Re: How to restart the root server from within modperl?

[Dirk Lutzebaeck]

Dennis Stout writes:
 > On a whim, I would try writing a second script to do the actual shutdown and
 > restart of Apache.
 > 
 > Then have your mod_perl program either run it in the background (with a &) or
 > fork it into another process.

Did exactly that but is has the effect that when the parent (root)
apache is killed it kills all children including the script itself. So
the server wont start again.

Dirk

RE: How to restart the root server from within modperl?

[Egor Shipovalov]

Why not start the Apache from a shell script that would always start it
again if it dies?
To restart the Apache then, you'd just kill the root httpd with apachectl.
Killing the paernt shell script would terminate the whole operation.

Egor.

> -Original Message-
> From: Dirk Lutzebaeck [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, August 12, 2003 1:17
> To: [EMAIL PROTECTED]
> Subject: How to restart the root server from within modperl?
>
>
>
> Hi,
>
> how can I restart the root httpd server from within modperl? My
> problem is that when I call system() with say apachectl restart the
> father process is stopped killing the children including the apachectl
> itself. So it can't start of again. Can I call something like a reload
> of httpd.conf?
>
> Why I want to do this? I have a set of configurations and file links
> for different versions for my modperl application which I want to activate
> from the modperl application itself (having a HTML user interface).
>
> Thanks for help,
>
> Dirk

Re: How to restart the root server from within modperl?

[Torsten Foertsch]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tuesday 12 August 2003 11:50, Dirk Lutzebaeck wrote:
> Dennis Stout writes:
>  > On a whim, I would try writing a second script to do the actual shutdown
>  > and restart of Apache.
>  >
>  > Then have your mod_perl program either run it in the background (with a
>  > &) or fork it into another process.
>
> Did exactly that but is has the effect that when the parent (root)
> apache is killed it kills all children including the script itself. So
> the server wont start again.

I have done something like this several times. My code (it works since 1998 on 
a highly used WEB Server with perl5.005_3) looks like that:

...

sub sysclose {
  require 'syscall.ph';
  syscall &SYS_close, shift()+0;
}

sub RLIMIT_NOFILE {7;}  # this is for LINUX
sub getrlimit {
  require 'syscall.ph';
  my $x="x"x8;  # result
  syscall &SYS_getrlimit, shift()+0, $x;
  unpack "ii", $x;
}

sub close_fd {
  my @l=getrlimit( RLIMIT_NOFILE );
  my $l;

  for( $l=0; $l<$l[0]; $l++ ) {
next if( $l==2 );   # close all file descriptors except of STDERR
sysclose $l;
  }
}

sub disconnect_from_apache {
  use POSIX qw/setsid/;

  setsid;
  close_fd;
}

...

my $child=fork;
unless( defined $child ) {
  ...
  return OK;
}
if( $child ) {
  my $child_status=0;
  if( waitpid( $child, 0 )==$child ) {
$child_status=$?;
  }

  if( $child_status==0 ) {
...
return OK;
  } else {
# The first fork succeeded but the second failed
...
return OK;
  }
} else {
  # Child process: fork again to detach from parent process
  $child=fork;
  CORE::exit( 0 ) if( $child ); # parent exits
  unless( defined $child ) {
...
CORE::exit( 1 );
  }
  # Now we are the 2nd child process.
  $self->disconnect_from_apache;
  $self->doit( ... );   # <== here comes the real code
  CORE::exit( 0 );
}

...

$self->doit() is called in a separate process group and is not killed by a 
signal sent to the apache process group. Further, all files save STDERR are 
closed. This is needed since the code runs under mod_perl and the long 
running child process inherits the open connection to the browser. If this 
connection is not closed the browser shows an endless spinning globe or 
something like that in the upper right corner.

Torsten
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/OSIAwicyCTir8T4RAv3RAKCXdpbHLQepeOZFCyXt1KkMVGnwPgCeNu7X
hlC1NSEv0NsA7LlM7lol7wI=
=xId6
-END PGP SIGNATURE-

Re: How to restart the root server from within modperl?

[Martin Langhoff]

>>how can I restart the root httpd server from within modperl?

Use `at` to schedule it a minute in the future -- effectively forking it.

Note that normally apache starts as root and runs as an unprivileged 
user. If this is the case you _can_ achieve it using a suid wrapper or 
sudo, but you'll risk opening a very serious security hole in the 
system. So don't. Instead, run apache as a regular user, on a high port.

If you absolutely need to be in port 80, either setup a simple 
lightweight apache on port 80 as a reverse proxy (see the mod_perl 
guide) or, even simpler, do some port forwarding from port 80 to your 
high port of choice.

regards,



martin

Re: How to restart the root server from within modperl?

[Dennis Stout]

On a whim, I would try writing a second script to do the actual shutdown and
restart of Apache.

Then have your mod_perl program either run it in the background (with a &) or
fork it into another process.

Just a thought.

Dennis

S.T.O.U.T. = Synthetic Technician Optimized for Ultimate Troublshooting
- Original Message - 
From: "Dirk Lutzebaeck" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, August 11, 2003 13 16
Subject: How to restart the root server from within modperl?


>
> Hi,
>
> how can I restart the root httpd server from within modperl? My
> problem is that when I call system() with say apachectl restart the
> father process is stopped killing the children including the apachectl
> itself. So it can't start of again. Can I call something like a reload
> of httpd.conf?
>
> Why I want to do this? I have a set of configurations and file links
> for different versions for my modperl application which I want to activate
> from the modperl application itself (having a HTML user interface).
>
> Thanks for help,
>
> Dirk

RE: How to restart the root server from within modperl?

[Egor Shipovalov]

> Can I call something like a reload of httpd.conf?

This is what sending a SIGHUP to Apache does. However, both mod_perl-enabled
servers I run misbehave on this, so I always do a full restart.

Egor.

Re: How to restart the root server from within modperl?

[Dirk Lutzebaeck]

Thanks, I made it a bit more simple:

  use POSIX;

  if (! fork) { # child
 setsid;
 POSIX::close(0);
 POSIX::close(1);
 exec("restart-apache-command");
  }

Works great!

Thanks,

Dirk




Torsten Foertsch writes:
 > -BEGIN PGP SIGNED MESSAGE-
 > Hash: SHA1
 > 
 > On Tuesday 12 August 2003 11:50, Dirk Lutzebaeck wrote:
 > > Dennis Stout writes:
 > >  > On a whim, I would try writing a second script to do the actual shutdown
 > >  > and restart of Apache.
 > >  >
 > >  > Then have your mod_perl program either run it in the background (with a
 > >  > &) or fork it into another process.
 > >
 > > Did exactly that but is has the effect that when the parent (root)
 > > apache is killed it kills all children including the script itself. So
 > > the server wont start again.
 > 
 > I have done something like this several times. My code (it works since 1998 on 
 > a highly used WEB Server with perl5.005_3) looks like that:
 > 
 > ...
 > 
 > sub sysclose {
 >   require 'syscall.ph';
 >   syscall &SYS_close, shift()+0;
 > }
 > 
 > sub RLIMIT_NOFILE {7;}   # this is for LINUX
 > sub getrlimit {
 >   require 'syscall.ph';
 >   my $x="x"x8;   # result
 >   syscall &SYS_getrlimit, shift()+0, $x;
 >   unpack "ii", $x;
 > }
 > 
 > sub close_fd {
 >   my @l=getrlimit( RLIMIT_NOFILE );
 >   my $l;
 > 
 >   for( $l=0; $l<$l[0]; $l++ ) {
 > next if( $l==2 );# close all file descriptors except of STDERR
 > sysclose $l;
 >   }
 > }
 > 
 > sub disconnect_from_apache {
 >   use POSIX qw/setsid/;
 > 
 >   setsid;
 >   close_fd;
 > }
 > 
 > ...
 > 
 > my $child=fork;
 > unless( defined $child ) {
 >   ...
 >   return OK;
 > }
 > if( $child ) {
 >   my $child_status=0;
 >   if( waitpid( $child, 0 )==$child ) {
 >  $child_status=$?;
 >   }
 > 
 >   if( $child_status==0 ) {
 > ...
 >  return OK;
 >   } else {
 >  # The first fork succeeded but the second failed
 > ...
 >  return OK;
 >   }
 > } else {
 >   # Child process: fork again to detach from parent process
 >   $child=fork;
 >   CORE::exit( 0 ) if( $child ); # parent exits
 >   unless( defined $child ) {
 > ...
 >  CORE::exit( 1 );
 >   }
 >   # Now we are the 2nd child process.
 >   $self->disconnect_from_apache;
 >   $self->doit( ... );   # <== here comes the real code
 >   CORE::exit( 0 );
 > }
 > 
 > ...
 > 
 > $self->doit() is called in a separate process group and is not killed by a 
 > signal sent to the apache process group. Further, all files save STDERR are 
 > closed. This is needed since the code runs under mod_perl and the long 
 > running child process inherits the open connection to the browser. If this 
 > connection is not closed the browser shows an endless spinning globe or 
 > something like that in the upper right corner.
 > 
 > Torsten
 > -BEGIN PGP SIGNATURE-
 > Version: GnuPG v1.0.7 (GNU/Linux)
 > 
 > iD8DBQE/OSIAwicyCTir8T4RAv3RAKCXdpbHLQepeOZFCyXt1KkMVGnwPgCeNu7X
 > hlC1NSEv0NsA7LlM7lol7wI=
 > =xId6
 > -END PGP SIGNATURE-
 > 

RE: How to restart the root server from within modperl?

[Egor Shipovalov]

In fact, I'm using 'killall httpd', which effectively kills every httpd
process. The drawback is that you need /proc available and that it may kill
httpd's belonging to another Apache.

But afrer all, you can always write awk script that would parse ps output
and do exactly what you want.

Egor.

> One word of caution; killing just the parent httpd process will likely
> cause a lot of zombie processes since the parent process has died and
> will not be available to receive SIGCHLD. I don't have a solution, just
> thought I would offer a possible symptom to look out for.


>
> On Tue, 2003-08-12 at 12:38, Egor Shipovalov wrote:
> > Why not start the Apache from a shell script that would always start it
> > again if it dies?
> > To restart the Apache then, you'd just kill the root httpd with
> apachectl.
> > Killing the paernt shell script would terminate the whole operation.
> >
> > Egor.
> >
> > > -Original Message-
> > > From: Dirk Lutzebaeck [mailto:[EMAIL PROTECTED]
> > > Sent: Tuesday, August 12, 2003 1:17
> > > To: [EMAIL PROTECTED]
> > > Subject: How to restart the root server from within modperl?
> > >
> > >
> > >
> > > Hi,
> > >
> > > how can I restart the root httpd server from within modperl? My
> > > problem is that when I call system() with say apachectl restart the
> > > father process is stopped killing the children including the apachectl
> > > itself. So it can't start of again. Can I call something like a reload
> > > of httpd.conf?
> > >
> > > Why I want to do this? I have a set of configurations and file links
> > > for different versions for my modperl application which I
> want to activate
> > > from the modperl application itself (having a HTML user interface).
> > >
> > > Thanks for help,
> > >
> > > Dirk
> --
>
>

Re: How to restart the root server from within modperl?

[Dirk Lutzebaeck]

Martin Langhoff writes:
 >  >>how can I restart the root httpd server from within modperl?
 > 
 > Use `at` to schedule it a minute in the future -- effectively forking it.

Yes, also thought of that but the smallest unit of 'at' is minutes and
I want to restart the server immediately.

 > Note that normally apache starts as root and runs as an unprivileged 
 > user. If this is the case you _can_ achieve it using a suid wrapper or 
 > sudo, but you'll risk opening a very serious security hole in the 
 > system. So don't. Instead, run apache as a regular user, on a high port.

I used sudo.

Dirk

Re: How to restart the root server from within modperl?

[Frank Maas]

On Tue, Aug 12, 2003 at 11:50:01AM +0200, Dirk Lutzebaeck wrote:
> 
> Dennis Stout writes:
>  > On a whim, I would try writing a second script to do the actual shutdown and
>  > restart of Apache.
>  > 
>  > Then have your mod_perl program either run it in the background (with a &) or
>  > fork it into another process.
> 
> Did exactly that but is has the effect that when the parent (root)
> apache is killed it kills all children including the script itself. So
> the server wont start again.

Since you are talking about a management tool via http, you might consider
using a second server process for this. If you select the 'restart link'
then under water you need to (a) startup a server on a different port,
(b) redirect to a URI on that server, (c) make it that that URI restarts
the main server as you would normally do, (d) clean up the second server
as soon as the main server restarts.
You can do this in a sophisticated manner by creating a httpd config on
the fly, using a unique restart-URI, thus avoiding the most obvious 
security risks.

Might work...

--Frank

Re: How to pass parameters from the UNIX command line ?

[Fabián R. Breschi]

Thanks to everybody,

I have opted for using libwwwperl which it looks like to be the more 
straightforward method to use CL commands into cron jobs with GET or 
lwp-download.

Fab.

Re: How to pass parameters from the UNIX command line ?

