trawick at gmail
Oct 9, 2009, 9:14 AM
Post #13 of 13
(873 views)
Permalink
|
On Fri, Oct 9, 2009 at 12:04 PM, Barry Scott <barry.scott [at] onelan> wrote:
> Jeff Trawick wrote:
>>
>> On Fri, Oct 9, 2009 at 11:00 AM, Barry Scott <barry.scott [at] onelan>
>> wrote:
>>
>>>
>>> Barry Scott wrote:
>>>
>>>>
>>>> William A. Rowe, Jr. wrote:
>>>>
>>>>>
>>>>> Thanks to Jeff's catch, we scuttled 2.3.3. We have yet another
>>>>> candidate
>>>>> for your consideration. Please fetch up the newly minted
>>>>> mod_fcgid-2.3.4.tar.gz
>>>>> (or .tar.bz2) or the win32/netware suitable package
>>>>> mod_fcgid-2.3.3-crlf.zip from:
>>>>>
>>>>> http://httpd.apache.org/dev/dist/mod_fcgid/
>>>>>
>>>>> review, take it for a spin, and cast your choice
>>>>>
>>>>> [ ] -1 for any release of 2.3.4 (regressed from 2.3.1?)
>>>>> [ ] +1 to release as 2.3.4-beta
>>>>> [ ] +1 to release as 2.3.4-GA
>>>>>
>>>>> For getting started,
>>>>>
>>>>> http://svn.apache.org/repos/asf/httpd/mod_fcgid/tags/2.3.4/README-FCGID
>>>>>
>>>>>
>>>>>
>>>>
>>>> Further testing of our application has shown up a problem.
>>>>
>>>> With the following configuration we are seeing the request body
>>>> of POST messages get stripped out if FcgidAuthorizer is used for
>>>> Location /player. If we comment out the "Require onelan magic" the
>>>> POSTs work.
>>>>
>>>> Have I misconfigured or is this a bug in mod_fcgid?
>>>>
>>>> Barry
>>>>
>>>>
>>>> ...
>>>> LoadModule fcgid_module modules/mod_fcgid.so
>>>>
>>>> FcgidCmdOptions /usr/local/onelan/html/dsmauthorizer.fcgi MaxProcesses 1
>>>> FcgidCmdOptions /usr/local/onelan/html/dsm.fcgi MaxProcesses 1
>>>> FcgidCmdOptions /usr/local/onelan/html/dsmxml.fcgi MaxProcesses 1
>>>>
>>>>
>>>> <VirtualHost *:80>
>>>>
>>>> #+ Rewrite Web API Rules
>>>> RewriteEngine on
>>>>
>>>> # security - deny TRACE and TRACK requests
>>>> RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
>>>> RewriteRule .* - [F]
>>>> #- Rewrite Web API Rules
>>>>
>>>> #+ Rewrite Web API Rules
>>>> # make the URLs hide the use of dsm.fcgi
>>>> RewriteRule ^/$ /dsm.fcgi [L]
>>>> RewriteRule ^/(status|options|organisation|tools|setup|help)($|.*$)
>>>> /dsm.fcgi/$1$2 [L]
>>>> #- Rewrite Web API Rules
>>>>
>>>> #+ Rewrite XML API Rules
>>>> # make the URLs hide the use of dsmxml.fcgi
>>>> RewriteRule ^/(XML)($|.*$) /dsmxml.fcgi/$1$2 [L]
>>>> #- Rewrite XML API Rules
>>>>
>>>> #+ Rewrite VPN
>>>> ReWriteMap ntb_ip_address
>>>> prg:/usr/local/onelan/dsm/bin/vpn_lookup_ip_address
>>>> RewriteRule ^/player/(\d+)\.(.*)
>>>> http://${ntb_ip_address:$1}:8080/player/$1.$2 [P]
>>>> #- Rewrite VPN
>>>>
>>>> #+ Locations Web VPN API
>>>> <Location /player>
>>>> #+ HTTP auth file
>>>> Order allow,deny
>>>> Allow from all
>>>> AuthType Digest
>>>> AuthName "Manager System"
>>>> AuthGroupFile /etc/onelan/common/http.group
>>>> AuthUserFile /etc/onelan/common/http.passwd
>>>> Require onelan magic
>>>> #- HTTP auth file
>>>>
>>>> FcgidAuthorizer /usr/local/onelan/html/dsmauthorizer.fcgi
>>>> </Location>
>>>> </VirtualHost>
>>>>
>>>>
>>>>
>>>
>>> Looking at bridge_request we see the code is reading the input buckets
>>> and feeding then to the Authorizer.
>>>
>>> It seems to us that:
>>>
>>> Either this must not happen if the fcgid is an authorizer
>>> or the buckets must be put back for whatever handles
>>> the POST to process.
>>>
>>
>> yeah; looks like bridge_request() doesn't look at role (FCGI_RESPONDER
>> vs. FCGID_AUTHORIZER)
>>
>> (unless you think this is a regression, start a new thread and/or open
>> a Bugzilla entry)
>>
>>
>
> 2.3.1 is broken the same way - I guess its a day one bug.
We'd also be worried if 2.2 is NOT broken the same way. (regression
over what lots of people are using)
>
> Bug report and new thread started.
Cool... Testing simple patch now.
|
