Advise is needed...

[BeerBong]

Hello all!

I need protect directory (/abonents) on server.
User database lies on Radius Server.

I have front-end (apache proxy) + back-end apache servers.
I've heard that authentication process must works on front-end server.
(Other protected directories via Apache core functions resides on front-end
server). I've had a problem when Authentication response from back-end not
passed through front-end Apache proxy server once and just replace
authentication to front-end.

Apache::AuthenRadius - requires mod_perl, therefore I cannot do it on
front-end. May be I fear for nothing and there is solution for
authentication on back-end?

I think, may be Apache::AuthCookie is right solution ?
Authentication process via Authen::Radius place into SI::AuthCookieHandler
for back-end server.

But I got
--
[Tue Jan 25 16:18:46 2000] [crit] [client 195.209.67.7] configuration error:
couldn't check user.  No
 user file?: /abonents/prtctd/index.shtml
--

httpd.conf for back-end
--
LoadModule env_module libexec/mod_env.so
LoadModule config_log_module  libexec/mod_log_config.so
LoadModule mime_modulelibexec/mod_mime.so
LoadModule negotiation_module libexec/mod_negotiation.so
LoadModule status_module  libexec/mod_status.so
LoadModule asis_modulelibexec/mod_asis.so
LoadModule action_module  libexec/mod_actions.so
LoadModule alias_module   libexec/mod_alias.so
LoadModule access_module  libexec/mod_access.so
LoadModule setenvif_modulelibexec/mod_setenvif.so
LoadModule perl_modulelibexec/libperl.so
LoadModule macro_module   libexec/mod_macro.so

ClearModuleList
AddModule mod_charset.c
AddModule mod_env.c
AddModule mod_log_config.c
AddModule mod_mime.c
AddModule mod_negotiation.c
AddModule mod_status.c
AddModule mod_asis.c
AddModule mod_actions.c
AddModule mod_alias.c
AddModule mod_access.c
AddModule mod_so.c
AddModule mod_setenvif.c
AddModule mod_perl.c
AddModule mod_macro.c

PerlRequire /usr/local/apache/power/conf/startup.pl



IfDefine power
   Location /abonents/prtctd
PerlAuthenHandler SI::AuthCookieHandler-authen
PerlAuthzHandler SI::AuthCookieHandler-authz
AuthType Sample
AuthName Abonents
PerlSetVar AbonentsPath /abonents
PerlSetVar AbonentsLoginScript /abonents/index.html
require valid-user
   /Location
/IfDefine
--

startup.pl
--
use strict;

use lib qw(/usr/web/inc);

use Apache::Registry();
use Apache::Status();
use Apache::DBI();
use Apache::SSI();
use Apache::ASP();
use DBD::Oracle();
use SI::AuthCookieHandler;

$ENV{ORACLE_HOME}  = "/usr/local/oracle8";
$ENV{NLS_LANG} = "AMERICAN_AMERICA.CL8MSWIN1251";
$ENV{ORA_NLS}  = "$ENV{ORACLE_HOME}/ocommon/nls/admin/data";

use Apache::Constants qw(:common);

sub My::ProxyRemoteAddr ($)
{
my $r = shift;

# we'll only look at the X-Forwarded-For header if the requests
# comes from our proxy at localhost
return FORBIDDEN unless ($r-connection-remote_ip == "195.128.128.26");

if (my ($ip) = $r-header_in('X-Forwarded-For') =~ /([^,\s]+)$/)
{
   $r-connection-remote_ip($ip);
}

return OK;
}
1;

--
Sergey Polyakov (BeerBong)
Chief of Web Lab (http://www.mustdie.ru/~beerbong)

Is this a mistake? //http://perl.apache.org/guide/install

[Wang, Pin-Chieh]

Can some one confirm if this document on the web is correct?
Building Apache and mod_perl by Hand
If you wish to process the httpd build separately from the mod_perl, you
should use NO_HTTPD=1 option during the perl Makefile.PL stage, then
configure various things by hand and proceed with building process. You
shouldn't run perl Makefile before following the steps described in this
section. 
These are the configurations you should make before the build stage, if you
choose to manually build mod_perl: 
mod_perl's Makefile 
When perl Makefile.PL is executed, $APACHE_SRC/modules/perl/Makefile
will be modified to enable various options (e.g. ALL_HOOKS=1). Instead of
tweaking the options during the the perl Makefile.PL, you may also edit
mod_perl-x.xx/src/modules/perl/Makefile before running perl Makefile.PL. 
This is an optional step. 
Configuration 
Add to apache_x.x.x/src/Configuration : 
  AddModule modules/perl/libperl.a
We suggest you add this entry at the end of the Configuration file
if you want your callback hooks to have precedence over core handlers. 
Add the following to EXTRA_LIBS: 
  EXTRA_LIBS=`perl -MExtUtils::Embed -e ldopts`
Add the following to EXTRA_CFLAGS: 
  EXTRA_CFLAGS=`perl -MExtUtils::Embed -e ccopts` 
mod_perl source files 
Return to the mod_perl directory and copy the mod_perl source files
into the apache build directory: 
  % cp -r src/modules/perl apache_x.x.x/src/modules/
% cp -r src/modules/perl ../apache_x.x.x/src/modules/