[Jean-Sebastien Guay]

> > http://server.domain.com/cgi-bin/MyProcedure.pl?cust_id=x
> >
> > I'd like to make a cron job to source the above PERL script as from
> > the command line to resemble something like:
> >
> > perl /usr/local/apache/cgi-bin/MyProcedure.pl   << need to pass the
> > parameter here as cust_id=x
>
> [...]
> Or use GET from the commandline with the uri behind it. This
> makes it a proper request to your webserver, issued from the command-
> line (or crontab in this case).

Or 'lynx -source
http://server.domain.com/cgi-bin/MyProcedure.pl?cust_id=x'

J-S

___
Jean-Sébastien Guay  [EMAIL PROTECTED]
Software Developer, Hybride http://www.hybride.com
Piedmont, Québec, Canada

RE: How to pass parameters from the UNIX command line ?

[Frank Maas]

 
> http://server.domain.com/cgi-bin/MyProcedure.pl?cust_id=x
> 
> I'd like to make a cron job to source the above PERL script as from
> the command line to resemble something like:
> 
> perl /usr/local/apache/cgi-bin/MyProcedure.pl   << need to pass the
> parameter here as cust_id=x 

I am very doubtful if running a mod_perl script from the commandline
would make any sense... There is no Apache:: in that context to name
something. You could do something tacky with Apache::FakeRequest, but
it's far better to write a proper, not web-tuned, script to do the
chore. Or use GET from the commandline with the uri behind it. This 
makes it a proper request to your webserver, issued from the command-
line (or crontab in this case).

--Frank

Re: how to extend CPAN module?

[Stas Bekman]

  wrote:
Hi, 

How to correctly extend CPAN module, perldoc only explains how to create
CPAN module from scratch,
but what about extending? I want to add some Foo::My.pm to existing Foo
bundle.
Which Makefile.PLs should patched? all? just one in subsdirectory 'mod'?
Any link?
Please ask only mod_perl specific question at the mod_perl list. There are 
plenty other lists and discussion forums that can answer generic perl 
questions. Good starting point are:

http://perl.apache.org/docs/offsite/other.html#Perl
http://lists.perl.org/.
__
Stas BekmanJAm_pH --> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

Re: How to share subroutine

[Thomas Klausner]

:Hi!

On Wed, Jul 16, 2003 at 10:46:27PM +0100, Ged Haywood wrote:
> Hi there,
> 
> On Wed, 16 Jul 2003, Matthew Wu wrote:
> 
> >I put all my subroutine in file.pm, what I need to do such that it
> > can be used by my program? I don't what location I need to put it in and
> > what kind of configuration I need to modify. I am running Redhat 6.3.
> 
> At the risk of repetition... :)

Ha! :-)

> This is a mailing List specifically for mod_perl issues.
> Are you using mod_perl?

If you're using mod_perl, you might find this helpful:
http://perl.apache.org/docs/general/perl_reference/perl_reference.html#userequiredo_INC_and__INC_Explained
and
http://perl.apache.org/docs/1.0/guide/config.html#The_Startup_File

especially:
  use lib qw(/path/to/module);

But, as Ged allready mentioned, please RTFM! The mod_perl docs are really
great, so please DO read them.

http://perl.apache.org


-- 
#!/usr/bin/perl   http://domm.zsi.at
for(ref bless{},just'another'perl'hacker){s-:+-$"-g&&print$_.$/}

Re: How to share subroutine

[Ged Haywood]

Hi there,

On Wed, 16 Jul 2003, Matthew Wu wrote:

>I put all my subroutine in file.pm, what I need to do such that it
> can be used by my program? I don't what location I need to put it in and
> what kind of configuration I need to modify. I am running Redhat 6.3.

At the risk of repetition... :)

This is a mailing List specifically for mod_perl issues.
Are you using mod_perl?

For general Perl questions, if you are using RH6.2 you can start by
reading some of the enormous quantities of Perl documentation that
should already be on your computer.  There are also a few good books,
I guess your library should be able to get them for you but you really
need to buy a few of them if you are going to work with mod_perl.  You
will see some suggestions on the mod_perl Web site, perl.apache.org.

Please don't ask general Perl questions here.  On Linux, start with

perldoc perldoc

and 

perldoc perlfaq

and for your particular question

perldoc -f use

but you really need to do that reading.

73,
Ged.

Re: how to unsubscribe from this list

[Stas Bekman]

Jordan Ward wrote:
Can someone please direct me to where I can unsubscribe from this list.
it's in the mail headers:

list-help: 
list-unsubscribe: 
list-post: 
--

__
Stas BekmanJAm_pH --> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

Re: how to make sure code wasn't changed

[Randal L. Schwartz]

> "Mike" == Mike Zelina <[EMAIL PROTECTED]> writes:

Mike> Here's my question: has anyone setup a clever way, possibly
Mike> using CRC/MD5 analysis, to check to make sure code hasn't been
Mike> changed?  I don't care if someone steals it or gives it to their
Mike> friends, but I don't want the code to yield results if it's been
Mike> modified - either intentionally or on accident - because it
Mike> could give false results.  These are sales guys machines which
Mike> (no offense to any sales people lurking on this list) means
Mike> anything can and probably will happen.  I realize that someone
Mike> could circumvent a CRC check just by changing the CRC check
Mike> number, but I'm not worried...  if they are that clever kudos to
Mike> them.

And are you also providing a way to set up those MD5s so that maintenance
can be performed by someone other than you if you get hit by a bus?

If not, then I'd not be paying you one dime if you were my vendor.

You make yourself irreplacable by providing a good product at a fair
price, not by holding your customer hostage so that they can only get
support through you.

This is the creed and core philosophy of open source.  Do not stand on
the shoulders of the giants who have gone before you and drool onto
their face.

-- 
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<[EMAIL PROTECTED]> http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!

Re: how to make sure code wasn't changed

[Patrick Mulvany]

On Thu, May 29, 2003 at 06:02:10PM -0700, Mike Zelina wrote:
> Here's my question:  has anyone setup a clever way, possibly using CRC/MD5 analysis,
> to check to make sure code hasn't been changed?  I don't care if someone steals it or
> gives it to their friends, but I don't want the code to yield results if it's been 
> modified - either
> intentionally or on accident - because it could give false results.

Some time ago I was experimenting with a PerlTransHandler that did an MD5 digest of 
the called URL and used that as the translated file name. People tend not to play 
around with code if they are not even sure what script is which.

Hope that helped

Paddy

RE: how to secure perl modules?

[wsheldah]

Regarding the use of source filters, they only seemed to cause me trouble
under mod_perl. A while ago I tried using Switch.pm, another source filter
from Damian that provides a switch... case sort of syntax, together with
HTML::Mason and mod_perl. It led to some really strange errors that didn't
really make sense, but the errors went away when I stopped using Switch.

Wes



Perrin Harkins <[EMAIL PROTECTED]> on 05/29/2003 05:56:05 PM

To:[EMAIL PROTECTED]
cc:John Saylor <[EMAIL PROTECTED]>, modperl
   <[EMAIL PROTECTED]>
Subject:RE: how to secure perl modules?


On Thu, 2003-05-29 at 17:41, Kirk Rogers wrote:
> why the scarcasm?

You asked a very loaded question that is guaranteed to get you a lot
angry responses on most Perl mailing lists.  Hiding your source code is
a FAQ
(
http://perldoc.com/perl5.8.0/pod/perlfaq3.html#How-can-I-hide-the-source-for-my-Perl-program-
) so the real question is more whether or not the method you've chosen to
hide it works with mod_perl.  I believe source filters do work, although
I've never tried them myself.  If you search in the mail archives you'll
find many long and flaming threads on the subject.

Personally, I would appreciate it if everyone would let this thread die
quietly unless they have something specific to add about the use of
source filters (or alternate methods) with mod_perl.  If you want to
argue the ethics of hiding source code, please do it off the list.

 - Perrin

Re: how to secure perl modules?

[Martin Moss]

Hi All,

Just to throw a spanner in the works, a little while ago I came across the
following Article on the Net.

http://www.perl.com/pub/a/2002/10/15/radiator.html
>From what I can tell The author of the 'radiator' product claims to have
successfully shipped 'encrypted' code.
I've been pondering how to do this for ages anyay, I realise it's not
completely foolproof, but I'm trying to find a mechanism that would stop
anybody but a perl litterate hacker from getting at my code.

Marty

- Original Message - 
From: "Thomas Klausner" <[EMAIL PROTECTED]>
To: "modperl" <[EMAIL PROTECTED]>
Sent: Friday, May 30, 2003 8:58 AM
Subject: Re: how to secure perl modules?


> Hi!
>
> On Thu, May 29, 2003 at 10:27:54AM -0700, iCap wrote:
> > i have a collection of perl modules (running under the mod_perl
umbrella)
> > and would like to distribute the application to several different
sources
> > (clients with open internet web servers).  but i dont want to send it
out
> > without at least making it somewhat difficult for some hacker to just
simply
> > steal it and load it somewhere else without my consent.  what options do
i
> > have (if any) to secure the code so that it can't be 'easily' stolen?
> > 'easily' being the operative word here, as i realize it wont be 100%
safe no
> > matter what i do.
> > the ideal would be to perhaps encrypt some of the code, maybe a few of
the
> > base configuration modules, maybe even the startup.pl file, others?
>
> If you want to make it hard to read the code, use an Obfuscator (eg.
> Acme::EyeDrops)
>
> If want to really secure your code: it's not possible, see this thread on
> perlmonks:
> http://www.perlmonks.org/index.pl?node_id=243011
> or search in the mailinglist archives. This questions was discussed here a
> few times.
>
> -- 
> #!/usr/bin/perl   http://domm.zsi.at
> for(ref bless{},just'another'perl'hacker){s-:+-$"-g&&print$_.$/}
>

Re: how to secure perl modules?

[Thomas Klausner]

Hi!

On Thu, May 29, 2003 at 10:27:54AM -0700, iCap wrote:
> i have a collection of perl modules (running under the mod_perl umbrella)
> and would like to distribute the application to several different sources
> (clients with open internet web servers).  but i dont want to send it out
> without at least making it somewhat difficult for some hacker to just simply
> steal it and load it somewhere else without my consent.  what options do i
> have (if any) to secure the code so that it can't be 'easily' stolen?
> 'easily' being the operative word here, as i realize it wont be 100% safe no
> matter what i do.
> the ideal would be to perhaps encrypt some of the code, maybe a few of the
> base configuration modules, maybe even the startup.pl file, others?

If you want to make it hard to read the code, use an Obfuscator (eg.
Acme::EyeDrops)

If want to really secure your code: it's not possible, see this thread on
perlmonks:
http://www.perlmonks.org/index.pl?node_id=243011
or search in the mailinglist archives. This questions was discussed here a
few times.

-- 
#!/usr/bin/perl   http://domm.zsi.at
for(ref bless{},just'another'perl'hacker){s-:+-$"-g&&print$_.$/}

Re: how to secure perl modules?

[Ged Haywood]

Hi there,

On Thu, 29 May 2003, Kirk Rogers wrote:

> i have a collection of perl modules  ...  i dont want to send it out
> without at least making it somewhat difficult for some hacker to just simply
> steal it and load it somewhere else without my consent.

This is getting to be an old chestnut, I wonder if we should
specifically forbid discussion of it in the email-etiquette doc.?

The best way to do what you want is to code it in C, compile it and
send out only the compiled executables, a bit like that firm up in the
North-West USA.  There are -ahem- Open Source packages to translate
Perl into C and/or bytecode, but then I suppose you wouldn't get much
help from this List with C programs...

It does seem a bit rich to take all the free stuff you can from CPAN
and then try to deny everyone else the fruits of your own labours.

But I suppose it's a free world, at least in parts.

73,
Ged.

RE: how to secure perl modules?

[Perrin Harkins]

On Thu, 2003-05-29 at 17:41, Kirk Rogers wrote:
> why the scarcasm?

You asked a very loaded question that is guaranteed to get you a lot
angry responses on most Perl mailing lists.  Hiding your source code is
a FAQ
(http://perldoc.com/perl5.8.0/pod/perlfaq3.html#How-can-I-hide-the-source-for-my-Perl-program-)
 so the real question is more whether or not the method you've chosen to hide it works 
with mod_perl.  I believe source filters do work, although I've never tried them 
myself.  If you search in the mail archives you'll find many long and flaming threads 
on the subject.

Personally, I would appreciate it if everyone would let this thread die
quietly unless they have something specific to add about the use of
source filters (or alternate methods) with mod_perl.  If you want to
argue the ethics of hiding source code, please do it off the list.

- Perrin

Re: how to secure perl modules?

[David Dick]

you seem to be talking about two different things here. 
firstly, do you want to protect your source code being viewed by other 
people?
secondly, do you want to ensure that your code is only being run on 
computers that you have authorised?
these are related problems, but each requires a different method of 
solving it.

the other question that is useful to ask is how many days of effort will 
be required to secure your program and compare that with how much your 
clients would value that amount of time being used in development of new 
features instead?

uru
-Dave
Kirk Rogers wrote:

i have a collection of perl modules (running under the mod_perl umbrella)
and would like to distribute the application to several different sources
(clients with open internet web servers).  but i dont want to send it out
without at least making it somewhat difficult for some hacker to just simply
steal it and load it somewhere else without my consent.  what options do i
have (if any) to secure the code so that it can't be 'easily' stolen?
'easily' being the operative word here, as i realize it wont be 100% safe no
matter what i do.
the ideal would be to perhaps encrypt some of the code, maybe a few of the
base configuration modules, maybe even the startup.pl file, others?
any suggestions would be appreciated,
thanks


 

RE: how to secure perl modules?

