MESSAGE
| DATE | 2016-10-30 |
| FROM | Ruben Safir
|
| SUBJECT | Re: [Hangout-NYLXS] Fwd: Re: Apache 2.4, mod_perl 2.0.9,
|
From hangout-bounces-at-nylxs.com Sun Oct 30 13:36:21 2016
Return-Path:
X-Original-To: archive-at-mrbrklyn.com
Delivered-To: archive-at-mrbrklyn.com
Received: from www.mrbrklyn.com (www.mrbrklyn.com [96.57.23.82])
by mrbrklyn.com (Postfix) with ESMTP id 98941160E77;
Sun, 30 Oct 2016 13:36:19 -0400 (EDT)
X-Original-To: hangout-at-nylxs.com
Delivered-To: hangout-at-nylxs.com
Received: from mailbackend.panix.com (mailbackend.panix.com [166.84.1.89])
by mrbrklyn.com (Postfix) with ESMTP id F03F0160E77
for ; Sun, 30 Oct 2016 13:36:05 -0400 (EDT)
Received: from [10.0.0.62] (www.mrbrklyn.com [96.57.23.82])
by mailbackend.panix.com (Postfix) with ESMTPSA id 0396319E3B
for ; Sun, 30 Oct 2016 13:36:04 -0400 (EDT)
To: hangout-at-nylxs.com
References: <978977246.562983.1477844539639.ref-at-mail.yahoo.com>
<978977246.562983.1477844539639-at-mail.yahoo.com>
From: Ruben Safir
Message-ID: <10f5eab0-665e-2d03-9839-465613c93924-at-panix.com>
Date: Sun, 30 Oct 2016 13:36:04 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <978977246.562983.1477844539639-at-mail.yahoo.com>
Subject: Re: [Hangout-NYLXS] Fwd: Re: Apache 2.4, mod_perl 2.0.9,
APR::SockAddr->port() missing ?
X-BeenThere: hangout-at-nylxs.com
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: NYLXS Discussions List
List-Id: NYLXS Discussions List
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Errors-To: hangout-bounces-at-nylxs.com
Sender: "hangout"
On 10/30/2016 12:22 PM, Elfen Magix wrote:
> I'm going to reply here...
> =
where have you been?
> In Perl it is possible to have access to other ports on the system, but i=
f it is being piped through a third party app (like Apache), then you are l=
imited to the ports the App it limited too. In this case, on a generic Apac=
he Server, it is Port 80. It there are modifications to the config file(s)=
, Then one has to look through the Listen Directive and see what is open th=
rough there, and then see where the information is coming from - the Addres=
s string of the $FORM input.
> =
> AS IS, in HTTP or KeepAlive the Port number does not change through the c=
onnection unless the USER is doing something to try to hack into your syste=
m (like sending HTTP Requests through a tenet or console and study what is =
returned from the server).
> =
> Looking at your variables, I think they are not set correctly. The SYSTEM=
/ENVIRONMENT Variable used is REMOTE_PORT, and the code to get it should be:
> =
> $port=3D$ENV{REMOTE_PORT};
> =
> --------------------------------------------
> On Sun, 10/30/16, Ruben Safir wrote:
> =
> Subject: [Hangout-NYLXS] Fwd: Re: Apache 2.4, mod_perl 2.0.9, APR::SockA=
ddr->port() missing ?
> To: "Hangout"
> Date: Sunday, October 30, 2016, 9:35 AM
> =
> =
> =
> =
> -------- Forwarded Message --------
> Subject: Re: Apache 2.4, mod_perl 2.0.9,
> APR::SockAddr->port() missing ?
> Date: Sun, 30 Oct 2016 12:12:57 +0100
> From: A. Warnier
> To: modperl-at-perl.apache.org
> =
> Replying to self..
