archive-fr.com » FR » O » OBSPM.FR

Total: 155

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".
  • Request Processing in Apache 2.0 - Apache HTTP Server
    is nearly absolute before the request processing continues This step cannot be bypassed Initial URI Location Walk Every request is subject to an ap location walk call This ensures that Location sections are consistently enforced for all requests If the request is an internal redirect or a sub request it may borrow some or all of the processing from the previous or parent request s ap location walk so this step is generally very efficient after processing the main request translate name Modules can determine the file name or alter the given URI in this step For example mod vhost alias will translate the URI s path into the configured virtual host mod alias will translate the path to an alias path and if the request falls back on the core the DocumentRoot is prepended to the request resource If all modules DECLINE this phase an error 500 is returned to the browser and a couldn t translate name error is logged automatically Hook map to storage After the file or correct URI was determined the appropriate per dir configurations are merged together For example mod proxy compares and merges the appropriate Proxy sections If the URI is nothing more than a local non proxy TRACE request the core handles the request and returns DONE If no module answers this hook with OK or DONE the core will run the request filename against the Directory and Files sections If the request filename isn t an absolute legal filename a note is set for later termination URI Location Walk Every request is hardened by a second ap location walk call This reassures that a translated request is still subjected to the configured Location sections The request again borrows some or all of the processing from its previous location walk above so this step is almost always very efficient unless the translated URI mapped to a substantially different path or Virtual Host Hook header parser The main request then parses the client s headers This prepares the remaining request processing steps to better serve the client s request The Security Phase Needs Documentation Code is switch ap satisfies r case SATISFY ALL case SATISFY NOSPEC if access status ap run access checker r 0 return decl die access status check access r if ap some auth required r if access status ap run check user id r 0 ap auth type r return decl die access status ap auth type r check user No user file perform authentication AuthType not set r if access status ap run auth checker r 0 ap auth type r return decl die access status ap auth type r check access No groups file perform authentication AuthType not set r break case SATISFY ANY if access status ap run access checker r 0 if ap some auth required r return decl die access status check access r if access status ap run check user id r 0 ap auth type r return decl die access status ap

    Original URL path: http://ama09.obspm.fr/manual-2.0/developer/request.html (2015-11-16)
    Open archived version from archive


  • How filters work in Apache 2.0 - Apache HTTP Server
    of each category into two more filter types is strictly for ordering We could remove it and only allow for one filter type but the order would tend to be wrong and we would need to hack things to make it work Currently the RESOURCE filters only have one filter type but that should change How are filters inserted This is actually rather simple in theory but the code is complex First of all it is important that everybody realize that there are three filter lists for each request but they are all concatenated together So the first list is r output filters then r proto output filters and finally r connection output filters These correspond to the RESOURCE PROTOCOL and CONNECTION filters respectively The problem previously was that we used a singly linked list to create the filter stack and we started from the correct location This means that if I had a RESOURCE filter on the stack and I added a CONNECTION filter the CONNECTION filter would be ignored This should make sense because we would insert the connection filter at the top of the c output filters list but the end of r output filters pointed to the filter that used to be at the front of c output filters This is obviously wrong The new insertion code uses a doubly linked list This has the advantage that we never lose a filter that has been inserted Unfortunately it comes with a separate set of headaches The problem is that we have two different cases were we use subrequests The first is to insert more data into a response The second is to replace the existing response with an internal redirect These are two different cases and need to be treated as such In the first case we are creating the subrequest from within a handler or filter This means that the next filter should be passed to make sub request function and the last resource filter in the sub request will point to the next filter in the main request This makes sense because the sub request s data needs to flow through the same set of filters as the main request A graphical representation might help Default handler includes filter byterange If the includes filter creates a sub request then we don t want the data from that sub request to go through the includes filter because it might not be SSI data So the subrequest adds the following Default handler includes filter byterange Default handler sub request core What happens if the subrequest is SSI data Well that s easy the includes filter is a resource filter so it will be added to the sub request in between the Default handler and the sub request core filter The second case for sub requests is when one sub request is going to become the real request This happens whenever a sub request is created outside of a handler or filter and NULL is passed as

    Original URL path: http://ama09.obspm.fr/manual-2.0/developer/filters.html (2015-11-16)
    Open archived version from archive

  • Apache 2.0 Thread Safety Issues - Apache HTTP Server
    error numbers from one thread into another To solve this make sure your module or library defines REENTRANT or is compiled with D REENTRANT This will make errno a per thread variable and should hopefully be transparent to the code It does this by doing something like this define errno errno location which means that accessing errno will call errno location which is provided by the libc Setting REENTRANT also forces redefinition of some other functions to their r equivalents and sometimes changes the common getc putc macros into safer function calls Check your libc documentation for specifics Instead of or in addition to REENTRANT the symbols that may affect this are POSIX C SOURCE THREAD SAFE SVID SOURCE and BSD SOURCE Common standard troublesome functions Not only do things have to be thread safe but they also have to be reentrant strtok is an obvious one You call it the first time with your delimiter which it then remembers and on each subsequent call it returns the next token Obviously if multiple threads are calling it you will have a problem Most systems have a reentrant version of of the function called strtok r where you pass in an extra argument which contains an allocated char which the function will use instead of its own static storage for maintaining the tokenizing state If you are using APR you can use apr strtok crypt is another function that tends to not be reentrant so if you run across calls to that function in a library watch out On some systems it is reentrant though so it is not always a problem If your system has crypt r chances are you should be using that or if possible simply avoid the whole mess by using md5 instead Common 3rd Party Libraries The following is a list of common libraries that are used by 3rd party Apache modules You can check to see if your module is using a potentially unsafe library by using tools such as ldd 1 and nm 1 For PHP for example try this ldd libphp4 so libsablot so 0 usr local lib libsablot so 0 0x401f6000 libexpat so 0 usr lib libexpat so 0 0x402da000 libsnmp so 0 usr lib libsnmp so 0 0x402f9000 libpdf so 1 usr local lib libpdf so 1 0x40353000 libz so 1 usr lib libz so 1 0x403e2000 libpng so 2 usr lib libpng so 2 0x403f0000 libmysqlclient so 11 usr lib libmysqlclient so 11 0x40411000 libming so usr lib libming so 0x40449000 libm so 6 lib libm so 6 0x40487000 libfreetype so 6 usr lib libfreetype so 6 0x404a8000 libjpeg so 62 usr lib libjpeg so 62 0x404e7000 libcrypt so 1 lib libcrypt so 1 0x40505000 libssl so 2 lib libssl so 2 0x40532000 libcrypto so 2 lib libcrypto so 2 0x40560000 libresolv so 2 lib libresolv so 2 0x40624000 libdl so 2 lib libdl so 2 0x40634000 libnsl so 1 lib libnsl so 1 0x40637000 libc so 6 lib libc

    Original URL path: http://ama09.obspm.fr/manual-2.0/developer/thread_safety.html (2015-11-16)
    Open archived version from archive



  •