[Kirk Rogers]

why the scarcasm?

>-Original Message-
>From: John Saylor [mailto:[EMAIL PROTECTED]
>Sent: Thursday, May 29, 2003 2:34 PM
>To: [EMAIL PROTECTED]
>Cc: modperl
>Subject: Re: how to secure perl modules?
>
>
>hi
>
>( 03.05.29 14:25 -0700 ) Kirk Rogers:
>> but i dont want to send it out without at least making it somewhat
>> difficult for some hacker to just simply steal it and load it
>> somewhere else without my consent.
>
>why not? have you ever read the GNU manifesto?
>http://www.gnu.org/gnu/manifesto.html
>
>and how do you know it won't be a script kiddie, or middle manager, or
>someone just like you [but a little less experienced] that 'steals' it?
>
>> any suggestions would be appreciated
>
>license it under GPL and count it as a donation to the good of the
>species. or, if you're more self-directed, a step toward release from
>the endless cycle of death and rebirth.
>
>-- 
>\js
>
>

Re: how to secure perl modules?

[John Saylor]

hi

( 03.05.29 14:25 -0700 ) Kirk Rogers:
> but i dont want to send it out without at least making it somewhat
> difficult for some hacker to just simply steal it and load it
> somewhere else without my consent.

why not? have you ever read the GNU manifesto?
http://www.gnu.org/gnu/manifesto.html

and how do you know it won't be a script kiddie, or middle manager, or
someone just like you [but a little less experienced] that 'steals' it?

> any suggestions would be appreciated

license it under GPL and count it as a donation to the good of the
species. or, if you're more self-directed, a step toward release from
the endless cycle of death and rebirth.

-- 
\js

Re: How to make apache with both mod_perl and mod_ssl?

[Stas Bekman]

Charlie Smith wrote:
How to make apache with both mod_perl and mod_ssl?
RTFM:
http://perl.apache.org/docs/1.0/guide/install.html#Installation_Scenarios_for_mod_perl_and_Other_Components


__
Stas BekmanJAm_pH --> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

Re: how to make an Alias?

[Abdul-wahid Paterson]

Hi,

Alias /cctvimages/ /home/me/images/

Should do it.

Regards,

Abdul-Wahid


On Thu, 2003-03-13 at 18:35, mel awaisi wrote:
> Hi list
> 
> How do i make an alias on my webserver?
> 
> i have images on my machine located in /home/me/images/. i would like to be 
> able to access them on /home/httpd/htdocs/
> 
> i have tried this:
> Alias /home/me/images/ "/home/httpd/htdocs/cctvimages/"
> 
> i have mkdir cctvimages in /home/http/htdocs/cctvimages
> 
> Regards,
> 
> Mel
> 
> P.S. i have Apache 1.3.27
> 
> _
> Chat online in real time with MSN Messenger http://messenger.msn.co.uk


signature.asc
Description: This is a digitally signed message part

Re: how to take advantage of mod_perl and analize effectiveness ofefforts?

[Perrin Harkins]

On Fri, 2003-03-07 at 18:21, Charlie Smith wrote:
> What is being cached by the mod_perl?

You should definitely read the mod_perl documentation that another
poster pointed you to.  However, let me address your core question about
what is being cached with mod_perl.

Technically, mod_perl doesn't cache any differently from Perl itself. 
When Perl code gets compiled to bytecode it stays in memory until the
Perl interpreter exits.  The key difference between mod_perl and Perl
CGI is that mod_perl keeps the interpeter alive between requests and
thus keeps the compiled bytecode in memory as well.  This is what people
mean by caching code.

Some frameworks that you can use with mod_perl, like Mason or Embperl,
cache other things as well.  This is explained in their documentation.

There are ways of configuring mod_perl to automatically pick up changes
in your code.  This is all described in the mod_perl documentation.

- Perrin

Re: how to take advantage of mod_perl and analize effectiveness ofefforts?

[Ken Y. Clark]

On Fri, 7 Mar 2003, Charlie Smith wrote:

> Date: Fri, 07 Mar 2003 16:21:15 -0700
> From: Charlie Smith <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: how to take advantage of mod_perl and analize effectiveness of
> efforts?
>
> A couple questions:
> In order to take advantage of mod_perl, do you need to restart the apache
> server, after making changes to a perl routine?
>
> What is being cached by the mod_perl?  Is is just the perl executable, or
> compiled in modules, or modules you have
> written in cgi directories?
>
> How to tell if code is being cached?
>
> Can user code be made to use mod_perl caching?
>
> How to optimize code to make more efficient under mod_perl?
>
>
> So, basically, how to take advantage of mod_perl and analize effectiveness of
> efforts?
>
> a little puzzled,
> Charlie Smith
> x2791
> 3/7/03

Charlie,

I would say that most of your questions will be answered if you spend
a little time with the very excellent documentation which is available
for free here:

http://perl.apache.org/guide

(I'm not trying to be rude here, but I can't summarize better for you
the answers to your questions than what has been already done.  This
is just a friendly RTFM.  :-)

ky

Re: How to figure out with what options a mod_perl is built

[Richard Clarke]

> Hi,
>
> Is there a way, like PHP has   , to figure out with
> what options a standard  linux distribution mod_perl is built ?
>
> I would like to know if it was built with EVERYTHING=1 or if
> PERL_CHILD_INIT=1
>

http://perl.apache.org/docs/1.0/guide/install.html#Discovering_Whether_Some_
Option_Was_Configured

perl -MApache::MyConfig -e 'print $Apache::MyConfig::Setup{PERL_CHILD_INIT}'

The manual also suggests this,

If you are faced with a compiled Apache and no trace of the parameters used
to build it, you can usually still find them if the sources were not make
clean'd. You will find the Apache specific parameters in
apache_1.3.xx/config.status and the mod_perl parameters in
mod_perl-1.xx/apaci/mod_perl.config.

Though personally the mod_perl.config file doesn't exist for me.

I've never needed to do this so I'm only regurgitating the search results of
http://perl.apache.org/search/swish.cgi?query=build+options&sbm=&submit=sear
ch

Ric.

Re: How to figure out with what options a mod_perl is built

[Ilya Martynov]

> On Sun, 02 Mar 2003 14:47:12 +0100, Feite Brekeveld <[EMAIL PROTECTED]> said:

FB> Hi,
FB> Is there a way, like PHP has   , to figure out with
FB> what options a standard  linux distribution mod_perl is built ?

FB> I would like to know if it was built with EVERYTHING=1 or if
FB> PERL_CHILD_INIT=1

You can use Apache::Status. See its perldoc for details.

-- 
Ilya Martynov,  [EMAIL PROTECTED]
CTO IPonWEB (UK) Ltd
Quality Perl Programming and Unix Support
UK managed @ offshore prices - http://www.iponweb.net
Personal website - http://martynov.org

Re: How to avoid loss of POST data in a good way?

[Geoffrey Young]

Frank Maas wrote:
Hi,

Excuse me for this question that is, without question, due to my newbie-
ness, but I am against a wall here. I am creating a website that is running
under mod_perl and using several handlers of the chain. The website uses
the POST method to send form data.
I first used Apache::Request->new() in all handlers, but that made that I
"lost" the posted data after its first use. OK, this was somewhere in the
manuals and books and I changed to instance(). My problem begins when I
use CPAN or other already-made modules that seem not to respect this and
again the posted data got lost.
I have an experimental module that may address your concerns:

http://www.modperlcookbook.org/~geoff/modules/experimental/Apache-CachePOSTRegistry-0.01.tar.gz

it's not documented, but really all you do is replace Apache::Registry with 
Apache::CachePOSTRegistry in your httpd.conf then make sure you use 
Apache::Request->instance() inplace of new().

it's not a complete solution, but it solves the problem of when you want to 
use POST data throughout the request but you need to use CGI.pm or some 
other legacy script for the content phase.

there is some additional information near the end of this talk

http://www.modperlcookbook.org/~geoff/slides/ApacheCon/oo-mod_perl-printable.ppt.gz

HTH

--Geoff

Re: How to find out if mod_perl is running

[Stas Bekman]

Gazi, Nasser (London) wrote:

I have a very simple question (please excuse me if it is too simple).

I need to find out if of one of my Linux servers is running mod_perl, and if
so, which version it is running. Any suggestions as to how I can do this?


Use the guide:
http://perl.apache.org/docs/1.0/guide/install.html#How_can_I_tell_whether_mod_perl_is_running_


__
Stas BekmanJAm_pH --> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

Re: How to find out if mod_perl is running

[Serguei Trouchelle]

Gazi, Nasser (London) wrote:

I have a very simple question (please excuse me if it is too simple).

I need to find out if of one of my Linux servers is running mod_perl, and if
so, which version it is running. Any suggestions as to how I can do this?


perldoc mod_perl


GATEWAY_INTERFACE
The standard CGI environment variable GATEWAY_INTERFACE is set to
"CGI-Perl/1.1" when running under mod_perl.

MOD_PERL
The environment variable `MOD_PERL' is set so scripts can say:

 if(exists $ENV{MOD_PERL}) {
 #we're running under mod_perl
 ...
 }
 else {
 #we're NOT running under mod_perl
 }



--
Serguei Trouchelle
  http://www.isd.dp.ua/

Re: How to find out if mod_perl is running

[Pierre Smolarek]

lynx -head http://www.yourdomainname.com

if you have lynx that is

- Original Message -
From: "Gazi, Nasser (London)" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, February 17, 2003 5:30 PM
Subject: How to find out if mod_perl is running


> I have a very simple question (please excuse me if it is too simple).
>
> I need to find out if of one of my Linux servers is running mod_perl, and
if
> so, which version it is running. Any suggestions as to how I can do this?
>
> Thanks,
> NG

Re: How to test for mod_perl

[Richard]

Thank you VERY much!!!
I've bookmarked that site!

Have a good day!


- Original Message -
From: "Stas Bekman" <[EMAIL PROTECTED]>
To: "Richard" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Monday, January 27, 2003 5:30 PM
Subject: Re: How to test for mod_perl


> Richard wrote:
> > Ok, I just installed apache::asp which forced the install of mod_perl.
> >
> > How do I test to see if mod_perl is running ok on any given server?
> >
> > Thanks!
> >
> > PS. I'm currently reading the manpage mod_perl that is on my server,
> > thus far
> > I don't see anything regarding testing that it works.
>
> http://perl.apache.org/docs/1.0/guide/getwet.html
>
http://perl.apache.org/docs/1.0/guide/install.html#How_can_I_tell_whether_mo
d_perl_is_running_
>
> --
>
>
> __
> Stas BekmanJAm_pH --> Just Another mod_perl Hacker
> http://stason.org/ mod_perl Guide ---> http://perl.apache.org
> mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
> http://modperlbook.org http://apache.org   http://ticketmaster.com
>
>
>

Re: How to test for mod_perl

[Stas Bekman]

Richard wrote:

Ok, I just installed apache::asp which forced the install of mod_perl.
 
How do I test to see if mod_perl is running ok on any given server?
 
Thanks!
 
PS. I'm currently reading the manpage mod_perl that is on my server, 
thus far
I don't see anything regarding testing that it works.

http://perl.apache.org/docs/1.0/guide/getwet.html
http://perl.apache.org/docs/1.0/guide/install.html#How_can_I_tell_whether_mod_perl_is_running_

--


__
Stas BekmanJAm_pH --> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

Re: how to detect a broken connection using mod_proxy

[Ged Haywood]

Hi Stas,

Welcome back!  How was China?

On Mon, 11 Nov 2002, Stas Bekman wrote:

> Anybody knows of similar to mod_proxy modules that do play nicely with 
> the backend regarding aborted connections?

I think dapi said his mod_accel might do that, and wasn't mod_deflate
supposed to do something like that too?  Can't remember.

73,
Ged.

Re: how to detect a broken connection using mod_proxy

[Robert Landrum]

On Mon, Nov 11, 2002 at 11:51:12PM +0800, Stas Bekman wrote:
> > heavy sql stm's. after each one of them i would like to check if the
> > client is still there so that i will proceed to the next one or just
> > return OK and forget about the request).
> 
> As far as I know you can't do that, since mod_proxy doesn't cooperate 
> with the backend.
> 
> Anybody knows of similar to mod_proxy modules that do play nicely with 
> the backend regarding aborted connections?
> 

I've never used it, but wasn't mod_backhand supposed to do this?

Rob

-- 
Robert Landrum
Systems Programmer

Re: how to detect a broken connection using mod_proxy

[Stas Bekman]

giorgos wrote:

hi all,

i am running standard setup with one plain apache with mod_proxy and a
mod_perl apache to which all mod_perl requests are directed by the proxy
module.

i want to be able to detect when the client connection breaks but all
standard recipes like the one mentioned in p.147 of the cookbook don't
work due the use of mod_proxy.

does anyone know of a trick to detect when the connection is broken in
such a scenario so that i can free up cpu resources? (i have a set of 4
heavy sql stm's. after each one of them i would like to check if the
client is still there so that i will proceed to the next one or just
return OK and forget about the request).