When you have done with the configuration parts, run: 
  % perl Makefile.PL NO_HTTPD=1 DYNAMIC=1  EVERYTHING=1\
   APACHE_SRC=../apache_x.x.x/src
DYNAMIC

Thanks,
PC Wang

Re: Advise is needed...

[Leslie Mikesell]

According to BeerBong:
 
 I need protect directory (/abonents) on server.
 User database lies on Radius Server.
 
 I have front-end (apache proxy) + back-end apache servers.
 I've heard that authentication process must works on front-end server.

No, if you are using ProxyPass or RewriteRules with the [p] flag
the authentication can happen on the back end.  If the authentication
directives are in .htaccess files, they will not be referenced
before the proxy action.

  Les Mikesell
   [EMAIL PROTECTED]

TEST: ignore

[Cliff Rayman]

this is a test.


cliff rayman
genwax.com

Perl 5 DBI link?

[jiminy]

Reading Mike Miller's great site on MySQL
(http://www.savebaseball.com/mysql/), I tried a link about the Perl 5 DBI
(http://www.hermetica.com/technologia/DBI) but it seems dead. Anyone know
how to get to the docs there? ( Apologies, I know this isn't specifically
on mod_perl, but I'm having a hard time finding any help, and  figured
there would be knowledgeable people here on this )

Thanks
Jim

PS - this is my first time to post here. Most mailing lists I've seen have
as the reply-to the address of the list, however this one doesn't seem to
have that feature, so that when I just reply to a message, it does to the
poster, not the list. Am I perceiving something incorrectly here?

Thanks

Re: Perl 5 DBI link?

[Frank D. Cringle]

jiminy [EMAIL PROTECTED] writes:
 PS - this is my first time to post here. Most mailing lists I've seen have
 as the reply-to the address of the list, however this one doesn't seem to
 have that feature, so that when I just reply to a message, it does to the
 poster, not the list. Am I perceiving something incorrectly here?

  http://cr.yp.to/proto/replyto.html

PS - discussion on this subject doesn't really belong here.
Reasonable people disagree.

-- 
Frank Cringle,  [EMAIL PROTECTED]
voice: (+49 2304) 467101; fax: 943357

using socket on NT's mod-perl

[Huan He]

Hello All,

Does anyone ever write a TCP socket program in mod-perl module on NT ?
In my program, I use socket in phase PerlAccessHandler to connect
to a remote socket server, the socket in mod-perl can be opened and
connected, but when I try to write message to the remote server, the
server socket always receives null. 

But if I use the same section code of mod-perl in a normal standalone
perl program, it works fine. Does anyone know why ?

Thanks,
Huan

OT: Not to be ignored :-) WAS Re: TEST: ignore

[Cliff Rayman]

not looking to be completely ignored, or removed from
the mailing list, but thanks for the kind thought  :-(

sorry for the off-topic test messages.

my problem has been solved.
turns out my isp had a routing problem.
i could communicate with most of the internet without
a problem, but i noticed that i was not getting any
modperl traffic and i could not get to www.apache.org.

I originally assumed that something was going on with
the apache servers, and that is why i sent the original TEST message.
i eventually figured out it had something to
do with my ISP.  of course it took me some time and some yelling
to find someone at my tier-1 ISP that actually understood networking
well enough to solve my problem.  Of couse, this was really a
routing problem at their end which was effecting a portion of
their other customers.

i always thought i could set-up monitoring from remote
locations so that i would be 100% assured that my site was
up and working.  now i realize, i could have 10 monitoring
stations around the net all telling me everything was working
perfectly, but a big population of the net could still not reach me
and there would be no way for me to know or hear about it in a timely
manner.

cliff rayman
genwax.com

"Frank D. Cringle" wrote:

 Cliff Rayman [EMAIL PROTECTED] writes:
  this is a test.
 
 
  cliff rayman
  genwax.com

 Maybe it would assist Cliff in his efforts to be ignored if you
 removed him from the modperl mailing list.

