Advise is needed...
Hello all! I need protect directory (/abonents) on server. User database lies on Radius Server. I have front-end (apache proxy) + back-end apache servers. I've heard that authentication process must works on front-end server. (Other protected directories via Apache core functions resides on front-end server). I've had a problem when Authentication response from back-end not passed through front-end Apache proxy server once and just replace authentication to front-end. Apache::AuthenRadius - requires mod_perl, therefore I cannot do it on front-end. May be I fear for nothing and there is solution for authentication on back-end? I think, may be Apache::AuthCookie is right solution ? Authentication process via Authen::Radius place into SI::AuthCookieHandler for back-end server. But I got -- [Tue Jan 25 16:18:46 2000] [crit] [client 195.209.67.7] configuration error: couldn't check user. No user file?: /abonents/prtctd/index.shtml -- httpd.conf for back-end -- LoadModule env_module libexec/mod_env.so LoadModule config_log_module libexec/mod_log_config.so LoadModule mime_modulelibexec/mod_mime.so LoadModule negotiation_module libexec/mod_negotiation.so LoadModule status_module libexec/mod_status.so LoadModule asis_modulelibexec/mod_asis.so LoadModule action_module libexec/mod_actions.so LoadModule alias_module libexec/mod_alias.so LoadModule access_module libexec/mod_access.so LoadModule setenvif_modulelibexec/mod_setenvif.so LoadModule perl_modulelibexec/libperl.so LoadModule macro_module libexec/mod_macro.so ClearModuleList AddModule mod_charset.c AddModule mod_env.c AddModule mod_log_config.c AddModule mod_mime.c AddModule mod_negotiation.c AddModule mod_status.c AddModule mod_asis.c AddModule mod_actions.c AddModule mod_alias.c AddModule mod_access.c AddModule mod_so.c AddModule mod_setenvif.c AddModule mod_perl.c AddModule mod_macro.c PerlRequire /usr/local/apache/power/conf/startup.pl IfDefine power Location /abonents/prtctd PerlAuthenHandler SI::AuthCookieHandler-authen PerlAuthzHandler SI::AuthCookieHandler-authz AuthType Sample AuthName Abonents PerlSetVar AbonentsPath /abonents PerlSetVar AbonentsLoginScript /abonents/index.html require valid-user /Location /IfDefine -- startup.pl -- use strict; use lib qw(/usr/web/inc); use Apache::Registry(); use Apache::Status(); use Apache::DBI(); use Apache::SSI(); use Apache::ASP(); use DBD::Oracle(); use SI::AuthCookieHandler; $ENV{ORACLE_HOME} = "/usr/local/oracle8"; $ENV{NLS_LANG} = "AMERICAN_AMERICA.CL8MSWIN1251"; $ENV{ORA_NLS} = "$ENV{ORACLE_HOME}/ocommon/nls/admin/data"; use Apache::Constants qw(:common); sub My::ProxyRemoteAddr ($) { my $r = shift; # we'll only look at the X-Forwarded-For header if the requests # comes from our proxy at localhost return FORBIDDEN unless ($r-connection-remote_ip == "195.128.128.26"); if (my ($ip) = $r-header_in('X-Forwarded-For') =~ /([^,\s]+)$/) { $r-connection-remote_ip($ip); } return OK; } 1; -- Sergey Polyakov (BeerBong) Chief of Web Lab (http://www.mustdie.ru/~beerbong)
Is this a mistake? //http://perl.apache.org/guide/install
Can some one confirm if this document on the web is correct? Building Apache and mod_perl by Hand If you wish to process the httpd build separately from the mod_perl, you should use NO_HTTPD=1 option during the perl Makefile.PL stage, then configure various things by hand and proceed with building process. You shouldn't run perl Makefile before following the steps described in this section. These are the configurations you should make before the build stage, if you choose to manually build mod_perl: mod_perl's Makefile When perl Makefile.PL is executed, $APACHE_SRC/modules/perl/Makefile will be modified to enable various options (e.g. ALL_HOOKS=1). Instead of tweaking the options during the the perl Makefile.PL, you may also edit mod_perl-x.xx/src/modules/perl/Makefile before running perl Makefile.PL. This is an optional step. Configuration Add to apache_x.x.x/src/Configuration : AddModule modules/perl/libperl.a We suggest you add this entry at the end of the Configuration file if you want your callback hooks to have precedence over core handlers. Add the following to EXTRA_LIBS: EXTRA_LIBS=`perl -MExtUtils::Embed -e ldopts` Add the following to EXTRA_CFLAGS: EXTRA_CFLAGS=`perl -MExtUtils::Embed -e ccopts` mod_perl source files Return to the mod_perl directory and copy the mod_perl source files into the apache build directory: % cp -r src/modules/perl apache_x.x.x/src/modules/ % cp -r src/modules/perl ../apache_x.x.x/src/modules/ When you have done with the configuration parts, run: % perl Makefile.PL NO_HTTPD=1 DYNAMIC=1 EVERYTHING=1\ APACHE_SRC=../apache_x.x.x/src DYNAMIC Thanks, PC Wang
Re: Advise is needed...
