httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@gmail.com>
Subject Re: [VOTE] release httpd mod_fcgid-2.3.4
Date Fri, 09 Oct 2009 16:14:50 GMT
On Fri, Oct 9, 2009 at 12:04 PM, Barry Scott <barry.scott@onelan.co.uk> wrote:
> Jeff Trawick wrote:
>>
>> On Fri, Oct 9, 2009 at 11:00 AM, Barry Scott <barry.scott@onelan.co.uk>
>> wrote:
>>
>>>
>>> Barry Scott wrote:
>>>
>>>>
>>>> William A. Rowe, Jr. wrote:
>>>>
>>>>>
>>>>> Thanks to Jeff's catch, we scuttled 2.3.3.  We have yet another
>>>>> candidate
>>>>> for your consideration.  Please fetch up the newly minted
>>>>> mod_fcgid-2.3.4.tar.gz
>>>>> (or .tar.bz2) or the win32/netware suitable package
>>>>> mod_fcgid-2.3.3-crlf.zip from:
>>>>>
>>>>>  http://httpd.apache.org/dev/dist/mod_fcgid/
>>>>>
>>>>> review, take it for a spin, and cast your choice
>>>>>
>>>>>  [ ] -1 for any release of 2.3.4 (regressed from 2.3.1?)
>>>>>  [ ] +1 to release as 2.3.4-beta
>>>>>  [ ] +1 to release as 2.3.4-GA
>>>>>
>>>>> For getting started,
>>>>>
>>>>> http://svn.apache.org/repos/asf/httpd/mod_fcgid/tags/2.3.4/README-FCGID
>>>>>
>>>>>
>>>>>
>>>>
>>>> Further testing of our application has shown up a problem.
>>>>
>>>> With the following configuration we are seeing the request body
>>>> of POST messages get stripped out if FcgidAuthorizer is used for
>>>> Location /player.  If we comment out the "Require onelan magic" the
>>>> POSTs work.
>>>>
>>>> Have I misconfigured or is this a bug in mod_fcgid?
>>>>
>>>> Barry
>>>>
>>>>
>>>> ...
>>>> LoadModule fcgid_module modules/mod_fcgid.so
>>>>
>>>> FcgidCmdOptions /usr/local/onelan/html/dsmauthorizer.fcgi MaxProcesses 1
>>>> FcgidCmdOptions /usr/local/onelan/html/dsm.fcgi MaxProcesses 1
>>>> FcgidCmdOptions /usr/local/onelan/html/dsmxml.fcgi MaxProcesses 1
>>>>
>>>>
>>>> <VirtualHost *:80>
>>>>
>>>>  #+ Rewrite Web API Rules
>>>>  RewriteEngine on
>>>>
>>>>  # security - deny TRACE and TRACK requests
>>>>  RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
>>>>  RewriteRule .* - [F]
>>>>  #- Rewrite Web API Rules
>>>>
>>>>  #+ Rewrite Web API Rules
>>>>  # make the URLs hide the use of dsm.fcgi
>>>>  RewriteRule ^/$ /dsm.fcgi [L]
>>>>  RewriteRule ^/(status|options|organisation|tools|setup|help)($|.*$)
>>>> /dsm.fcgi/$1$2 [L]
>>>>  #- Rewrite Web API Rules
>>>>
>>>>  #+ Rewrite XML API Rules
>>>>  # make the URLs hide the use of dsmxml.fcgi
>>>>  RewriteRule ^/(XML)($|.*$) /dsmxml.fcgi/$1$2 [L]
>>>>  #- Rewrite XML API Rules
>>>>
>>>>  #+ Rewrite VPN
>>>>  ReWriteMap ntb_ip_address
>>>> prg:/usr/local/onelan/dsm/bin/vpn_lookup_ip_address
>>>>  RewriteRule ^/player/(\d+)\.(.*)
>>>> http://${ntb_ip_address:$1}:8080/player/$1.$2 [P]
>>>>  #- Rewrite VPN
>>>>
>>>>  #+ Locations Web VPN API
>>>>  <Location /player>
>>>>        #+ HTTP auth file
>>>>      Order allow,deny
>>>>      Allow from all
>>>>      AuthType Digest
>>>>      AuthName "Manager System"
>>>>      AuthGroupFile /etc/onelan/common/http.group
>>>>      AuthUserFile /etc/onelan/common/http.passwd
>>>>      Require onelan magic
>>>>      #- HTTP auth file
>>>>
>>>>      FcgidAuthorizer /usr/local/onelan/html/dsmauthorizer.fcgi
>>>>  </Location>
>>>> </VirtualHost>
>>>>
>>>>
>>>>
>>>
>>> Looking at bridge_request we see the code is reading the input buckets
>>> and feeding then to the Authorizer.
>>>
>>> It seems to us that:
>>>
>>> Either this must not happen if the fcgid is an authorizer
>>> or the buckets must be put back for whatever handles
>>> the POST to process.
>>>
>>
>> yeah; looks like bridge_request() doesn't look at role (FCGI_RESPONDER
>> vs. FCGID_AUTHORIZER)
>>
>> (unless you think this is a regression, start a new thread and/or open
>> a Bugzilla entry)
>>
>>
>
> 2.3.1 is broken the same way - I guess its a day one bug.

We'd also be worried if 2.2 is NOT broken the same way.  (regression
over what lots of people are using)

>
> Bug report and new thread started.

Cool...  Testing simple patch now.

Mime
View raw message