 --
 Frank Cringle,  [EMAIL PROTECTED]
 voice: (+49 2304) 467101; fax: 943357

Re: CGI.pm and QUERY_STRING fixup

[Bill Moseley]

Ok, this seems to work, but perldoc Apache doesn't say anything about
setting it.  Is this at risk of not working in the future?

if ( $RUNNING_MOD_PERL  (my $query = Apache-request-args() ) ) {
for ( $query ) {
tr///s;   # no muliple 
s/^//; # no leading 
}
Apache-request-args( $query );
}


 $r-args
 The $r-args method will return the contents of the URI
 query string.  When called in a scalar context, the
 entire string is returned.  When called in a list
 context, a list of parsed key = value pairs are
 returned, i.e. it can be used like this:

$query = $r-args;
%in= $r-args;


Bill Moseley
mailto:[EMAIL PROTECTED]

cant call bytes_sent.. solved!

[Michael schout]

Okay.

I solved my problems with CGI::Carp complaining and httpd not starting.

I had neglected to install a few extra modules on the second machine that I
needed, and startup.pl was bailing out.  Consequently, CGI::Carp had been
pulled in, so that tries to run fatalsToBrowser.. But since its just in server
init, and not really a request, CGI::Carp breaks.  Anyways, installing the
extra module I needed (which was a 3rd party module), fixed it for me.

Regards,
Mike

Re: Apache::Session::DBI problems

[Mark Jewiss]

Hello,

On Wed, 19 Jan 2000, Kip Cranford wrote:

 I don't suppose it could be as simple as having a full disk?  What does
 "df -k" report...

I'm afraid not, no. Plenty of space is left on the drives.

Regards,

Mark.
-- 
Mark Jewiss
Knowledge Matters Limited
http://www.knowledge.com

Re: squid performance

[Peter Haworth]

Gerald Richter wrote:
   No, that's the size of the system call buffer.  It is not an
   application buffer.
 
  So how one should interpret the info at:
  http://www.apache.org/docs/mod/mod_proxy.html#proxyreceivebuffersize
 
  QUOTE
  The ProxyReceiveBufferSize directive specifies an explicit network buffer
  size for outgoing HTTP and FTP connections, for increased throughput. It
  has to be greater than 512 or set to 0 to indicate that the system's
  default buffer size should be used.
  /QUOTE
 
  So what's the application buffer parameter? A hardcoded value?
 
 
 Yes, as Joshua posted today morning (at least it was morning in germany
 :-), the application buffer size is hardcoded, the size is 8192 (named
 IOBUFSIZE). You will find it in proxy_util.c:ap_proxy_send_fb().
 
 The ProxyReceiveBufferSize set the receive buffer size of the socket, so
 it's an OS issue.

I've patched my frontend server so that there are two buffer sizes:
  ProxyReceiveBufferSize sets the socket buffer size
  ProxyInternalBufferSize sets the application buffer size

This meant renaming ap_breate() to ap_bcreate_size() and adding a size
parameter, which defaults to IOBUFSIZE if 0 is passed. Then add
  #define ap_bcreate(p,flags) ap_bcreate(p,flags,0)
and add a new ap_bcreate() which calls ap_bcreate_size() for binary
compatibility (actually I haven't added the new ap_bcreate() yet, and I never
got round to sending this to the Apache development group).

This is all necessary because some of the proxied pages on my site are large
PDF and PS files which can't be cached due to security resaons. I have the
socket buffer set to the max allowed 64K (on Solaris), with a 1M application
buffer.

In my opinion, ProxyReceiveBufferSize should be called ProxySocketBufferSize,
leaving the old name free for my new use. This would also remove some of the
confusion about what it actually does.

-- 
Peter Haworth   [EMAIL PROTECTED]
"Save the whales. Feed the hungry. Free the mallocs."

Urgent Help needed

[Allan Locke]

We are running modperl for a client web site and are experiencing sporadic hanging 
problems.  We are looking for a consultant, preferably in the San Francisco Bay Area, 
who can help us fix this problem.  Please contact me by phone or email.

(I am not on this mailing list)

Thanks,

Allan Locke
Infinite Information

Tel. 415-777-1636 x206
email: [EMAIL PROTECTED]

PLEASE HELP - ERROR Linking Apache with mod_perl

[Asghar Nafarieh]

I hope somebody could respond to this problem.


I get the following link error when I try to make apache_1.3.9 with 
mod_perl-1.21. Am I missing a library module?