As far as I know you can't do that, since mod_proxy doesn't cooperate 
with the backend.

Anybody knows of similar to mod_proxy modules that do play nicely with 
the backend regarding aborted connections?


__
Stas BekmanJAm_pH --> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:stas@;stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

Re: How to parse after reading POST data in mod_perl 2 ?

[Sumitro Chowdhury]

Thanks Philippe for the tip.
After looking at Apache2::Apache::compat and some
input from Randy Kobes, I came up with the following
package called getform.pm which gets the form data
into a hash without using Apache::compat.

(Hope it will help some newbie !!):

package ModPerl::getform;

use strict;
use Apache::Reload;

sub handler {
my $r = shift;

$r->content_type('text/html');

my $form_input;

# Read in the form - data 
# 
   
$r->read($form_input,$r->headers_in->{'Content-length'});
$r->setup_client_block;
print "Error" unless $r->should_client_block;
   
$r->get_client_block($form_input,$r->headers_in->{'Content-length'});

my @args = map {
   
s/%([0-9a-fA-F]{2})/pack("c",hex($1))/ge;
s/\+/ /g;
$_;
   } split /[=&;]/, $form_input, -1;

my %input;
while (my ($name,$value) = splice @args,0,2) {
push @{$input{$name}}, $value;
}

$r->send_http_header;
print "I got the following info:";

foreach (keys %input) {
print "$_ => @{$input{$_}}";
}


return Apache::OK;
}
1;

Thanks guys,
This is a great list.

Sumitro Chowdhury.

--- "Philippe M. Chiasson" <[EMAIL PROTECTED]> wrote:
> On Fri, 2002-11-01 at 03:41, Sumitro Chowdhury
> wrote:
> > Hi all,
> > Please help ...
> > 
> > Using  Apache/2.0.43 (Unix) mod_perl/1.99_07-dev
> > Perl/v5.8.0 .
> > 
> > I read in POST data from Form using
> > $r->read($buff,$r->headers_in->{'Content-length'})
> > 
> > Since I donot use Apache::compat, what API methods
> are
> > available to parse this string data ? ( possibly
> > convert it to a hash )
> 
> There isn't anything readily avaliabe for the
> moment, but take a look
> at parse_args() in Apache::compat for a good working
> example.
> 
> 
> 
>

> Philippe M. Chiasson /gozer\@(cpan|ectoplasm)\.org/


__
Do you Yahoo!?
HotJobs - Search new jobs daily now
http://hotjobs.yahoo.com/

Re: How to limit the size of requests ?

[WC -Sx- Jones]

[follow-ups set]

PMFJI:

Buffer overflow in this case happened because of sub-requests - which 
are hard to deal with at any rate.

The actual GET/POST had nothing to do with the insecure action as far 
as this issue is concerned, the side effect was caused by the way the 
sub-request handled the execution/hand-off, so the hack was 
approximately 50 bytes in size (BTW, I have the BSD C source code for 
the hack if you want it.)

And yes, not to toot any horns, but 'them Apache Groupies' are pretty 
sharp !  ;)


HTH/Sx :]
(just another ApacheCon 2000 Orlando Speaker :)


On Friday, August 30, 2002, at 02:33 PM, HalbaSus wrote:

> than packetstorm and securityfocus ? Buffer owerflow under 500 
> characters ???

Re: Re: How to limit the size of requests ?

[Vasile Borcan]

> >On Friday, 2002-08-30 at 18:33:13 +, HalbaSus wrote: >

>> About that stoopid way of preventing buffer owerflows...
Well, tell me a >> better one. Of course you can patch known
bugs. But... how are you gonna >> prevent new buffer owerflows
? >

>Auditing?

don't you think that before releasing any version of apache
they DID some auditing ? just because you don't find any
buffer owerflows it doesn't mean that there are NO buffer
owerflows

> >> What if the guys with 0-day warez are faster >> than
packetstorm and securityfocus ?

>Read BUGTRAQ and Full-Disclosure. But as I said, you can't
prevent this >from happening. If you could by simply writing a
wrapper, how many >protective wrappers would we have now? More
than a newly wed couple at >the start of their honeymoon.

First of all I'm on securityfocus's and bugtraq mailing list
and I'm regularly checking packetstorm. Still I have friends
in the underground who did have for example that famous wu
2.6.2 exploit before the vulnerability was =FOUND= officially
(and by this I don't mean releasing the exploit on packetstorm
or anything).

A protective wrapper doesn't always protect you (it would be
hard to filter out all the IIS/unicode/msadc/sql bugs) and I
know that limiting the input doesn't mean 100% security
BUT... 1. I've been looking at these new apache exploits and
all of them send huge amounts of data (not mentioning
bruteforce options when the sent data can be compared to a a
DoS tool :). 2. My site the way it is doesn't require forms 'n
stuff... when it will I will change the limitations.

> >> Buffer owerflow under 500 characters ??? >

>Sure. There are single-byte overflow exploits in
circulation. >

Really, I don't think an apache exploit will be able to send
a buffer owerflow under at least 500 characters... (all
exploits in circulation for apache send much more than that).

>> (don't forget that it has to be inserted in a valid input
field (User Agent, >> or something)). And that 500 char. limit
was just like a guessing... it's not >> really something i
calculated. >

You know what ? Closing telnet, rpc, imap and all unusefull
services is not a "cool" way to secure your system. Yet it's
workin quite well. I'm not saying that this is the most
profesional aproach of security. But it's workin (just for the
sake of testing I instaled apache 1.3.24 on my freeBSD and ran
the apache-nojob exploit. Successfully! I aplied the
limitations and the exploits crashed after a few lines. Simple
as that. It's not the best sollution but it's certanly
working)

> >> If you want to see how does a b0f act start >>
/apache-nojob localhost:69 (and fire up a netcat listening on
port 69) >> About the posting stuff.. don't worry about
that... my site doesn't need to do >> posting... so...
everybody's happy :) >

>I'm not arguing about what your site needs (actually I
expected so much, >but things change, and *presto* you have
your first feedback form ;-), >but what to do about Apache
(and mod_perl) security in general. You >know, these
discussions find their ways into archives, and somebody else
>might find this thread looking for advice. >

>So I want in no way to prevent you from doing with your
webserver >whatever you choose to do (Romania is a free
country, too! And I'm glad >about that), just to point out
that this gains you little and may in >fact weaken your
security.

Well as I said before, and really, this should end the
discusion, I'm not preaching for limiting the input and not
worying about new vulnerabilities, patches, etc... BUT... It's
a good way to prevent buffer owerflows and DoS attacks. That's
all... It might be a little bit dirty and totally unacceptable
for some sites (using forms for example) but adds some extra
security to a patched apache... that's all

>HTH, >Lupe Christoph >-- >| [EMAIL PROTECTED] |
http://www.lupe-christoph.de/ | >| Big Misunderstandings
#6398: The Titanic was not supposed to be | >| unsinkable. The
designer had a speech impediment. He said: "I have | >| thith
great unthinkable conthept ..." |




Home, no matter how far...
http://www.home.ro

Re: How to limit the size of requests ?

[Lupe Christoph]

On Friday, 2002-08-30 at 18:33:13 +, HalbaSus wrote:

> About that stoopid way of preventing buffer owerflows... Well, tell me a 
> better one. Of course you can patch known bugs. But... how are you gonna 
> prevent new buffer owerflows ?

Auditing?

> What if the guys with 0-day warez are faster 
> than packetstorm and securityfocus ?

Read BUGTRAQ and Full-Disclosure. But as I said, you can't prevent this
from happening. If you could by simply writing a wrapper, how many
protective wrappers would we have now? More than a newly wed couple at
the start of their honeymoon.

> Buffer owerflow under 500 characters ??? 

Sure. There are single-byte overflow exploits in circulation.

> (don't forget that it has to be inserted in a valid input field (User Agent, 
> or something)). And that 500 char. limit was just like a guessing... it's not 
> really something i calculated.

This is no way to approach a security problem.

> If you want to see how does a b0f act start 
> /apache-nojob localhost:69  (and fire up a netcat listening on port 69)
> About the posting stuff.. don't worry about that... my site doesn't need to do 
> posting... so... everybody's happy :)

I'm not arguing about what your site needs (actually I expected so much,
but things change, and *presto* you have your first feedback form ;-),
but what to do about Apache (and mod_perl) security in general. You
know, these discussions find their ways into archives, and somebody else
might find this thread looking for advice.

So I want in no way to prevent you from doing with your webserver
whatever you choose to do (Romania is a free country, too! And I'm glad
about that), just to point out that this gains you little and may in
fact weaken your security.

HTH,
Lupe Christoph
-- 
| [EMAIL PROTECTED]   |   http://www.lupe-christoph.de/ |
| Big Misunderstandings #6398: The Titanic was not supposed to be|
| unsinkable. The designer had a speech impediment. He said: "I have |
| thith great unthinkable conthept ..."  |

Re: How to limit the size of requests ?

[HalbaSus]

Well first of all I would like to thank Geoffrey's input... you know RTFM... 
that's all if I would have read about LimitRequest's before would have spared 
me like 2 days of coding... 

About that stoopid way of preventing buffer owerflows... Well, tell me a 
better one. Of course you can patch known bugs. But... how are you gonna 
prevent new buffer owerflows ? What if the guys with 0-day warez are faster 
than packetstorm and securityfocus ? Buffer owerflow under 500 characters ??? 
(don't forget that it has to be inserted in a valid input field (User Agent, 
or something)). And that 500 char. limit was just like a guessing... it's not 
really something i calculated. If you want to see how does a b0f act start 
./apache-nojob localhost:69  (and fire up a netcat listening on port 69)
About the posting stuff.. don't worry about that... my site doesn't need to do 
posting... so... everybody's happy :)

Re: How to limit the size of requests ?

[Geoffrey Young]

>>my the time mod_perl enters the request, Apache has already taken care 
>>of parsing the request, so there's not much you can do about it (in 
>>1.3, at least).
> 
> 
> Parsing the request *headers*. So you can't prevent any overflow in the
> headers with mod_perl. 

well, headers and the request line, which includes the query string. 
that's what I meant :)

> You *can* prevent the chunked encoding overflow,
> because that happens in the "body".
> 

and I mentioned a few ways to control that, IIRC :)

--Geoff

Re: How to limit the size of requests ?

[Lupe Christoph]

On Friday, 2002-08-30 at 09:22:47 -0400, Geoffrey Young wrote:

> >I have written a perl script which prevents browsers (or evil exploits) to 
> >send buffer owerflows to apache. Basicaly this script is supposed to 
> >listen on port 80 for incoming connections. The input (from browsers) is 
> >read up to 500 characters.

Excuse me, but that's a Stoopid(tm) way to try to prevent buffer
overflows. What if the buffer is smaller than your limit. What about
POSTed content? 500 characters is really small for complex forms.  IIRC
the chunked encoding buffer overflow required less than 50 bytes:

> >Some friend of mine told me that apache perl modules should be faster so 
> >here's my question. How do I limit the webclient's input to a number of 
> >characters, bytes whatever...

> my the time mod_perl enters the request, Apache has already taken care 
> of parsing the request, so there's not much you can do about it (in 
> 1.3, at least).

Parsing the request *headers*. So you can't prevent any overflow in the
headers with mod_perl. You *can* prevent the chunked encoding overflow,
because that happens in the "body".

AFAICT, this was the first Apache buffer overflow in a long time. Ever?
Those folks ssem to be pretty sharp. Can you guarantee you're at least
as sharp as they are, or will you introduce new vulnerabilities in your
code? Does it really drop all priviledges, etc?

Secure programming is hard. That's why so many people fail in it...
Lupe Christoph
-- 
| [EMAIL PROTECTED]   |   http://www.lupe-christoph.de/ |
| Big Misunderstandings #6398: The Titanic was not supposed to be|
| unsinkable. The designer had a speech impediment. He said: "I have |
| thith great unthinkable conthept ..."  |

Re: How to limit the size of requests ?

[Geoffrey Young]

> I have written a perl script which prevents browsers (or evil exploits) to 
> send buffer owerflows to apache. Basicaly this script is supposed to listen 
> on port 80 for incoming connections. The input (from browsers) is read up to 
> 500 characters.

don't the apache directives:

   LimitRequestBody
   LimitRequestFields
   LimitRequestFieldsize
   LimitRequestLine

essentially do what you are coding yourself?

> Some friend of mine told me that apache perl modules should be faster so 
> here's my question. How do I limit the webclient's input to a number of 
> characters, bytes whatever...

my the time mod_perl enters the request, Apache has already taken care 
of parsing the request, so there's not much you can do about it (in 
1.3, at least).

if you use Apache::Request (part of libapreq) you can limit the 
message body (POSTed content) via some directives and throw out an 
informative message.  or you can use mod_perl's native read() method 
to read only so much data from the client.

there are lots things to learn in mod_perl, and there is lots of 
online material and books to help. 
http://perl.apache.org/help/index.html is a good place to start.

