httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@gmail.com>
Subject Re: [VOTE] release httpd mod_fcgid-2.3.4
Date Fri, 09 Oct 2009 15:04:17 GMT
On Fri, Oct 9, 2009 at 11:00 AM, Barry Scott <barry.scott@onelan.co.uk> wrote:
> Barry Scott wrote:
>>
>> William A. Rowe, Jr. wrote:
>> > Thanks to Jeff's catch, we scuttled 2.3.3.  We have yet another
>> > candidate
>> > for your consideration.  Please fetch up the newly minted
>> > mod_fcgid-2.3.4.tar.gz
>> > (or .tar.bz2) or the win32/netware suitable package
>> > mod_fcgid-2.3.3-crlf.zip from:
>> >
>> >   http://httpd.apache.org/dev/dist/mod_fcgid/
>> >
>> > review, take it for a spin, and cast your choice
>> >
>> >   [ ] -1 for any release of 2.3.4 (regressed from 2.3.1?)
>> >   [ ] +1 to release as 2.3.4-beta
>> >   [ ] +1 to release as 2.3.4-GA
>> >
>> > For getting started,
>> >
>> > http://svn.apache.org/repos/asf/httpd/mod_fcgid/tags/2.3.4/README-FCGID
>> >
>> >
>>
>> Further testing of our application has shown up a problem.
>>
>> With the following configuration we are seeing the request body
>> of POST messages get stripped out if FcgidAuthorizer is used for
>> Location /player.  If we comment out the "Require onelan magic" the
>> POSTs work.
>>
>> Have I misconfigured or is this a bug in mod_fcgid?
>>
>> Barry
>>
>>
>> ...
>> LoadModule fcgid_module modules/mod_fcgid.so
>>
>> FcgidCmdOptions /usr/local/onelan/html/dsmauthorizer.fcgi MaxProcesses 1
>> FcgidCmdOptions /usr/local/onelan/html/dsm.fcgi MaxProcesses 1
>> FcgidCmdOptions /usr/local/onelan/html/dsmxml.fcgi MaxProcesses 1
>>
>>
>> <VirtualHost *:80>
>>
>>   #+ Rewrite Web API Rules
>>   RewriteEngine on
>>
>>   # security - deny TRACE and TRACK requests
>>   RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
>>   RewriteRule .* - [F]
>>   #- Rewrite Web API Rules
>>
>>   #+ Rewrite Web API Rules
>>   # make the URLs hide the use of dsm.fcgi
>>   RewriteRule ^/$ /dsm.fcgi [L]
>>   RewriteRule ^/(status|options|organisation|tools|setup|help)($|.*$)
>> /dsm.fcgi/$1$2 [L]
>>   #- Rewrite Web API Rules
>>
>>   #+ Rewrite XML API Rules
>>   # make the URLs hide the use of dsmxml.fcgi
>>   RewriteRule ^/(XML)($|.*$) /dsmxml.fcgi/$1$2 [L]
>>   #- Rewrite XML API Rules
>>
>>   #+ Rewrite VPN
>>   ReWriteMap ntb_ip_address
>> prg:/usr/local/onelan/dsm/bin/vpn_lookup_ip_address
>>   RewriteRule ^/player/(\d+)\.(.*)
>> http://${ntb_ip_address:$1}:8080/player/$1.$2 [P]
>>   #- Rewrite VPN
>>
>>   #+ Locations Web VPN API
>>   <Location /player>
>>         #+ HTTP auth file
>>       Order allow,deny
>>       Allow from all
>>       AuthType Digest
>>       AuthName "Manager System"
>>       AuthGroupFile /etc/onelan/common/http.group
>>       AuthUserFile /etc/onelan/common/http.passwd
>>       Require onelan magic
>>       #- HTTP auth file
>>
>>       FcgidAuthorizer /usr/local/onelan/html/dsmauthorizer.fcgi
>>   </Location>
>> </VirtualHost>
>>
>>
>
> Looking at bridge_request we see the code is reading the input buckets
> and feeding then to the Authorizer.
>
> It seems to us that:
>
> Either this must not happen if the fcgid is an authorizer
> or the buckets must be put back for whatever handles
> the POST to process.

yeah; looks like bridge_request() doesn't look at role (FCGI_RESPONDER
vs. FCGID_AUTHORIZER)

(unless you think this is a regression, start a new thread and/or open
a Bugzilla entry)

Mime
View raw message