Thanks,

-Asghar


This is how I built it:
cd mod_perl-1.21
perl Makefile.PL PREP_HTTPD=1
make
make test
make install

cd ../apache_1.3.9
./configure --with-layout=RedHat --target=perlhttpd 
--activate-module=src/modules/perl/libperl.a






gcc -c  -I./os/unix -I./include   -DLINUX=2 -DTARGET=\"perlhttpd\" -DUSE_HSREGEX 
-DUSE_EXPAT -I./lib/expat-lite `./apaci` buildmark.c
gcc  -DLINUX=2 -DTARGET=\"perlhttpd\" -DUSE_HSREGEX -DUSE_EXPAT 
-I./lib/expat-lite `./apaci`\
  -o perlhttpd buildmark.o modules.o modules/perl/libperl.a 
modules/standard/libstandard.a main/libmain.a ./os/unix/libos.a ap/libap.a 
regex/libregex.a lib/expat-lite/libexpat.a  -lm -lcrypt
modules/perl/libperl.a(mod_perl.o): In function `perl_shutdown':
mod_perl.o(.text+0xf8): undefined reference to `PL_perl_destruct_level'
mod_perl.o(.text+0x102): undefined reference to `PL_perl_destruct_level'
mod_perl.o(.text+0x10c): undefined reference to `PL_perl_destruct_level'
mod_perl.o(.text+0x13b): undefined reference to `Perl_av_undef'

 MORE ERROR

RE: Why does Apache do this braindamaged dlclose/dlopen stuff?

[Stephen Anderson]

 
 So in the longer term, is there a reason the parent has to contain the
 interpreter at all?  Can't it just do a system call when it needs one?
 It seems a bit excessive to put aside a couple of megabytes of system
 memory just to run startup.pl.  

Well, remember that the interpreter itself will remain shared throughout, so
there's no real disadvantage in having in the parent. The main reason to run
startup.pl in the parent is to overcome as much of Perl's startup time as
possible. Compiling the code domainates the startup time, so the thing to do
is to pull in your modules in startup.pl . That way, it's only done once,
and the results are shared between all children.

I think the thing to do here is fix the memory leaks 8-)

Stephen.

Re: httpd.conf's 407 setting doesn't quite work

[Chuck O'Donnell]

How about

ErrorDocument 401 /error.html

Thanks,

Chuck

On Thu, Jan 20, 2000 at 12:39:23PM -0800, Nancy Lin wrote:
 
 Hi 
 
 I don't know if this is a problem w/ modperl or apache itself.
 
 I'm running proxy server apache 1.3.9 and modperl 1.21.  I'm using modperl
 to authenticate my users.  When a
 user is invalid, my code does:
 
   } else {
   loginfo($r, "AuthenSession::handler: bad password") ;
   $r-note_basic_auth_failure;
   return AUTH_REQUIRED;
   }
 
 On Netscape 3.x, a little window pops up saying authentication failed, do
 you want to retry?  Here's the part I don't quite understand.  If I
 configure httpd.conf with 'ErrorDocument 407 "Wrong Password!', that's
 what I'll see when I click on the Cancel button on that little popup.
 But, if I configure httpd.conf with 'ErrorDocument 407 /error.html, it
 gives me the default error 407 page.  I'm not sure why it's doing that.  I
 would rather point this to an file than to write it in httpd.conf.
 
 My httpd.conf has:
 
 Directory /opt/apache/http-proxy/htdocs
 Options Indexes FollowSymLinks ExecCGI
 AllowOverride None
 Order Allow,Deny
 Allow from All
 #require valid-user
 /Directory
 
 Directory proxy:*
 order deny,allow
 allow from all
 AuthName "Test"
 AuthType Basic
 PerlAuthenHandler Apache::AuthenSession
 require valid-user
 /Directory
 
 
 
 Thanks
 
 -- 
 Nancy
 

Re: httpd.conf's 407 setting doesn't quite work

[Chuck O'Donnell]

On Fri, Jan 21, 2000 at 01:33:05PM -0800, Nancy Lin wrote:
 
 That worked!  But can you tell me why it worked?  
 
 Thanks

I think because you're using 401-type authentication below, both in
your httpd.conf and by returning AUTH_REQUIRED below which maps to a
401 error.

I'm not very familiar with proxy authentication, but I don't believe
mod_proxy supports "407 HTTP_PROXY_AUTHENTICATION_REQUIRED" yet. It
says it supports up to HTTP/1.0 in the docs, and 407 is an HTTP/1.1
status code as far as I know. Maybe someone else can help here with
better info.