--Geoff

Re: How to detect data avaliability on ARP::Socket

[Stas Bekman]

Hideki Noma wrote:
> I am currently developping a private module utilizing
> PerlProcessConnection handler and facing a bit of problem.
> (Apache::2.0.39 + mod_perl 1.99.04)
> 
> This is the part of program:
> sub handler {
>  my Apache::Connection $c = shift;
>  my APR::Socket $socket = $c->client_socket;
> 
>  my($rlen, $wlen);
>  my $rlen = BUFF_LEN;
>  $socket->recv($buff, $rlen);
> 
> At this point, if there is no incoming data from client,
> the program halts forever.
> 
> What I want to do is something like
>   my $sel = IO::Select->new($socket);
>   if ($sel->can_read(1)){
> my $socket->recv($buff, $rlen);
>   }
> so that I can do other works while waiting for data.
> 
> I tried to set timeout using $socket->setsocketopt(APR_SO_TIMEOUT,1)
> but it didn't seem to work well.
> 
> Does any body have any idea on how to check incoming data avaliabily
> on APR::Socket?

According to the apr/include/apr_network_io.h doc, you should be using 
$socket->timeout_set($timeout), before reading from the socket. so the 
recv() will return either with the data read or after the timeout, 
providing the non-blocking mechanism.

Though, this API seems to be a recent thing and it's not supported by 
mod_perl, yet. I suppose that it'll be supported in the next release (or 
the cvs version. watch the dev list, where I've just posted the patch)



__
Stas BekmanJAm_pH --> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

Re: how to unsubscribe

[ok]

Hendrik Janse van Rensburg writes: 

> could someone please tell me how to unsubscibe?

Look into the mail-headers

RE: How to see debug information in Net::Smtp?

[Peter Werner]

its bitten me in the ass a few times before, just thought id mention it

cheers
-pete

-Original Message-
From: Stas Bekman [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 17, 2002 1:29 PM
To: Peter Werner
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: How to see debug information in Net::Smtp?


Peter Werner wrote:
> and set your LogLevel to debug

why? after all he is talking about perl logging, not Apache. LogLevel 
has nothing to do with it.

> -Original Message-
> From: Stas Bekman [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 17, 2002 10:27 AM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: How to see debug information in Net::Smtp?
> 
> 
> [EMAIL PROTECTED] wrote:
> 
>>I use Net::Smtp module in my mod_perl script. When I run the 
>>fragment of my code from command line I can see the debug info. 
>>But running it on the production server I can't see the debug 
>>information. 
>>
>>What can I do to see the debug info on the production server?
> 
> 
> look in the error_log file?
> 
> 
> 
> __
> Stas BekmanJAm_pH --> Just Another mod_perl Hacker
> http://stason.org/ mod_perl Guide ---> http://perl.apache.org
> mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
> http://modperlbook.org http://apache.org   http://ticketmaster.com



-- 


__
Stas BekmanJAm_pH --> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

Re: How to see debug information in Net::Smtp?

[Stas Bekman]

Peter Werner wrote:
> and set your LogLevel to debug

why? after all he is talking about perl logging, not Apache. LogLevel 
has nothing to do with it.

> -Original Message-
> From: Stas Bekman [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 17, 2002 10:27 AM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: How to see debug information in Net::Smtp?
> 
> 
> [EMAIL PROTECTED] wrote:
> 
>>I use Net::Smtp module in my mod_perl script. When I run the 
>>fragment of my code from command line I can see the debug info. 
>>But running it on the production server I can't see the debug 
>>information. 
>>
>>What can I do to see the debug info on the production server?
> 
> 
> look in the error_log file?
> 
> 
> 
> __
> Stas BekmanJAm_pH --> Just Another mod_perl Hacker
> http://stason.org/ mod_perl Guide ---> http://perl.apache.org
> mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
> http://modperlbook.org http://apache.org   http://ticketmaster.com



-- 


__
Stas BekmanJAm_pH --> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

RE: How to see debug information in Net::Smtp?

[Peter Werner]

and set your LogLevel to debug

-Original Message-
From: Stas Bekman [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 17, 2002 10:27 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: How to see debug information in Net::Smtp?


[EMAIL PROTECTED] wrote:
> I use Net::Smtp module in my mod_perl script. When I run the 
> fragment of my code from command line I can see the debug info. 
> But running it on the production server I can't see the debug 
> information. 
> 
> What can I do to see the debug info on the production server?

look in the error_log file?



__
Stas BekmanJAm_pH --> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

Re: How to see debug information in Net::Smtp?

[Stas Bekman]

[EMAIL PROTECTED] wrote:
> I use Net::Smtp module in my mod_perl script. When I run the 
> fragment of my code from command line I can see the debug info. 
> But running it on the production server I can't see the debug 
> information. 
> 
> What can I do to see the debug info on the production server?

look in the error_log file?



__
Stas BekmanJAm_pH --> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

Re: How to proxy everything except selected urls?

[Issac Goldstand]

Ken Miller wrote:

>I the past, when I've setup a proxy/app server configuration, it's always
>been to forward certain url's to the app server, with the rest being
>processed by the proxy.
>
>However, I need to turn this around.  I want to pass everything to the app
>server, except for some url's that point at static content (images, mostly).
>
>I initially thought something like this would work:
>
>---
>ProxyPass  On
>ProxyPass  /   http://other.server.com:1234/
>ProxyPassReverse   /   http://other.server.com:1234/
>
>alias /graphics /local/path
>---
>
>However, /graphics also get's proxied to the app server.  This isn't what I
>want.
>
I actually have had to do this myself... The solution is as follows:

ProxyPass/staticstuff/!
ProxyPass/ http://other.host/
ProxyPassReverse / http://other.host/

! is a special symbol telling it not to proxy that stuff - also, I think 
order counts (eg, do !s first)

  Issac
  Issac

Re: How to proxy everything except selected urls?

[Randal L. Schwartz]

> "Ken" == Ken Miller <[EMAIL PROTECTED]> writes:


Ken> I initially thought something like this would work:

Ken> ---
Ken> ProxyPass  On
Ken> ProxyPass  /   http://other.server.com:1234/
Ken> ProxyPassReverse   /   http://other.server.com:1234/

Ken> alias /graphics /local/path
Ken> ---

Ken> However, /graphics also get's proxied to the app server.  This isn't what I
Ken> want.

Ken> I don't think mod_proxy can do this; at least it's not clear to me how to if
Ken> it does support this feature.

Ken> Would mod_rewrite be a better solution?  Match on the URL's that I want
Ken> processed locally (and stop), else map the url to the app server, and
Ken> forward the request?

Here's what the reverse-caching-proxy front end for www.stonehenge.com uses:

RewriteEngine On
## RewriteLog /web/stonehenge-proxy/var/log/rewrite_log
## RewriteLogLevel 3

## local services:
RewriteRule ^/icons/ - [last]
RewriteRule ^/tt2/images/ - [last]

## local redirect:
RewriteRule ^/cgi/go/(.*)$ $1 [redirect,last,noescape]

## passthrough:
RewriteMap escape int:escape
RewriteRule ^/(.*)$ http://localhost:8081/${escape:$1} [proxy,noescape]
ProxyPassReverse / http://localhost:8081/

## made a mistake! should never get here
RewriteRule .* - [forbidden]

By the way, without that RewriteMap, %3F in a URL incorrectly
becomes "?", thus ending the path-part and begins the query-part.
Bad.  Broken.  But this workaround works fine.  And the examples
in the mod_rewrite documentation are wrong.

I figured this out while rebuilding

  http://www.stonehenge.com/merlyn/Pictures/

to work with images that had spaces in the filenames as well
as question marks and ampersands. :)  Talk about escaping hell.

-- 
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<[EMAIL PROTECTED]> http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!

Re: How to configure mod_perl to get Connection.so, Connection.bsand so on...

[Doug MacEachern]

On Sat, 27 Apr 2002, sagar wrote:

> 
> Hi
> I have installed apache-1.3.12, openssl-0.9.5a and apache-1.3.12+ssl-
> 1.40 and configured mod_perl-1.26 on freeBSD 4.1 with apache by giving 
> the following:
> 
> %perl Makefile.PL APACHE_SRC=../apache_1.3.12/src DO_HTTPD=1 
> USE_APACI=1 EVERYTHING=1 APACHE_PREFIX=/usr/local/apache
... 
> But, the following directories with their relevant files ( .so, .bs 
> files ) have not been created in the above path

modperl links those modules static so there won't be any .so's, unless you 
build with DYNAMIC=1

RE: How to disable mod_perl in a subdir (apache)

[Erchinger, Ethan]

> 
> At 08:58 AM 5/14/02 -0700, Erchinger, Ethan wrote:
> 
> Do you think it could be the 
> startup.pl (handler.pl),
> >shouldn't that only get run when the handler is perl-script?
> 
> If you have a "PerlRequire startup.pl" statement in your httpd.conf, 
> startup.pl will always be run as Apache is starting up. It 
> has nothing to 
> do with the Set/AddHandler directives. I'm sure there is a 
> section in the 
> guide (http://perl.apache.org/guide/) which has more info, 
> but I don't have 
> a link handy.

Thanks.  So in the handler.pl I now have a stanza that looks for my
/yadda-yadda uri in $r, and just return 1; if that's the case, put this in
the handler() sub.  So I believe the startup.pl should no longer be causing
problems.  I find it interesting that if I comment out the 
directive which sets the "SetHandler perl-script", then the problem
disappears, maybe no so interesting, probably more obvious.  By the way,
this directory /yadda-yadda is actually being redirected via the mod_jk
ajp13 protocol to a Tomcat server.  If that helps at all.

Thanks,
EE

RE: How to disable mod_perl in a subdir (apache)

[Erchinger, Ethan]

I have it setup that way, thanks, still no dice.


> Subject: Re: How to disable mod_perl in a subdir (apache)
> 
> 
> Make sure you put it after the Location directive that sets 
> HTML::Mason
> 
> 
> SetHandler perl-script
> PerlHandler HTML::Mason
> 
> 
> 
> SetHandler default-handler
> 
> 
> 
> Regards,
> 
> Tim Tompkins
> --
> Programmer
> http://www.arttoday.com/
> http://www.rebelartist.com/
> --
> - Original Message -
> From: "Erchinger, Ethan" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, May 14, 2002 8:58 AM
> Subject: RE: How to disable mod_perl in a subdir (apache)
> 
> 
> 
> > Try
> > 
> > SetHandler default-handler
> > 
> 
> I tried that as well.  Do you think it could be the 
> startup.pl (handler.pl),
> shouldn't that only get run when the handler is perl-script?
> 
> EE
> 
> 
> >> Subject: How to disable mod_perl in a subdir (apache)
> 
> 
> >> Hi all,
> >> I saw a posting about this subject from earlier this year. 
>  I'm unable to
> >> make this work, and was hoping for some help.  I have a 
> directive
> >> for / (for the entire docroot).   I would like to make one 
> subdirectory
> not
> >> be handled by perl-script, but am unable to do so.  Excerpt from
> httpd.conf:
> >>
> >> ~snip~
> >> PerlModule Apache::DBI
> >> PerlFreshRestart On
> >> PerlRequire /etc/apache/handler.pl
> >> 
> >> Options FollowSymLinks
> >> AllowOverride None
> >> order allow,deny
> >> allow from all
> >> 
> >>
> >> 
> >>SetHandler perl-script
> >>PerlHandler HTML::Mason
> >> 
> >> ~snip~
> >>
> >> I'm trying to make it so that, a subdir, like 
> /yadda-yadda, is _not_
> handled
> >> by Mason.  Here is what I've tried to do:
> >>
> >> 
> >> RemoveHandler .html
> >> 
> >>
> >> I've also tried moving the  directive contents 
> into the above
> >> , seeing as the docs mention that  directives
> override
> >> a  directive, with no luck.
> >>
> >> Yet these files are still being served through Mason, and 
> I can't figure
> out
> >> why.  Should my handler.pl (startup.pl) be moved so that it's not
> executed
> >> in that Location?  I've read as much as I can find on 
> Apache's site, with
> no
> >> luck.
> >>
> >> Debian 2.2r3
> >> Apache/1.3.9
> >> Mod_perl 1.21
> >>
> >> Thanks all,
> >> Ethan Erchinger
> 
> 

Re: How to disable mod_perl in a subdir (apache)

[Tim Tompkins]

Make sure you put it after the Location directive that sets HTML::Mason


SetHandler perl-script
PerlHandler HTML::Mason



SetHandler default-handler



Regards,

Tim Tompkins
--
Programmer
http://www.arttoday.com/
http://www.rebelartist.com/
--
- Original Message -
From: "Erchinger, Ethan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, May 14, 2002 8:58 AM
Subject: RE: How to disable mod_perl in a subdir (apache)



> Try
> 
> SetHandler default-handler
> 

I tried that as well.  Do you think it could be the startup.pl (handler.pl),
shouldn't that only get run when the handler is perl-script?