> =
> My basic question remains the same :
> given that neither of the following seem to work under
> Apache 2.4 /
> mod_perl 2.0.9 :
> =
> $remote_port =3D $r->connection->client_addr->port;
> or
> $remote_port =3D $r->connection->remote_addr->port;
> =
> how could I best obtain, in a mod_perl AAA handler, some
> unique client
> port number that is unlikely to change over the duration of
> a single
> HHTP client keepalive connection (whether through proxies or
> not). I do
> not really care if this is really the port number which the
> original
> client used to establish the connection, as long as it
> remains stable
> and unique and, from the Apache/mod_perl webserver point of
> view, the
> combination IP:port really is unique for a given client
> workstation
> currently accessing the server.
> =
> Unfortunately, I do need an "IP:port" combination, because
> of some
> back-end software that relies on this and which I cannot
> change.
> Otherwise I guess that I could use
> $r->connection->id.
> =
> (which I may still try to use as a kind of "alias" for the
> port number;
> maybe the back-end software won't realise that it is a fake.
> But I guess
> that this is a bit risky, since there is probably no
> guarantee that this
> would match the keepalive as the client sees it through
> possible proxies).
> =
> =
> =
> >>>
> >>> In the Apache 2.2 version, this was :
> >>>
> >>> $remote_port =3D
> $r->connection->remote_addr->port;
> =
> =
> =
> There was this change in Apache 2.4 compared to 2.2 :
> =
> https://httpd.apache.org/docs/trunk/developer/new_api_2_4.html
> =
> "conn_rec->remote_ip and conn_rec->remote_addr
> These fields have been renamed in order to
> distinguish between the
> client IP address of the connection and the useragent IP
> address of the
> request (potentially overridden by a load balancer or
> proxy). References
> to either of these fields must be updated with one of the
> following
> options, as appropriate for the module:
> =
> When you require the IP address
> of the user agent, which might
> be connected directly to the server, or might optionally be
> separated
> from the server by a transparent load balancer or proxy,
> use
> request_rec->useragent_ip and
> request_rec->useragent_addr.
> When you require the IP address
> of the client that is connected
> directly to the server, which might be the useragent or
> might be the
> load balancer or proxy itself, use conn_rec->client_ip
> and
> conn_rec->client_addr.
> "
> =
> With a corresponding discussion in :
> https://github.com/eprints/eprints/issues/214
> =
> Interesting how a change which was originally made as an
> improvement/clarification, can have so many unforeseen
> ripple effects.
> =
> =
> =
> =
> On 30.10.2016 08:34, A. Warnier wrote:
> > On 30.10.2016 01:56, Randolf Richardson wrote:
> >> Do the following work for
> you?
> >>
> >> =
> $r->connection->remote_addr->port
> >> =
> $r->connection->local_addr->port
> >>
> >
> > I'll check again, but $c->remote_addr is supposed to
> not exist anymore in httpd 2.4, as
> > far as I know.
> > Indeed :
> >
> > When I modify the code as follows :
> >
> > #my $client_addr =3D
> $r->connection->client_addr;
> > 1184: my $client_addr =3D
> $r->connection->remote_addr;
> > $remote_port =3D
> $client_addr->port;
> > $remote_ip =3D
> $r->connection->client_ip;
> >
> > Can't locate object method "remote_addr" via package
> "Apache2::Connection" at
> > /home/mira/EFS/lib/AUTH/SLC.pm line 1184.\n
> >
> >
> >
> >>> Hi.
> >>>
> >>> Apologies to Steve and Torsten for posting this
> previously to them directly.
> >>> It somehow slipped my mind that this would have
> been a better place.
> >>> Anyway thus :
> >>>
> >>> I am in the process of converting some mod_perl
> AAA code from Apache 2.2 to 2.4, and I
> >>> encounter the following problem :
> >>>
> >>> Apache error log :
> >>>
> >>> Can't locate object method "port" via package
> "APR::SockAddr" at
> >>> /home/mira/EFS/lib/AUTH/SLC.pm line 1184.\
> >>>
> >>> which corresponds to :
> >>>
> >>> 1183: my $client_addr =3D
> $r->connection->client_addr;
> >>> 1184: $remote_port =3D
> $client_addr->port;
> >>>
> >>> In the Apache 2.2 version, this was :
> >>>
> >>> $remote_port =3D
> $r->connection->remote_addr->port;
> >>>
> >>> and worked fine.