According to BeerBong: I need protect directory (/abonents) on server. User database lies on Radius Server. I have front-end (apache proxy) + back-end apache servers. I've heard that authentication process must works on front-end server. No, if you are using ProxyPass or RewriteRules with the [p] flag the authentication can happen on the back end. If the authentication directives are in .htaccess files, they will not be referenced before the proxy action. Les Mikesell [EMAIL PROTECTED]
TEST: ignore
this is a test. cliff rayman genwax.com
Perl 5 DBI link?
Reading Mike Miller's great site on MySQL (http://www.savebaseball.com/mysql/), I tried a link about the Perl 5 DBI (http://www.hermetica.com/technologia/DBI) but it seems dead. Anyone know how to get to the docs there? ( Apologies, I know this isn't specifically on mod_perl, but I'm having a hard time finding any help, and figured there would be knowledgeable people here on this ) Thanks Jim PS - this is my first time to post here. Most mailing lists I've seen have as the reply-to the address of the list, however this one doesn't seem to have that feature, so that when I just reply to a message, it does to the poster, not the list. Am I perceiving something incorrectly here? Thanks
Re: Perl 5 DBI link?
jiminy [EMAIL PROTECTED] writes: PS - this is my first time to post here. Most mailing lists I've seen have as the reply-to the address of the list, however this one doesn't seem to have that feature, so that when I just reply to a message, it does to the poster, not the list. Am I perceiving something incorrectly here? http://cr.yp.to/proto/replyto.html PS - discussion on this subject doesn't really belong here. Reasonable people disagree. -- Frank Cringle, [EMAIL PROTECTED] voice: (+49 2304) 467101; fax: 943357
using socket on NT's mod-perl
Hello All, Does anyone ever write a TCP socket program in mod-perl module on NT ? In my program, I use socket in phase PerlAccessHandler to connect to a remote socket server, the socket in mod-perl can be opened and connected, but when I try to write message to the remote server, the server socket always receives null. But if I use the same section code of mod-perl in a normal standalone perl program, it works fine. Does anyone know why ? Thanks, Huan
OT: Not to be ignored :-) WAS Re: TEST: ignore
not looking to be completely ignored, or removed from the mailing list, but thanks for the kind thought :-( sorry for the off-topic test messages. my problem has been solved. turns out my isp had a routing problem. i could communicate with most of the internet without a problem, but i noticed that i was not getting any modperl traffic and i could not get to www.apache.org. I originally assumed that something was going on with the apache servers, and that is why i sent the original TEST message. i eventually figured out it had something to do with my ISP. of course it took me some time and some yelling to find someone at my tier-1 ISP that actually understood networking well enough to solve my problem. Of couse, this was really a routing problem at their end which was effecting a portion of their other customers. i always thought i could set-up monitoring from remote locations so that i would be 100% assured that my site was up and working. now i realize, i could have 10 monitoring stations around the net all telling me everything was working perfectly, but a big population of the net could still not reach me and there would be no way for me to know or hear about it in a timely manner. cliff rayman genwax.com "Frank D. Cringle" wrote: Cliff Rayman [EMAIL PROTECTED] writes: this is a test. cliff rayman genwax.com Maybe it would assist Cliff in his efforts to be ignored if you removed him from the modperl mailing list. -- Frank Cringle, [EMAIL PROTECTED] voice: (+49 2304) 467101; fax: 943357
Re: CGI.pm and QUERY_STRING fixup
Ok, this seems to work, but perldoc Apache doesn't say anything about setting it. Is this at risk of not working in the future? if ( $RUNNING_MOD_PERL (my $query = Apache-request-args() ) ) { for ( $query ) { tr///s; # no muliple s/^//; # no leading } Apache-request-args( $query ); } $r-args The $r-args method will return the contents of the URI query string. When called in a scalar context, the entire string is returned. When called in a list context, a list of parsed key = value pairs are returned, i.e. it can be used like this: $query = $r-args; %in= $r-args; Bill Moseley mailto:[EMAIL PROTECTED]
cant call bytes_sent.. solved!
