httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michele Waldman" <mmwald...@nyc.rr.com>
Subject RE: Location of Apache Modules
Date Wed, 22 Apr 2009 17:37:07 GMT
I'm looking in modules/http/http_request.c.

Is this even in the right ballpark?

I'm hoping there's one if statement this call is failing causing the new
environment not to be set.  I would think it would be like a check to see if
a user is already logged in.

But, I not familiar with http terms.  They have add_common_vars to setup the
env.  But, I don't know how to force it to be implemented.  I'm not sure
what a bridgade is?  But there are functions like ap_pass_brigade.

Since ajax is so commonly used, I don't see why I am trying to have to make
this work.  I'm really thinking this should already be able to be handled by
apache.  Folks I've talked to just don't try to get htaccess to work with
ajax for the most part.  They rely on php security.  I would like to use
server security.

I'm having trouble finding documentation on this and have been dragging my
feet for two weeks on this thinking that it was going to be a quick fix.

Michele

> -----Original Message-----
> From: Eric Covener [mailto:covener@gmail.com]
> Sent: Tuesday, April 21, 2009 2:00 PM
> To: modules-dev@httpd.apache.org
> Subject: Re: Location of Apache Modules
> 
> On Tue, Apr 21, 2009 at 12:51 PM, Michele Waldman <mmwaldman@nyc.rr.com>
> wrote:
> > I ran a find for functions like ap_hook_auth_checker,
> ap_run_type_checker
> > and a few other functions.
> >
> > I could not find the function definitions.  All I could find was a
> > reference to them in server/export.c.
> >
> > Does anyone know where all of the functions are?
> >
> > It's difficult to trace through the code if you can't find it.
> 
> These functions are defined by preprocessor macros such as:
> 
> AP_IMPLEMENT_HOOK_RUN_FIRST
> AP_IMPLEMENT_HOOK_RUN_ALL
> 
> The 2nd argument gets baked into function names like ap_run_XXX and
> ap_hook_XX.
> 
> If you're just using grep, you can usually get good results just using
> the unique bit at the end. If you use something like cscope, you have
> to know that you can't copy/paste to find the definitions/callers and
> have to put the names together by hand.
> 
> >
> > I've been glancing over the server code and I see references to
> > "subrequests".
> >
> > That appears what the ajax call may be.  I noticed the reference in the
> > digest modules was the main html file, even though it was validating the
> > credentials for the ajax file, which may be treated as a subrequest?
> 
> subrequests are an internal notion only, e.g. some kinds of rewrites
> or things like DirectoryIndex are handled internally as subrequests.
> The components of SSI are subrequests as well.
> 
> >
> > What's throwing me for a loop, is that it is logging in with the first
> > request, but not forcing a new login with different credentials on
> > subsequent requests.
> 
> Did your browser send digest credentials on the ajax request?  You can
> log %{Authorization}i in the access log to quickly tell.
> 
> If credentials were sent, can mod_log_config log a %u or were they
> ignored (due to no Require, satisfy any, etc)?
> 
> 
> --
> Eric Covener
> covener@gmail.com


Mime
View raw message