EE


>> Subject: How to disable mod_perl in a subdir (apache)


>> Hi all,
>> I saw a posting about this subject from earlier this year.  I'm unable to
>> make this work, and was hoping for some help.  I have a 
directive
>> for / (for the entire docroot).   I would like to make one subdirectory
not
>> be handled by perl-script, but am unable to do so.  Excerpt from
httpd.conf:
>>
>> ~snip~
>> PerlModule Apache::DBI
>> PerlFreshRestart On
>> PerlRequire /etc/apache/handler.pl
>> 
>> Options FollowSymLinks
>> AllowOverride None
>> order allow,deny
>> allow from all
>> 
>>
>> 
>>SetHandler perl-script
>>PerlHandler HTML::Mason
>> 
>> ~snip~
>>
>> I'm trying to make it so that, a subdir, like /yadda-yadda, is _not_
handled
>> by Mason.  Here is what I've tried to do:
>>
>> 
>> RemoveHandler .html
>> 
>>
>> I've also tried moving the  directive contents into the above
>> , seeing as the docs mention that  directives
override
>> a  directive, with no luck.
>>
>> Yet these files are still being served through Mason, and I can't figure
out
>> why.  Should my handler.pl (startup.pl) be moved so that it's not
executed
>> in that Location?  I've read as much as I can find on Apache's site, with
no
>> luck.
>>
>> Debian 2.2r3
>> Apache/1.3.9
>> Mod_perl 1.21
>>
>> Thanks all,
>> Ethan Erchinger

RE: How to disable mod_perl in a subdir (apache)

[Drew Taylor]

At 08:58 AM 5/14/02 -0700, Erchinger, Ethan wrote:

> > Try
> > 
> > SetHandler default-handler
> > 
>
>I tried that as well.  Do you think it could be the startup.pl (handler.pl),
>shouldn't that only get run when the handler is perl-script?

If you have a "PerlRequire startup.pl" statement in your httpd.conf, 
startup.pl will always be run as Apache is starting up. It has nothing to 
do with the Set/AddHandler directives. I'm sure there is a section in the 
guide (http://perl.apache.org/guide/) which has more info, but I don't have 
a link handy.

Drew

==
Drew Taylor  |  Freelance web development using
http://www.drewtaylor.com/   |  perl/mod_perl/MySQL/postgresql/DBI
mailto:[EMAIL PROTECTED]   |  Email jobs at drewtaylor.com
--
Speakeasy.net: A DSL provider with a clue. Sign up today.
http://www.speakeasy.net/refer/29655
==

RE: How to disable mod_perl in a subdir (apache)

[Erchinger, Ethan]

> Try
> 
> SetHandler default-handler
> 

I tried that as well.  Do you think it could be the startup.pl (handler.pl),
shouldn't that only get run when the handler is perl-script?

EE


>> Subject: How to disable mod_perl in a subdir (apache)


>> Hi all,
>> I saw a posting about this subject from earlier this year.  I'm unable to
>> make this work, and was hoping for some help.  I have a 
directive
>> for / (for the entire docroot).   I would like to make one subdirectory
not
>> be handled by perl-script, but am unable to do so.  Excerpt from
httpd.conf:
>>
>> ~snip~
>> PerlModule Apache::DBI
>> PerlFreshRestart On
>> PerlRequire /etc/apache/handler.pl
>> 
>> Options FollowSymLinks
>> AllowOverride None
>> order allow,deny
>> allow from all
>> 
>>
>> 
>>SetHandler perl-script
>>PerlHandler HTML::Mason
>> 
>> ~snip~
>>
>> I'm trying to make it so that, a subdir, like /yadda-yadda, is _not_
handled
>> by Mason.  Here is what I've tried to do:
>>
>> 
>> RemoveHandler .html
>> 
>>
>> I've also tried moving the  directive contents into the above
>> , seeing as the docs mention that  directives
override
>> a  directive, with no luck.
>>
>> Yet these files are still being served through Mason, and I can't figure
out
>> why.  Should my handler.pl (startup.pl) be moved so that it's not
executed
>> in that Location?  I've read as much as I can find on Apache's site, with
no
>> luck.
>>
>> Debian 2.2r3
>> Apache/1.3.9
>> Mod_perl 1.21
>>
>> Thanks all,
>> Ethan Erchinger

Re: How to disable mod_perl in a subdir (apache)

[Tim Burden]

Try

SetHandler default-handler



- Original Message -
From: "Erchinger, Ethan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, May 14, 2002 11:50 AM
Subject: How to disable mod_perl in a subdir (apache)


> Hi all,
> I saw a posting about this subject from earlier this year.  I'm unable to
> make this work, and was hoping for some help.  I have a 
directive
> for / (for the entire docroot).   I would like to make one subdirectory
not
> be handled by perl-script, but am unable to do so.  Excerpt from
httpd.conf:
>
> ~snip~
> PerlModule Apache::DBI
> PerlFreshRestart On
> PerlRequire /etc/apache/handler.pl
> 
> Options FollowSymLinks
> AllowOverride None
> order allow,deny
> allow from all
> 
>
> 
>SetHandler perl-script
>PerlHandler HTML::Mason
> 
> ~snip~
>
> I'm trying to make it so that, a subdir, like /yadda-yadda, is _not_
handled
> by Mason.  Here is what I've tried to do:
>
> 
> RemoveHandler .html
> 
>
> I've also tried moving the  directive contents into the above
> , seeing as the docs mention that  directives
override
> a  directive, with no luck.
>
> Yet these files are still being served through Mason, and I can't figure
out
> why.  Should my handler.pl (startup.pl) be moved so that it's not executed
> in that Location?  I've read as much as I can find on Apache's site, with
no
> luck.
>
> Debian 2.2r3
> Apache/1.3.9
> Mod_perl 1.21
>
> Thanks all,
> Ethan Erchinger

Re: how to see /server-status when at MaxClients?

[Andrew McNaughton]

On Fri, 10 May 2002, John E. Leon Guerrero wrote:

> Date: Fri, 10 May 2002 16:54:47 -0700
> From: John E. Leon Guerrero <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: how to see /server-status when at MaxClients?
>
> if a job hangs (due to database locking for instance), then a mod_perl child
> will hang as well (absent some additional watchdog-type program.)  if enough
> jobs hang to the point that we hit MaxClients, then it is too late to use
> /server-status to see what jobs hung.
>
> does anyone have a quick way to indentify the jobs that are currently
> running?  i thought of getting a core and using gdb but i was hoping to find
> a faster way.  it would be nice if we could reserve a couple of children for
> administrative emergencies such as this.

Some possible approaches:

1) If your problem is with database locking, then it may be better to
treat the problem within the database - kill the database thread, or
perhaps there's some sort of timeout you can mess with.  Depending on what
database you are using, you may have useful diagnostics for identifying
the problem threads.  You also get the chance to have your mod_perl
process handle the failure a bit more gracefully than if it was simply
killed.  You need to make sure that your apache processes will
restart the database connection where required.

2) If you're prepared to get your hands dirty (albeit probably less dirty
than they'd be after playing around with core files), and depending what
operating system you are running, then you could modify the apache source
code so that the shared memory used for the scoreboard is left available
as a file which you could mmap from an external process.

I haven't tried this, but having had a quick peek at the sources, I'll
point you to the bits that looked useful.

In src/main/http_main.c, look for the flag "MAP_TMPFILE".  It looks as
though that's only turned on for MacOS X (in src/include/ap_config.h), but
I expect that it would work on several other operating systems if you
turned it on.  Looking at the code that's turned on by that flag, you want
to take out the line where the file is unlinked and probably add some
cleanup code elsewhere.  You might choose to change the way the file name
is generated, or you might just log the filename so that an external
program can find the dynamically named temp file.

You then write yourself a little program which mmaps the same file, and
which borrows code from apache in order to read it.

Andrew

Re: how to see /server-status when at MaxClients?

[Stas Bekman]

John E. Leon Guerrero wrote:
> if a job hangs (due to database locking for instance), then a mod_perl child
> will hang as well (absent some additional watchdog-type program.)  if enough
> jobs hang to the point that we hit MaxClients, then it is too late to use
> /server-status to see what jobs hung.
> 
> does anyone have a quick way to indentify the jobs that are currently
> running?  i thought of getting a core and using gdb but i was hoping to find
> a faster way.  it would be nice if we could reserve a couple of children for
> administrative emergencies such as this.

You probably want: Apache::Watchdog::RunAway

__
Stas BekmanJAm_pH --> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

Re: How to generate pre-filled forms? (fwd)

[F . Xavier Noria]

On 29 Apr 2002 09:16:42 +1000
simran <[EMAIL PROTECTED]> wrote:

: Have a look at the HTML::FillInForm module as well... 

Yeah, thank you, I'll give it a try. I guess this is a natural candidate
for an output chain, the HTML generated by two or three Apache modules
will need that post-process, so I plan to use HTML::FillInForm with
Apache::Filter, it will be the first application of my recent study of
the Cookbook I couldn't have produced before I read it, magnific!

-- fxn

Re: How to generate pre-filled forms? (fwd)

[simran]

Have a look at the HTML::FillInForm module as well... 
it works wonders for me... 


On Sat, 2002-04-27 at 04:43, darren chamberlain wrote:
> * Ken Clark <[EMAIL PROTECTED]> [2002-04-26 14:33]:
> > I'll throw my technique into the ring, too.  I use Template Toolkit
> > most of the time, and I pass the original Apache request object back
> > to the template as a parameter.  Then I call the "param" method to
> > fill in the "value" of form elements, like so:
> 
> [-- snip --]
> 
> > Nothing gets placed there the first time through as calling
> > "$apr->param" returns nothing.  This seems to work great for me.  I've
> > not used HTML::Template in a while, but possibly you can do this, too?
> 
> The constructor for HTML::Template takes an optional argument names
> "associate", which should point to an object (or reference to a list of
> objects) that can("param").  Paramters in the template that are not
> explicitly filled in using the param method of the HTML::Template object
> are looked for by iterating through this list and calling
> param($template_variable_name), and takes the first non-false value as
> the correct one.
> 
> To reuse Ken's illustration:
> 
> > In code:
> >
> > sub handler {
> > my $r   = shift;
> > my $apr = Apache::Request->new($r);
> > my $t   = Template->new;
> > my $html;
> > $t->process('/foo/bar.tmpl', { apr => $apr }, \$html);
> > $apr->content_type('text/html');
> > $apr->send_http_header;
> > $apr->print( $html );
> > return OK;
> > }
> 
> sub handler {
> my $r   = shift;
> my $apr = Apache::Request->new($r);
> my $t   = HTML::Template->new(associate => $apr,
>   filename  => '/foo/bar.html');
> $apr->content_type('text/html');
> $apr->send_http_header;
> $apr->print( $t->output );
> return OK;
> }
> 
> > In template:
> >
> > 
> > 
> > [% apr.param('description') %]
> > 
> 
> 
> ">
> 
> 
> 
> For the template itself, "foo" will be looked for as $apr->param("foo"),
> and description as $apr->param("description").
> 
> (darren)
> 
> PS Hi Ken!
> 
> --
> The more we disagree, the better the chance that one of us is right.
> 
> 

Re: How to generate pre-filled forms? (fwd)

[darren chamberlain]

* Ken Clark <[EMAIL PROTECTED]> [2002-04-26 14:33]:
> I'll throw my technique into the ring, too.  I use Template Toolkit
> most of the time, and I pass the original Apache request object back
> to the template as a parameter.  Then I call the "param" method to
> fill in the "value" of form elements, like so:

[-- snip --]

> Nothing gets placed there the first time through as calling
> "$apr->param" returns nothing.  This seems to work great for me.  I've
> not used HTML::Template in a while, but possibly you can do this, too?

The constructor for HTML::Template takes an optional argument names
"associate", which should point to an object (or reference to a list of
objects) that can("param").  Paramters in the template that are not
explicitly filled in using the param method of the HTML::Template object
are looked for by iterating through this list and calling
param($template_variable_name), and takes the first non-false value as
the correct one.

To reuse Ken's illustration:

> In code:
>
> sub handler {
> my $r   = shift;
> my $apr = Apache::Request->new($r);
> my $t   = Template->new;
> my $html;
> $t->process('/foo/bar.tmpl', { apr => $apr }, \$html);
> $apr->content_type('text/html');
> $apr->send_http_header;
> $apr->print( $html );
> return OK;
> }

sub handler {
my $r   = shift;
my $apr = Apache::Request->new($r);
my $t   = HTML::Template->new(associate => $apr,
  filename  => '/foo/bar.html');
$apr->content_type('text/html');
$apr->send_http_header;
$apr->print( $t->output );
return OK;
}

> In template:
>
> 
> 
> [% apr.param('description') %]
> 


">



For the template itself, "foo" will be looked for as $apr->param("foo"),
and description as $apr->param("description").

(darren)

PS Hi Ken!

--
The more we disagree, the better the chance that one of us is right.

Re: How to generate pre-filled forms? (fwd)

[Ken Y. Clark]

Forgot to cc the list.

-- Forwarded message --
Date: Fri, 26 Apr 2002 11:35:37 -0400 (EDT)
From: Ken Y. Clark <[EMAIL PROTECTED]>
To: F.Xavier Noria <[EMAIL PROTECTED]>
Subject: Re: How to generate pre-filled forms?

On Fri, 26 Apr 2002, F.Xavier Noria wrote:

> Date: Fri, 26 Apr 2002 16:15:52 +0200
> From: F.Xavier Noria <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: How to generate pre-filled forms?
>
> I am writing some modules that receive a form, process it, and return a
> page that includes that very form. Is there a standard way to fill that
> returned form so the user sees the same data he sent there, as CGI.pm
> does?
>
> -- fxn
>
> PS: I am using Apache modules + HTML::Template if that matters.