Okay. I solved my problems with CGI::Carp complaining and httpd not starting. I had neglected to install a few extra modules on the second machine that I needed, and startup.pl was bailing out. Consequently, CGI::Carp had been pulled in, so that tries to run fatalsToBrowser.. But since its just in server init, and not really a request, CGI::Carp breaks. Anyways, installing the extra module I needed (which was a 3rd party module), fixed it for me. Regards, Mike
Re: Apache::Session::DBI problems
Hello, On Wed, 19 Jan 2000, Kip Cranford wrote: I don't suppose it could be as simple as having a full disk? What does "df -k" report... I'm afraid not, no. Plenty of space is left on the drives. Regards, Mark. -- Mark Jewiss Knowledge Matters Limited http://www.knowledge.com
Re: squid performance
Gerald Richter wrote: No, that's the size of the system call buffer. It is not an application buffer. So how one should interpret the info at: http://www.apache.org/docs/mod/mod_proxy.html#proxyreceivebuffersize QUOTE The ProxyReceiveBufferSize directive specifies an explicit network buffer size for outgoing HTTP and FTP connections, for increased throughput. It has to be greater than 512 or set to 0 to indicate that the system's default buffer size should be used. /QUOTE So what's the application buffer parameter? A hardcoded value? Yes, as Joshua posted today morning (at least it was morning in germany :-), the application buffer size is hardcoded, the size is 8192 (named IOBUFSIZE). You will find it in proxy_util.c:ap_proxy_send_fb(). The ProxyReceiveBufferSize set the receive buffer size of the socket, so it's an OS issue. I've patched my frontend server so that there are two buffer sizes: ProxyReceiveBufferSize sets the socket buffer size ProxyInternalBufferSize sets the application buffer size This meant renaming ap_breate() to ap_bcreate_size() and adding a size parameter, which defaults to IOBUFSIZE if 0 is passed. Then add #define ap_bcreate(p,flags) ap_bcreate(p,flags,0) and add a new ap_bcreate() which calls ap_bcreate_size() for binary compatibility (actually I haven't added the new ap_bcreate() yet, and I never got round to sending this to the Apache development group). This is all necessary because some of the proxied pages on my site are large PDF and PS files which can't be cached due to security resaons. I have the socket buffer set to the max allowed 64K (on Solaris), with a 1M application buffer. In my opinion, ProxyReceiveBufferSize should be called ProxySocketBufferSize, leaving the old name free for my new use. This would also remove some of the confusion about what it actually does. -- Peter Haworth [EMAIL PROTECTED] "Save the whales. Feed the hungry. Free the mallocs."
