Vincent Veyron wrote:
No you don't. If in one Apache you say
Listen 80
Listen 443
and it will listen to both ports.
That I didn't know. I will try it, thanks
..
</VirtualHost>
(but only once, for HTTPS; the reason for that is longer to explain).
Well, if I'm not mistaken it's simply because the request being crypted,
Apache can't know which VirtualHost to use? So it will default to the
first one under https.
Élève Vincent, vous aurez 10.
...
Sorry, really analysing the code is a bit beyond my commitment
Hey, no problem, I can see why ;-)
Be humble. On one side, there is Apache code, which is extensively tested and running on
hundreds of thousands of sites. On the other side, there is your code, which runs on just
a few sites. If there is a problem somewhere, where is it most likely to be ?
Don't worry, I am. In fact, I did not consider for a second that it was
an Apache problem, because as mentionned already, the system runs fine
on several other machines.
I tought rather of a compilation problem, in libapreq maybe, some flag
pertaining to 64 bit systems that I forgot?
I would say that in order of increasing probabilities, there is Apache code, something
done when compiling it, mod_perl itself and then your code.
One other idea : Apache generates (or can generate) an access log, and you can configure
what is logged in each line (see CustomLog and CustomLogFormat, I think).
You can log the "referer", which is the URL of the page which was loaded in the browser
when the user clicked on the link which triggers the current request.
So if you look in the access log of your demo site, and see any request which, as a
referer, has a page from the secure site, it would be suspect, unless this is a link that
you specifically planned that way.
More in detail :
A user starts on the secure site, with page /A.
This gets logged in the access log of the secure site as :
current URL : /A
referer : (whatever page the user was on before, e.g. http://www.google.fr/)
In page /A, there is a link to /B which the user clicks.
In the log, there is now a line with :
current URL: /A
referer: https://secure-site/A
In page /B, there is a link to /C which the user clicks.
In the log, there is now a line with :
current URL: /C
referer: https://secure-site/B
and so on.
Now suppose the user, in page C, finds a link which for some reason links to the
non-secure website /something and clicks it.
Of course in that case the logfile of the secure site will show nothing.
But the logfile of the non-secure site will show a line out of the blue :
current URL: /something
referer: https://secure-site/C
That is what you would be looking for.
And another suggestion:
In the code which you showed before, you could add
use Apache2::Log;
and a bunch of
$r->warn("this is what happens here");
and whatever you print there will appear in that server's error.log
That is a time-honored way of debugging code.