I'll throw my technique into the ring, too.  I use Template Toolkit
most of the time, and I pass the original Apache request object back
to the template as a parameter.  Then I call the "param" method to
fill in the "value" of form elements, like so:

In code:

sub handler {
my $r   = shift;
my $apr = Apache::Request->new($r);
my $t   = Template->new;
my $html;
$t->process('/foo/bar.tmpl', { apr => $apr }, \$html);
$apr->content_type('text/html');
$apr->send_http_header;
$apr->print( $html );
return OK;
}

In template:



[% apr.param('description') %]


Nothing gets placed there the first time through as calling
"$apr->param" returns nothing.  This seems to work great for me.  I've
not used HTML::Template in a while, but possibly you can do this, too?
Template Toolkit makes it easy to call methods (or deference hashes
and hash references) with the "dot" notation.

HTH,

ky

Re: How to generate pre-filled forms?

[F . Xavier Noria]

On Fri, 26 Apr 2002 16:15:52 +0200
F. Xavier Noria <[EMAIL PROTECTED]> wrote:

: I am writing some modules that receive a form, process it, and return a
: page that includes that very form. Is there a standard way to fill that
: returned form so the user sees the same data he sent there, as CGI.pm
: does?
: PS: I am using Apache modules + HTML::Template if that matters.

I summarize the approaches I've found:

   * Generating everything in the module as usual, maybe storing
 s or things that complicated in template plain variables
 instead of putting them in the very template.

   * One can pass an object reference to a template as long as it has a
 method called "param" that behaves as CGI::param(). The idea is that
  will be translated to $r->param('color').

   * HTML::FillInForm parses an already constructed HTML page and
 fills its forms out of the box invoking a param() method on a
 passed reference, as above. I think is what I'll choose.

I'd need to know now wheter Apache::Request's param() is OK here.

Thank you!

-- fxn

Re: How to generate pre-filled forms?

[Kee Hinckley]

At 4:15 PM +0200 4/26/02, F.Xavier Noria wrote:
>I am writing some modules that receive a form, process it, and return a
>page that includes that very form. Is there a standard way to fill that
>returned form so the user sees the same data he sent there, as CGI.pm
>does?
>
>-- fxn
>
>PS: I am using Apache modules + HTML::Template if that matters.

This isn't going to help you much unless you want to switch, but in 
Embperl that's just the default behavior.  A form is filled with the 
arguments passed to it.  Or if you want to much with it, you just set 
the %fdat variable according to what you want (as in %fdat = 
gethashfromdbtable()).  One of the reasons why Embperl is my favorite 
template processor--it makes the common stuff really easy.

-- 

Kee Hinckley - Somewhere.Com, LLC
http://consulting.somewhere.com/
[EMAIL PROTECTED]

I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.

Re: How to generate pre-filled forms?

[Wim Kerkhoff]

On 26-Apr-2002 Paul Lindner wrote:
> On Fri, Apr 26, 2002 at 04:15:52PM +0200, F.Xavier Noria wrote:
>> I am writing some modules that receive a form, process it, and return a
>> page that includes that very form. Is there a standard way to fill that
>> returned form so the user sees the same data he sent there, as CGI.pm
>> does?
>> 
> Check out HTML::FillInForm, it's great!  It has code that takes your
> form variables and the raw HTML and adds the default values to the
> form elements.  Very handy.  Here's some code from the documentation:

> Note that HTML::FillInForm is directly supported in Apache::ASP.
> Other toolkits may support it as well.

Embperl's automatic form fill is one of the main reasons I use it. Without a
single line of perl, forms will automatically get filled in, using GET and POST
arguments that were sent. Any left overs that are not used in the form, can be
added as hidden values by inserting [$ hidden $].

Hmmm... you could probably send your raw HTML, once HTML::Template is done
processing the template, through Embperl::Execute, but that's probably
overkill. On the other hand, sometimes it pays to throw out the hammer and use
a sledgehammer.

Wim

Re: How to generate pre-filled forms?

[Tatsuhiko Miyagawa]

At Fri, 26 Apr 2002 07:17:44 -0700,
Paul Lindner wrote:

> Note that HTML::FillInForm is directly supported in Apache::ASP.
> Other toolkits may support it as well.

You can get the glues for HTML::Template and TT:
HTML::Template::FillInForm and Template::Plugin::FillInForm from
http://bulknews.net/lib/archives/


--
Tatsuhiko Miyagawa <[EMAIL PROTECTED]>

Re: How to generate pre-filled forms?

[Paul Lindner]

On Fri, Apr 26, 2002 at 04:15:52PM +0200, F.Xavier Noria wrote:
> I am writing some modules that receive a form, process it, and return a
> page that includes that very form. Is there a standard way to fill that
> returned form so the user sees the same data he sent there, as CGI.pm
> does?
> 
> -- fxn
> 
> PS: I am using Apache modules + HTML::Template if that matters.

Check out HTML::FillInForm, it's great!  It has code that takes your
form variables and the raw HTML and adds the default values to the
form elements.  Very handy.  Here's some code from the documentation:

  my $q = new CGI;

  $q->param("name","John Smith");

  my $fif = new HTML::FillInForm;
  my $output = $fif->fill(scalarref => \$html,
  fobject => $q);

Note that HTML::FillInForm is directly supported in Apache::ASP.
Other toolkits may support it as well.


-- 
Paul Lindner[EMAIL PROTECTED]   | | | | |  |  |  |   |   |

mod_perl Developer's Cookbook   http://www.modperlcookbook.org/
 Human Rights Declaration   http://www.unhchr.ch/udhr/

Re: How to report problems with modperl 2.0

[Stas Bekman]

Stas Bekman wrote:
> At this time some people will try to run incorrect versions of Apache 
> and mod_perl and this will cause to most of your problems. So before we 
> attempt to answer your questions, you have to tell us what versions you 
> were using. Therefore:
> 
> Whenever you have a problem, first run:
> 
>   t/REPORT > report
> 
> which generates all the info that we need.
> Now add the description of the problem where it says so, add a coredump 
> if relevant where it says so and send it here with a nice descriptive 
> subject.
> 
> Also remember that Apache 2.0 and mod_perl 2.0 weren't released yet and 
> things change. So if you want to try building things, you must use the 
> *released* mod_perl 1.99 with *released* Apache 2.0.35 and not mixing up 
> with cvs versions. This will save you a lot of trouble.
> 
> Also whenever you have problems with interfaces grep for examples in the 
> t/ directory. There are many tests there, which exercise most of the 
> mod_perl 2.0. Chances are that if you look there, you will find your 
> problem solved already.

I've put some of this info online

http://perl.apache.org/preview/modperl-docs/dst_html/docs/2.0/user/help/help.html#Reporting_Problems

-- 


__
Stas BekmanJAm_pH --> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

Re: how to make apache server to understand the perl commands inhttpsd.conf

[Ged Haywood]

Hi there,

On Thu, 11 Apr 2002, Mrajesh wrote:

> So, to run both the codes, we included the commands like
> 
> PerlSetvar  MasonCompRoot /usr/local/apache/htdocs
> PerlSetVar MasonDataDir /usr/local/apache/mason
> PerlModule HTML::Mason::ApacheHandler
> 
> in httpsd.conf file.
> 
> Now, when we are trying to start the HTTPS, it is giving the errors like
> 
> "Invalid command PerlSetVar either mis-spelled or server is not configured correctly"

Are you sure you have a mod_perl server?  What do you get in the
error_log when you start it?

73,
Ged.

Re: [Fwd: Re: How to reload PERL module in all Apache children]

[dougm]

On Thu, 11 Apr 2002, Perrin Harkins wrote:
 
> Does it look you'll be able to get the solar variables idea to work for 
> those data types?

i had a simple prototype way back that sorta worked for simple scalars, 
probably won't take it any further now that there is threads::shared in 
5.7.x.  haven't tried it but i believe the concept is the same.

Re: [Fwd: Re: How to reload PERL module in all Apache children]

[Perrin Harkins]

[EMAIL PROTECTED] wrote:
> On Fri, 12 Apr 2002, Stas Bekman wrote:
>  
> 
>>But if talk about futuristic Solar variables (perl globals shared 
>>between threads). what if a solar variable is a reference to CODE? Can 
>>this be shared? If so, will reloading this variable in one interpreter 
>>affect others?
> 
> 
> even if that would work, it would kill performance due to required mutex 
> locking.  and that locking would need to happen in the perl core, unlike
> simple scalars, arrays and hashes.

Does it look you'll be able to get the solar variables idea to work for 
those data types?

- Perrin

Re: [Fwd: Re: How to reload PERL module in all Apache children]

[dougm]

On Fri, 12 Apr 2002, Stas Bekman wrote:
 
> But if talk about futuristic Solar variables (perl globals shared 
> between threads). what if a solar variable is a reference to CODE? Can 
> this be shared? If so, will reloading this variable in one interpreter 
> affect others?

even if that would work, it would kill performance due to required mutex 
locking.  and that locking would need to happen in the perl core, unlike
simple scalars, arrays and hashes.

> Also if we put the sharing aside for a moment and assuming that we have 
> a pool of interpreters with idle interpreters in it, there can be a 
> thread that monitors changed modules and update the idle interpreters by 
> making them reload the code and put them in the head of the list. This 
> should save the overhead of reloading during a request. Does this make 
> sense?

there already is a plan to have a low-priority thread that monitors idle 
interpreters.  this would be a pluggable interface, so you can do whatever 
you want with the interpreter via callback hooks.  but that'll all wait 
until well after everything else is solid with ithreads, including and 
most important: perl 5.8.x

Re: [Fwd: Re: How to reload PERL module in all Apache children]

[Stas Bekman]

[EMAIL PROTECTED] wrote:
> if you use Apache::Reload with a threaded MPM and multiple interpreters, 
> the modules will be reloaded by each interpreter as they are used, not 
> every interpreter all at once.  similar to 1.x where each child has 
> its own interpreter, the modules are reloaded as each kid is hit with a 
> request.

thanks for correcting me. It's all about interpreters and not threads, 
so it's the same for the code with forked and threaded httpds.

But if talk about futuristic Solar variables (perl globals shared 
between threads). what if a solar variable is a reference to CODE? Can 
this be shared? If so, will reloading this variable in one interpreter 
affect others?

Also if we put the sharing aside for a moment and assuming that we have 
a pool of interpreters with idle interpreters in it, there can be a 
thread that monitors changed modules and update the idle interpreters by 
making them reload the code and put them in the head of the list. This 
should save the overhead of reloading during a request. Does this make 
sense?



__
Stas BekmanJAm_pH --> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

Re: [Fwd: Re: How to reload PERL module in all Apache children]

[dougm]

if you use Apache::Reload with a threaded MPM and multiple interpreters, 
the modules will be reloaded by each interpreter as they are used, not 
every interpreter all at once.  similar to 1.x where each child has 
its own interpreter, the modules are reloaded as each kid is hit with a 
request.

note that if a module is loaded at startup, the syntax tree of each 
subroutine is shared between interpreters (big win), but each subroutine 
has its own padlist (where lexical my variables are stored).  once 
Apache::Reload reloads a module, this sharing goes away and each 
interpreter will have its own copy of the syntax tree for the given 
subroutines.

Re: How to reload PERL module in all Apache children

[Stas Bekman]

Sreeji K Das wrote:
> Hi Stas,
>  
> 
>>>I was wondering if there is a possibility to
>>
>>reload PERL module compiled
>>
>>>into Apache
>>>with Apache::Registry
>>>(and I want to reload this  module in all Apache
>>
>>children processes) by running reload-program once.
>>
>>Currently Apache::Reload or its equivalent your only
>>solution. With 
>>mod_perl 2.0 it'll be doable, if you run a single
>>threaded server.
> 
> So you mean any modules changed can be reloaded to all
> children, without actually terminating and starting
> the server ?  (or does single threaded means there are
> no children ?)

Sorry, I should have said within a single process with multiple threads.
I just said it'll be doable because of threads, (which all share the 
same process memory). I'm not sure if this already works this way. Give 
it a try, Apache::Reload is a now in the 2.0 core.

__
Stas BekmanJAm_pH --> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

Re: How to reload PERL module in all Apache children

[Sreeji K Das]

Hi Stas,
 
> > I was wondering if there is a possibility to
> reload PERL module compiled
> > into Apache
> > with Apache::Registry
> > (and I want to reload this  module in all Apache
> children processes) by running reload-program once.
> 
> Currently Apache::Reload or its equivalent your only
> solution. With 
> mod_perl 2.0 it'll be doable, if you run a single
> threaded server.
So you mean any modules changed can be reloaded to all
children, without actually terminating and starting
the server ?  (or does single threaded means there are
no children ?)