> >>>
> >>> Environment :
> >>>
> >>> Linux d1s008 3.16.0-4-amd64 #1 SMP Debian
> 3.16.7-ckt25-2+deb8u3 (2016-07-02) x86_64
> >>> GNU/Linux (Debian "Jessie" as far as I know)
> >>>
> >>> Apache/2.4.10 (Debian)
> mod_apreq2-20090110/2.8.0 mod_perl/2.0.9dev Perl/v5.20.2
> configured
> >>> -- resuming normal operations
> >>> (apache2 and mod_perl are the standard Debian
> Jessie apt-get packages)
> >>>
> >>>
> >>> I have tried to find clues on the WWW, CPAN
> etc.. but I do not find anything about
> >>> APR::SockAddr::port(), except this snippet
> (quite old..) :
> >>>
> >>> CPAN :
> >>> mod_perl 2.10 Changes :
> >>> ...
> >>> 1.99_14 - May 21, 2004
> >>>
> >>> =
> APR::SockAddr::port() accessor is now
> read-only [Stas]
> >>>
> >>> Also on the host, the APR::SockAddr module
> source :
> >>>
> >>>
> /usr/lib/x86_64-linux-gnu/perl5/5.20/APR/SockAddr.pm :
> >>>
> >>> quote
> >>> =3Ditem obj: C<$sock_addr>
> >>> ( C> object|docs::2.0::api::APR::SockAddr>> )
> >>>
> >>> =3Ditem ret: C<$port> ( integer )
> >>>
> >>> =3Ditem since: 2.0.00
> >>> unquote
> >>>
> >>> .. seems to imply that this should work.
> >>> (And so do
> >>> https://metacpan.org/pod/APR::SockAddr#port
> >>> http://perl.apache.org/docs/2.0/api/APR/SockAddr.html#C_port_
> >>> )
> >>>
> >>> Am I doing something wrong ?
> >>>
> >>> More importantly to me right now : how can I
> get the client's connection port number,
> >>> possibly using a workaround ? I am in control
> of the Apache httpd configuration.
> >>>
> >>> I do not really care if this is the real client
> port, or a port of some intermediate
> >>> proxy, as long as it remains consistent across
> severall KeepAlive calls of the same client
> >>> workstation.
> >>> I need this port number to forward to another
> module (of which I do not have the source),
> >>> which uses this (and the remote IP), as a kind
> of persistent identifier for the client
> >>> connection (for Windows WIA authentication).
> >>>
> >>> The only way I can think of right now, would be
> to add a request header at the httpd level
> >>> with the remote client IP:port, and then
> retrieve and decode that same header in my AAA
> >>> module. But that seems a bit convoluted and
> heavy-handed.
> >>> Is there a way in a PerlAuthenHandler to
> retrieve an "Apache environment variable"
> >>> directly, which would have been set like so ?
> >>>
> >>> RewriteRule .* -
> [E=3DINFO_REMOTE_ADDR:"%{REMOTE_ADDR}\:%{REMOTE_PORT}",NE]
> >>>
> >>>
> >>> Thanks in advance
> >>> Andr=C3=A9 Warnier
> >>
> >>
> >> Randolf Richardson - randolf-at-inter-corporate.com
> >> Inter-Corporate Computer & Network Services,
> Inc.
> >> Beautiful British Columbia, Canada
> >> http://www.inter-corporate.com/
> >>
> >>
> >
> =
> _______________________________________________
> hangout mailing list
> hangout-at-nylxs.com
> http://www.nylxs.com/
> _______________________________________________
> hangout mailing list
> hangout-at-nylxs.com
> http://www.nylxs.com/
> =
-- =
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
http://www.mrbrklyn.com
DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software
http://www2.mrbrklyn.com/resources - Unpublished Archive
http://www.coinhangout.com - coins!
http://www.brooklyn-living.com
Being so tracked is for FARM ANIMALS and and extermination camps,
but incompatible with living as a free human being. -RI Safir 2013
_______________________________________________
hangout mailing list
hangout-at-nylxs.com
http://www.nylxs.com/
|
|