Urgent Help needed
We are running modperl for a client web site and are experiencing sporadic hanging problems. We are looking for a consultant, preferably in the San Francisco Bay Area, who can help us fix this problem. Please contact me by phone or email. (I am not on this mailing list) Thanks, Allan Locke Infinite Information Tel. 415-777-1636 x206 email: [EMAIL PROTECTED]
PLEASE HELP - ERROR Linking Apache with mod_perl
I hope somebody could respond to this problem. I get the following link error when I try to make apache_1.3.9 with mod_perl-1.21. Am I missing a library module? Thanks, -Asghar This is how I built it: cd mod_perl-1.21 perl Makefile.PL PREP_HTTPD=1 make make test make install cd ../apache_1.3.9 ./configure --with-layout=RedHat --target=perlhttpd --activate-module=src/modules/perl/libperl.a gcc -c -I./os/unix -I./include -DLINUX=2 -DTARGET=\"perlhttpd\" -DUSE_HSREGEX -DUSE_EXPAT -I./lib/expat-lite `./apaci` buildmark.c gcc -DLINUX=2 -DTARGET=\"perlhttpd\" -DUSE_HSREGEX -DUSE_EXPAT -I./lib/expat-lite `./apaci`\ -o perlhttpd buildmark.o modules.o modules/perl/libperl.a modules/standard/libstandard.a main/libmain.a ./os/unix/libos.a ap/libap.a regex/libregex.a lib/expat-lite/libexpat.a -lm -lcrypt modules/perl/libperl.a(mod_perl.o): In function `perl_shutdown': mod_perl.o(.text+0xf8): undefined reference to `PL_perl_destruct_level' mod_perl.o(.text+0x102): undefined reference to `PL_perl_destruct_level' mod_perl.o(.text+0x10c): undefined reference to `PL_perl_destruct_level' mod_perl.o(.text+0x13b): undefined reference to `Perl_av_undef' MORE ERROR
RE: Why does Apache do this braindamaged dlclose/dlopen stuff?
So in the longer term, is there a reason the parent has to contain the interpreter at all? Can't it just do a system call when it needs one? It seems a bit excessive to put aside a couple of megabytes of system memory just to run startup.pl. Well, remember that the interpreter itself will remain shared throughout, so there's no real disadvantage in having in the parent. The main reason to run startup.pl in the parent is to overcome as much of Perl's startup time as possible. Compiling the code domainates the startup time, so the thing to do is to pull in your modules in startup.pl . That way, it's only done once, and the results are shared between all children. I think the thing to do here is fix the memory leaks 8-) Stephen.
Re: httpd.conf's 407 setting doesn't quite work
How about ErrorDocument 401 /error.html Thanks, Chuck On Thu, Jan 20, 2000 at 12:39:23PM -0800, Nancy Lin wrote: Hi I don't know if this is a problem w/ modperl or apache itself. I'm running proxy server apache 1.3.9 and modperl 1.21. I'm using modperl to authenticate my users. When a user is invalid, my code does: } else { loginfo($r, "AuthenSession::handler: bad password") ; $r-note_basic_auth_failure; return AUTH_REQUIRED; } On Netscape 3.x, a little window pops up saying authentication failed, do you want to retry? Here's the part I don't quite understand. If I configure httpd.conf with 'ErrorDocument 407 "Wrong Password!', that's what I'll see when I click on the Cancel button on that little popup. But, if I configure httpd.conf with 'ErrorDocument 407 /error.html, it gives me the default error 407 page. I'm not sure why it's doing that. I would rather point this to an file than to write it in httpd.conf. My httpd.conf has: Directory /opt/apache/http-proxy/htdocs Options Indexes FollowSymLinks ExecCGI AllowOverride None Order Allow,Deny Allow from All #require valid-user /Directory Directory proxy:* order deny,allow allow from all AuthName "Test" AuthType Basic PerlAuthenHandler Apache::AuthenSession require valid-user /Directory Thanks -- Nancy
Re: httpd.conf's 407 setting doesn't quite work