Sreeji

__
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com

Re: How to reload PERL module in all Apache children

[Stas Bekman]

Waldek Grudzien wrote:
> Hello,
> 
> I was wondering if there is a possibility to reload PERL module compiled
> into Apache
> with Apache::Registry
> (and I want to reload this  module in all Apache children processes) by
> running reload-program once.
> 
> For example Apache::Reload must be set as PerlInitHandler, so it's handler
> method is run every time request comes to Apache. What I'd like to do is to
> reload specified (or all) module by running the program ONCE.
> 
> I tried using something like perl-status:
> 
> 
>  SetHandler perl-script
>  PerlHandler Apache::MyReloadModule
> 
> 
> where MyReloadModule's handler was deleting specified module from %INC and
> reloading it by require, but it didn't satisfy me becouse changes weren't
> seen in apache children processess (at least I think so),
> 
> so I wrote something like this in MyReloadModule:
> 
> sub handler {
> my $r = shift;
> Apache->request($r);
> 
> .
> .sending HTML
> .
> 
> foreach my $k (keys %INC) {
> $r->print("$k");
> }
> $r->print("PID $$");
> 
> $r->print("");
> 
> }
> 
> and I realised that changes I have made to %INC in one child process aren't
> seen in another one.
> 
> So my problem can be set in another way:
> Do apache children communicate between themselves?

no

> Is it possible to write such a "reloader" script as I wanted to write?

no

> Maybe somebody already done this?

see above
The processes are forked and don't share the perl iterpreter, that's why 
it's impossible to do what you are trying to do.

If you try to reload data it's doable by many ways (IPC, dbm, etc), not 
the code.

Currently Apache::Reload or its equivalent your only solution. With 
mod_perl 2.0 it'll be doable, if you run a single threaded server.

__
Stas BekmanJAm_pH --> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

Re: how to configure perl with apache server

[Ged Haywood]

Hi there,

On Wed, 10 Apr 2002, rajesh wrote:

> We are facing problems in configuring perl with apache.

Please see the mod_perl Guide at http://perl.apache.org/guide, the
mod_perl cookbook (see http://modperlcookbook.org for details) and the
book we know here as the "Eagle book" which is in reality called
"Writing Apache Modules with Perl and C", ISBN 1-56592-567-X.

Also see the file .../mod_perl-x.xx/SUPPORT for information about what
to tell this List when you have problems.

> We are getting errors like
> 
> "Invalid command PerlSetVar" in httpsd.conf file.

You don't have mod_perl in your server.  mod_perl can either be
compiled in (in which case you can see it if you give the -l switch to
the Apache binary to see what it says is compiled in) or it may be
loaded after you start Apache (this is what we call DSO, in this case
you need at least to have mod_so.c compiled into the server.  Again
you will see this module with the -l switch.)  If mod_perl is not
compiled in you need to configure Apache to load the .so file, to do
that you need AddModule and LoadModule directives in the configuration
file.  It's all in the documentation but it takes time to read it all.
I urge you to do that.

73,
Ged.

Re: how to configure perl with apache server

[simran]

Hi Rajesh, 

Can you please include more information on how you are tring to
configure it. 

* Did you compile apache yourself? 
* What version of apache are you trying to use? 
* What is the relevant section in the httpd.conf file

At a glimpse, it looks like you might not have compiled mod_perl with
the EVERYTHING=1 option (or at least the relevant option that turns the
PerlSetVar feature on). 

cheers,

simran.


On Wed, 2002-04-10 at 17:40, rajesh wrote:
> Hi,
> 
> We are facing problems in configuring perl with apache.
> 
> Could you please mail me how to configure it.
> 
> We are getting errors like
> 
> "Invalid command PerlSetVar" in httpsd.conf file.
> 
> while starting https server.
> 
> Please help me.
> 
> Regards,
> Rajesh

Re: How to show mem usage of all modules?

[Joao Pedro Goncalves]

Check Apache::Status, it gives you several info.


On Tue, 2002-04-09 at 15:53, pawelp wrote:
> Hi
> Is there an easy way to show mem usage of all loaded modules ?
> 
> Thanks
> Pawel Piecuch
> 
-- 
João Pedro Gonçalves
'I have never let my schooling interfere with my education.'
- Mark Twain

Re: How to get two perl namespaces in apache

[Garth Winter Webb]

You just need to fire up two separate apaches, each with their own
conf.  So basically you have:

/usr/local/apache_prod
/usr/local/apache_dev

These can actually share the same bin and lib directories; everything is
still installed at '/usr/local/apache' and you symlink the directories
you want to have in common.  You also need separate copies of apachectl
that fire up the httpd's so that they point at the right httpd.conf and
have the right server root.

Garth

On Tue, 2002-03-26 at 11:16, Thomas K. Burkholder wrote:
> Hi there-
> 
> Apologies if this gets sent twice - I sent a message yesterday, but it 
> seems to have vanished into the ether.
> 
> I'd like to run the production server of my mod_perl project 
> (http://www.areaj.org/areaj) on the same machine as my development 
> server.  Clearly they have the same module names so I have to somehow 
> run them in two different environments - I don't think running them on 
> two different virtual servers is going to do it, right?  Doesn't apache 
> just start one perl "runtime"?  Please tell me if I'm mistaken about 
> that.
> 
> So, I guess I'm wondering if there's an easy way to have two completely 
> separate apache configurations running on the same machine (listening on 
> different ports obviously).
> 
> Any help greatly appreciated.
> 
> Thanks,
> 
> //Thomas
> Thomas K. Burkholder
> 
-- 
,---.
  Garth Webb  
  [EMAIL PROTECTED]
  C: 415.652.7688 
  H: 415.701.0568 
`==='

Re: How to get two perl namespaces in apache

[Perrin Harkins]

Ernest Lergon wrote:
> just throwing a glance I found:
> 
> http://thingy.kcilink.com/modperlguide/modules/Apache_PerlVINC_Allows_Module.html

Not a good idea for production use.  It will slow things down.  Handy 
for development with multiple projects using separate virtual hosts though.

- Perrin

Re: How to get two perl namespaces in apache

[Ernest Lergon]

"Thomas K. Burkholder" wrote:
> 
> So, I guess I'm wondering if there's an easy way to have two completely
> separate apache configurations running on the same machine (listening on
> different ports obviously).
> 

Hi Thomas,

just throwing a glance I found:

http://thingy.kcilink.com/modperlguide/modules/Apache_PerlVINC_Allows_Module.html

Maybe someone here has experience with it.

More tips on

http://thingy.kcilink.com/modperlguide/porting/Name_collisions_with_Modules_and.html

and in this discussion:

http://www.mail-archive.com/modperl@apache.org/msg24564.html

Ernest


-- 

*
* VIRTUALITAS Inc.   *  *
**  *
* European Consultant Office *  http://www.virtualitas.net  *
* Internationales Handelszentrum *   contact:Ernest Lergon  *
* Friedrichstraße 95 *mailto:[EMAIL PROTECTED] *
* 10117 Berlin / Germany *   ums:+49180528132130266 *
*

Re: How to get two perl namespaces in apache

[Drew Taylor]

Thomas,

You can run seperate environments if your coding doesn't reference any hard 
coded paths. I just setup a dev server at my new job and do exactly what 
you want. All you have to do is add a "use lib qw(/path/to/modules);" in 
your startup.pl or make sure the PERL5LIB environment var is set. This can 
be done w/ "PerlSetVar /your/path/here" or setting it for the user apache 
is running as. HTH.

Drew

At 11:16 AM 3/26/02 -0800, Thomas K. Burkholder wrote:
>Hi there-
>
>Apologies if this gets sent twice - I sent a message yesterday, but it 
>seems to have vanished into the ether.
>
>I'd like to run the production server of my mod_perl project 
>(http://www.areaj.org/areaj) on the same machine as my development 
>server.  Clearly they have the same module names so I have to somehow run 
>them in two different environments - I don't think running them on two 
>different virtual servers is going to do it, right?  Doesn't apache just 
>start one perl "runtime"?  Please tell me if I'm mistaken about that.

Re: How to get two perl namespaces in apache

[___cliff rayman___]

"Thomas K. Burkholder" wrote:

> run them in two different environments - I don't think running them on
> two different virtual servers is going to do it, right?  Doesn't apache
> just start one perl "runtime"?  Please tell me if I'm mistaken about

there is only one interpreter, so running a module with the same name
on two different virtual servers is not going to work.

> So, I guess I'm wondering if there's an easy way to have two completely
> separate apache configurations running on the same machine (listening on
> different ports obviously).

sure. just leave the regular config file, then build something like:
httpd_dev.conf

change both the Listen and Port directives to an alternate port, and then
start with:
httpd -c httpd_dev.conf

i haven't tried this exact scenario myself, but it should work without a problem.

--
___cliff [EMAIL PROTECTED]http://www.genwax.com/

Re: how to identify an interrupted downloads?

[Issac Goldstand]

F.Xavier Noria wrote:

>I would like to know whether in the server side one can figure out if a
>user has completed the download of a known file. Would bytes_sent() give
>the actual number of bytes sent if the download gets interrumpted by the
>client? Would yo know a better approach if not?
>
>-- fxn
>
If you send the file in chunks, I suppose you can use $c->aborted every 
so often to check... Even if not, you can still use $c->aborted at the 
end to check if the connection's still there.  That ought to tell you, 
although I'm not sure if that it's a fail-saif solution...

  Issac

Re: How to invoke the save dialog box when clicking in the link, which is generated by PERL script.

[Martin Haase-Thomas]

try:
[EMAIL PROTECTED]

M. SubbaReddy wrote:

>Hello Gurus,
>
>I am very sorry, if this post is on wrong list.
>
>I have a perl script, which gives dynamic page with search files list.
>Pdf and text files are displaying in browser, when clicking in the link of
>file.
>But, I want to save on to disk, instead displaying in browser.
>
>Like:
>On click a hyperlink, we can invoke the add to Favorite window using...
>document.write ("  ..)
>
>Similarly, how do I invoke the "Save Target As" dialog box.
>Instead I want to save on to disk on click the hyperlink. => href="javascript:window.external.SaveAs('http://books.com/js.pdf',filename)"
>
>>js book
>>
>
>Kindly, please give me hint.
>
>Thanks in advance.
>
>Regards,
>
>~ SubbaReddy .M
>   Sr. Programmer, Frontlinesoft, Hyderabad
>   http://www.frontlinesoft.com
>   Ph: 91-40-3392147, 3391683 (O)
>   ICQ: 56093095
>
>
>

-- 
   http://www.meome.de
---
Martin Haase-Thomas |   Tel.: 030 43730-558
meOme AG|   Fax.: 030 43730-555
Software Development|   [EMAIL PROTECTED]
---

Re: How to do connection pooling

[Tom Hukins]

On Thu, Feb 28, 2002 at 09:38:39PM +0100, Joachim Zobel wrote:
> At 02:11 28.02.02 +0530, you wrote:
> >Hi all,
> >How can I maintain the connections in perl? For this I want to use 
> >connection pooling to contol the traffic of my site. How can I do this in 
> >perl? Can anybody help me in this regard? If possible please give the 
> >steps included in this.
> 
> Is Apache::DBI what you need? If not, why?  It is in fact not about 
> controlling traffic, its about reusing database connections to sve the time 
> needed for a connect.

There was a discussion of database pooling and reusing DBI connections
on Perl Monks today:
http://perlmonks.org/index.pl?node_id=148233

Tom

Re: how to disable mod_perl in a subdir? Directory vs Location

[Rick Myers]

On Feb 28, 2002 at 05:54:07 -0700, Dan Baker wrote:
> 
> Rick Myers wrote:
> > 
> > On Feb 27, 2002 at 21:14:00 -0700, Dan Baker wrote:
> > >
> > > I am working with a host that has everything under /cgi-bin running
> > > mod_perl by default, and well as using EmbPerl to run the dynamic pages.
> > 
> > This begs the question, how are they doing that?
> > 
> > I mean, if they're using Location's or File's then you're
> > going to have to bend to their whim since those override
> > Directory's.
> > 
> --
> 
> hhmmm, so if they have set up in httpd.conf:
> 
>   Alias /cgi-bin/ /home/seniordiscounts/cgi-bin/
>   
> SetHandler perl-script
> #PerlHandler Apache::PerlRun
> PerlHandler Apache::Registry
> Options +ExecCGI
>   
> 
> then the non mod_perl section:
> 
> 
>   SetHandler default-handler
>   AddHandler cgi-script .pl
>   AllowOverride All
>  
> 
> will be overidden?

Right. At least that's how I read the relevant doc...

   http://httpd.apache.org/docs/sections.html

> I guess then I should add an alias line and switch to
> using Location ?

That would work, but see the above doc. Location's are
processed in the order they appear in the conf file.

--rick

RE: How to do connection pooling

[Stathy G. Touloumis]

Are you perhaps referring to KeepAlive of the TCP/IP client connection?

> >How can I maintain the connections in perl? For this I want to use 
> >connection pooling to contol the traffic of my site. How can I 
> do this in 
> >perl? Can anybody help me in this regard? If possible please give the 
> >steps included in this.
> 
> Is Apache::DBI what you need? If not, why?  It is in fact not about 
> controlling traffic, its about reusing database connections to 
> sve the time 
> needed for a connect.

Re: How to do connection pooling

[Joachim Zobel]

At 02:11 28.02.02 +0530, you wrote:
>Hi all,
>How can I maintain the connections in perl? For this I want to use 
>connection pooling to contol the traffic of my site. How can I do this in 
>perl? Can anybody help me in this regard? If possible please give the 
>steps included in this.

Is Apache::DBI what you need? If not, why?  It is in fact not about 
controlling traffic, its about reusing database connections to sve the time 
needed for a connect.

Sincerely,
Joachim

--
"... ein Geschlecht erfinderischer Zwerge, die fuer alles gemietet werden
koennen."- Bertolt Brecht - Leben des Galilei