mod_auth              2011/04/08           @suzumura_ss
• tottoruby
Apache Hooks•    • Input filter    • Content generator    • Output filter•
Input filter (1)• post_read_request• translate_name   • ex) mod_alias• map_to_storage   • ex) <Directory />, <Files />, mo...
Input filter (2)• access_checker   • ex) mod_access, mod_authz_host• check_user_id• auth_checker• type_checker• fixups
Content generator            and Output filter•• Content generator    • mod_passenger, mod_cgi, ...• Output filter    • mo...
mod_passenger+Rails•           Request                      request    /tmp    header    Body    Rails                    ...
mod_cgi• /tmp                   request               response      CGI
/cgi-bin/401.cgi1:   #!/usr/bin/ruby2:   STDERR.puts "Incoming CGI..."3:4:   puts <<__RESULT__5:   Status: 4016:7:   __RES...
PUT /cgi-bin/401.cgi$ curl localhost/cgi-bin/401.cgi   -T xcode_3.2.6_and_ios_sdk_4.3__final.dmg > /dev/null  % Total    %...
Input filter•••
•    • ap_hook_auth_checker() hook•          ACCESS DENIED    • ap_hook_access_checker() hook
mod_auth_httprequest•     • https://github.com/suzumura-ss/       mod_auth_httprequest•       URL   HEAD                  ...
• ap_hook_check_user_id() hook libcurl      HEAD• ap_hook_auth_checker() hook• config
PUT /           HEAD /cgi-bin/auth.cgiresponse
httpd.conf<Directory "/var/www/html">        :  Require    valid-request  AuthType AuthHttpRequest  AuthName X-Auth-HttpRe...
$ curl localhost/   -T xcode_3.2.6_and_ios_sdk_4.3__final.dmg  % Total    % Received % Xferd Average Speed    Time    Time...
Apache mod authまわりとか
Apache mod authまわりとか
Upcoming SlideShare
Loading in …5
×

Apache mod authまわりとか

880 views

Published on

Apacheモジュールの大まかな流れと、
認証によりリクエストボディの受信を止めることについて。

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
880
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
2
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • Apache mod authまわりとか

    1. 1. mod_auth 2011/04/08 @suzumura_ss
    2. 2. • tottoruby
    3. 3. Apache Hooks• • Input filter • Content generator • Output filter•
    4. 4. Input filter (1)• post_read_request• translate_name • ex) mod_alias• map_to_storage • ex) <Directory />, <Files />, mod_proxy• header_parser • ex) mod_setenvif
    5. 5. Input filter (2)• access_checker • ex) mod_access, mod_authz_host• check_user_id• auth_checker• type_checker• fixups
    6. 6. Content generator and Output filter•• Content generator • mod_passenger, mod_cgi, ...• Output filter • mod_xsendfile
    7. 7. mod_passenger+Rails• Request request /tmp header Body Rails response Rails• Content generator
    8. 8. mod_cgi• /tmp request response CGI
    9. 9. /cgi-bin/401.cgi1: #!/usr/bin/ruby2: STDERR.puts "Incoming CGI..."3:4: puts <<__RESULT__5: Status: 4016:7: __RESULT__8:9: STDERR.puts "CGI done."
    10. 10. PUT /cgi-bin/401.cgi$ curl localhost/cgi-bin/401.cgi -T xcode_3.2.6_and_ios_sdk_4.3__final.dmg > /dev/null % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed100 4237M 0 0 100 4237M 0 114M 0:00:37 0:00:37 --:--:-- 118M==> access_log <==::1 - - [05/Apr/2011:14:37:13 +0900] "PUT /cgi-bin/401.cgi HTTP/1.1" 401 -==> error_log <==[Tue Apr 05 14:37:50 2011] [error] [client ::1] Incoming CGI...[Tue Apr 05 14:37:50 2011] [error] [client ::1] CGI done. 14:37:13 PUT 14:37:50
    11. 11. Input filter•••
    12. 12. • • ap_hook_auth_checker() hook• ACCESS DENIED • ap_hook_access_checker() hook
    13. 13. mod_auth_httprequest• • https://github.com/suzumura-ss/ mod_auth_httprequest• URL HEAD 200(OK), 201(Created), 202(Accepted)
    14. 14. • ap_hook_check_user_id() hook libcurl HEAD• ap_hook_auth_checker() hook• config
    15. 15. PUT / HEAD /cgi-bin/auth.cgiresponse
    16. 16. httpd.conf<Directory "/var/www/html"> : Require valid-request AuthType AuthHttpRequest AuthName X-Auth-HttpRequest AuthHttpRequest-URL http://localhost/cgi-bin/401.cgi</Directory>
    17. 17. $ curl localhost/ -T xcode_3.2.6_and_ios_sdk_4.3__final.dmg % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 4237M 100 475 0 0 90338 0 --:--:-- --:--:-- --:--:-- 0==> access_log <==127.0.0.1 - - [05/Apr/2011:17:57:34 +0900] "HEAD /cgi-bin/auth.cgi HTTP/1.1"401 - "-" "mod_auth_httprequest/0.1 libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3libidn/0.6.5"127.0.0.1 - - [05/Apr/2011:17:57:34 +0900] "PUT /xcode%5F3%2E2%2E6%5Fand%5Fios%5Fsdk%5F4%2E3%5F%5Ffinal%2Edmg HTTP/1.1" 401 475 "-" "curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5"==> error_log <==[Tue Apr 05 17:57:34 2011] [error] [client 127.0.0.1] Incoming CGI...[Tue Apr 05 17:57:34 2011] [error] [client 127.0.0.1] CGI done.

    ×