On Fri, Jan 21, 2000 at 01:33:05PM -0800, Nancy Lin wrote: That worked! But can you tell me why it worked? Thanks I think because you're using 401-type authentication below, both in your httpd.conf and by returning AUTH_REQUIRED below which maps to a 401 error. I'm not very familiar with proxy authentication, but I don't believe mod_proxy supports "407 HTTP_PROXY_AUTHENTICATION_REQUIRED" yet. It says it supports up to HTTP/1.0 in the docs, and 407 is an HTTP/1.1 status code as far as I know. Maybe someone else can help here with better info. Chuck -- Nancy On Fri, 21 Jan 2000, Chuck O'Donnell wrote: How about ErrorDocument 401 /error.html Thanks, Chuck On Thu, Jan 20, 2000 at 12:39:23PM -0800, Nancy Lin wrote: Hi I don't know if this is a problem w/ modperl or apache itself. I'm running proxy server apache 1.3.9 and modperl 1.21. I'm using modperl to authenticate my users. When a user is invalid, my code does: } else { loginfo($r, "AuthenSession::handler: bad password") ; $r-note_basic_auth_failure; return AUTH_REQUIRED; } On Netscape 3.x, a little window pops up saying authentication failed, do you want to retry? Here's the part I don't quite understand. If I configure httpd.conf with 'ErrorDocument 407 "Wrong Password!', that's what I'll see when I click on the Cancel button on that little popup. But, if I configure httpd.conf with 'ErrorDocument 407 /error.html, it gives me the default error 407 page. I'm not sure why it's doing that. I would rather point this to an file than to write it in httpd.conf. My httpd.conf has: Directory /opt/apache/http-proxy/htdocs Options Indexes FollowSymLinks ExecCGI AllowOverride None Order Allow,Deny Allow from All #require valid-user /Directory Directory proxy:* order deny,allow allow from all AuthName "Test" AuthType Basic PerlAuthenHandler Apache::AuthenSession require valid-user /Directory Thanks -- Nancy
Re: Apache::AuthCookie takeover?
I've been using Apache::AuthCookie, and it's great, but just from playing with it briefly I see some apparent issues. For one thing I didn't find an obvious way to delete a session from the database. It relies on the browser to delete the session key cookie. Right now, my MSIE is not deleting that cookie for some reason, while Netscape is, so I can't "log out" using MSIE. I don't know if anyone else has noticed this or if there's some easy way to fix it, but I want to use this in a production environment. Unless someone else is working on this, I'll have to fix it somehow, whether or not it's code anyone else would dare run on their server. I'm also wondering how possible it would be to add an option to use the browser's "basic" login dialog box instead of having to create an HTML page for it. It's something else I'm thinking of trying to do, but again I'd like to know if anyone else is either working on it or knows some reason not to. This module seems to be a tremendously useful tool for any site that needs authentication. Its next maintainer will earn my gratitude and whatever asistance I'm capable of. Adam On Jan 24 Bruce W. Hoylman wrote "Ken" == Ken Williams [EMAIL PROTECTED] writes: make a new module with a new name, since some of my changes have changed the interface, or usurp the Apache::AuthCookie module and provide a clear stepwise migration path? Doug said he'd be willing to make me the maintainer. My vote is for 'usurption'. I use this module alot and I too have seen the need for changes. I think it best to go forward with the current module and namespace conventions for continuity at my site. You do good work, Ken. I look forward to seeing what you have done with this very useful module. Peace.
Re: Apache::AuthCookie takeover?
On Sat, 22 Jan 2000, Ken Williams wrote: * make a new module with a new name, since some of my changes have changed the interface, or * usurp the Apache::AuthCookie module and provide a clear stepwise migration path? Doug said he'd be willing to make me the maintainer. The last. Much better than leaving a module around not to be maintained. If the interface haven't changed too much you might even be able to do some backwards compatibility thing. - ask -- ask bjoern hansen - http://www.netcetera.dk/~ask/ more than 60M impressions per day, http://valueclick.com
Re: Apache::ASP
Jim Ellis wrote: hello all. I have just installed Apache and ASP. I have mod_perl installed. I am running Redhat 6.1. I do not have an asp.conf in my /etc/httpd/conf directory. The rpms said it installed correctly. What have I done wrong? You don't need an asp.conf file. Try and get the examples working with the ./site/eg/.htaccess config. Check out the config directions at: http://www.nodeworks.com/asp/config.html -- Joshua _ Joshua Chamas Chamas Enterprises Inc. NodeWorks free web link monitoring Huntington Beach, CA USA http://www.nodeworks.com1-714-625-4051