Chuck


 
 -- 
 Nancy
 
 
 On Fri, 21 Jan 2000, Chuck O'Donnell wrote:
 
  How about
  
  ErrorDocument 401 /error.html
  
  Thanks,
  
  Chuck
  
  On Thu, Jan 20, 2000 at 12:39:23PM -0800, Nancy Lin wrote:
   
   Hi 
   
   I don't know if this is a problem w/ modperl or apache itself.
   
   I'm running proxy server apache 1.3.9 and modperl 1.21.  I'm using modperl
   to authenticate my users.  When a
   user is invalid, my code does:
   
 } else {
 loginfo($r, "AuthenSession::handler: bad password") ;
 $r-note_basic_auth_failure;
 return AUTH_REQUIRED;
 }
   
   On Netscape 3.x, a little window pops up saying authentication failed, do
   you want to retry?  Here's the part I don't quite understand.  If I
   configure httpd.conf with 'ErrorDocument 407 "Wrong Password!', that's
   what I'll see when I click on the Cancel button on that little popup.
   But, if I configure httpd.conf with 'ErrorDocument 407 /error.html, it
   gives me the default error 407 page.  I'm not sure why it's doing that.  I
   would rather point this to an file than to write it in httpd.conf.
   
   My httpd.conf has:
   
   Directory /opt/apache/http-proxy/htdocs
   Options Indexes FollowSymLinks ExecCGI
   AllowOverride None
   Order Allow,Deny
   Allow from All
   #require valid-user
   /Directory
   
   Directory proxy:*
   order deny,allow
   allow from all
   AuthName "Test"
   AuthType Basic
   PerlAuthenHandler Apache::AuthenSession
   require valid-user
   /Directory
   
   
   
   Thanks
   
   -- 
   Nancy
   
  

Re: Apache::AuthCookie takeover?

[Adam Mackler]

I've been using Apache::AuthCookie, and it's great, but just from
playing with it briefly I see some apparent issues.  For one thing
I didn't find an obvious way to delete a session from the database.
It relies on the browser to delete the session key cookie.  Right now,
my MSIE is not deleting that cookie for some reason, while Netscape is,
so I can't "log out" using MSIE.

I don't know if anyone else has noticed this or if there's some easy
way to fix it, but I want to use this in a production environment.
Unless someone else is working on this, I'll have to fix it somehow,
whether or not it's code anyone else would dare run on their server.

I'm also wondering how possible it would be to add an option to use
the browser's "basic" login dialog box instead of having to create an 
HTML page for it.  It's something else I'm thinking of trying to do,
but again I'd like to know if anyone else is either working on it or
knows some reason not to.

This module seems to be a tremendously useful tool for any site that
needs authentication.  Its next maintainer will earn my gratitude and
whatever asistance I'm capable of.

Adam



On Jan 24 Bruce W. Hoylman wrote

 "Ken" == Ken Williams [EMAIL PROTECTED] writes:

 make a new module with a new name, since some of my changes have
 changed the interface, or usurp the Apache::AuthCookie module and
 provide a clear stepwise migration path? Doug said he'd be willing
 to make me the maintainer.

My vote is for 'usurption'. I use this module alot and I too have seen
the need for changes. I think it best to go forward with the current
module and namespace conventions for continuity at my site.

You do good work, Ken. I look forward to seeing what you have done with
this very useful module.

Peace.

Re: Apache::AuthCookie takeover?

[Ask Bjoern Hansen]

On Sat, 22 Jan 2000, Ken Williams wrote:

   * make a new module with a new name, since some of my changes have changed 
 the interface, or
   * usurp the Apache::AuthCookie module and provide a clear stepwise migration 
 path?  Doug said he'd be willing to make me the maintainer.

The last. Much better than leaving a module around not to be maintained.

If the interface haven't changed too much you might even be able to do
some backwards compatibility thing.


 - ask

-- 
ask bjoern hansen - http://www.netcetera.dk/~ask/
more than 60M impressions per day, http://valueclick.com

Re: Apache::ASP

[Joshua Chamas]

Jim Ellis wrote:
 
 hello all.
 I have just installed Apache and ASP.  I have mod_perl installed.  I
 am running Redhat 6.1.  I do not have an asp.conf in my /etc/httpd/conf
 directory.  The rpms said it installed correctly.   What have I done
 wrong?
 

You don't need an asp.conf file.  Try and get the examples
working with the ./site/eg/.htaccess config.  Check out the 
config directions at:

  http://www.nodeworks.com/asp/config.html

-- Joshua
_
Joshua Chamas   Chamas Enterprises Inc.
NodeWorks  free web link monitoring   Huntington Beach, CA  USA 
http://www.nodeworks.com1-714-625-4051