-- creds: @{$creds} -->\n";
}
$form .= qq{
<form method="post" action="/login">
<table width=60% align=center valign=center>
<tr><td align=center>
<h1>This is a secure document</h1>
</td></tr>
<tr><td align=left>
<p>Failure reason: '$reason'. Please enter your login and password to
authenticate.</p>
</td>
<tr><td>
<input type=hidden name=destination value="$uri">
</td></tr>
<tr><td>
<table align=center>
<tr>
<td align=right><b>Login:</b></td>
<td><input type="text" name="credential_0" size=10 maxlength=10></td>
</tr>
<tr>
<td align=right><b>Password:</b></td>
<td><input type="password" name="credential_1" size=8 maxlength=8></td>
</tr>
<tr>
<td colspan=2 align=center><input type="submit" value="Continue"></td>
</tr></table>
</td></tr></table>
</form>
</body>
</html>
};
$r->no_cache(1);
my $x = length($form);
$r->content_type("text/html");
$r->headers_out->set("Content-length","$x");
$r->headers_out->set("Pragma", "no-cache");
$r->send_http_header;
$r->print ($form);
