MESSAGE
| DATE | 2016-10-30 |
| FROM | Elfen Magix
|
| SUBJECT | Re: [Hangout-NYLXS] Fwd: Re: Apache 2.4, mod_perl 2.0.9,
|
I'm going to reply here...
In Perl it is possible to have access to other ports on the system, but if it is being piped through a third party app (like Apache), then you are limited to the ports the App it limited too. In this case, on a generic Apache Server, it is Port 80. It there are modifications to the config file(s), Then one has to look through the Listen Directive and see what is open through there, and then see where the information is coming from - the Address string of the $FORM input.
AS IS, in HTTP or KeepAlive the Port number does not change through the connection unless the USER is doing something to try to hack into your system (like sending HTTP Requests through a tenet or console and study what is returned from the server).
Looking at your variables, I think they are not set correctly. The SYSTEM/ENVIRONMENT Variable used is REMOTE_PORT, and the code to get it should be:
$port=$ENV{REMOTE_PORT};
--------------------------------------------
On Sun, 10/30/16, Ruben Safir wrote:
Subject: [Hangout-NYLXS] Fwd: Re: Apache 2.4, mod_perl 2.0.9, APR::SockAddr->port() missing ?
To: "Hangout"
Date: Sunday, October 30, 2016, 9:35 AM
-------- Forwarded Message --------
Subject: Re: Apache 2.4, mod_perl 2.0.9,
APR::SockAddr->port() missing ?
Date: Sun, 30 Oct 2016 12:12:57 +0100
From: A. Warnier
To: modperl-at-perl.apache.org
Replying to self..
My basic question remains the same :
given that neither of the following seem to work under
Apache 2.4 /
mod_perl 2.0.9 :
$remote_port = $r->connection->client_addr->port;
or
$remote_port = $r->connection->remote_addr->port;
how could I best obtain, in a mod_perl AAA handler, some
unique client
port number that is unlikely to change over the duration of
a single
HHTP client keepalive connection (whether through proxies or
not). I do
not really care if this is really the port number which the
original
client used to establish the connection, as long as it
remains stable
and unique and, from the Apache/mod_perl webserver point of
view, the
combination IP:port really is unique for a given client
workstation
currently accessing the server.
Unfortunately, I do need an "IP:port" combination, because
of some
back-end software that relies on this and which I cannot
change.
Otherwise I guess that I could use
$r->connection->id.
(which I may still try to use as a kind of "alias" for the
port number;
maybe the back-end software won't realise that it is a fake.
But I guess
that this is a bit risky, since there is probably no
guarantee that this
would match the keepalive as the client sees it through
possible proxies).
>>>
>>> In the Apache 2.2 version, this was :
>>>
>>> $remote_port =
$r->connection->remote_addr->port;
There was this change in Apache 2.4 compared to 2.2 :
https://httpd.apache.org/docs/trunk/developer/new_api_2_4.html
"conn_rec->remote_ip and conn_rec->remote_addr
These fields have been renamed in order to
distinguish between the
client IP address of the connection and the useragent IP
address of the
request (potentially overridden by a load balancer or
proxy). References
to either of these fields must be updated with one of the
following
options, as appropriate for the module:
When you require the IP address
of the user agent, which might
be connected directly to the server, or might optionally be
separated
from the server by a transparent load balancer or proxy,
use
request_rec->useragent_ip and
request_rec->useragent_addr.
When you require the IP address
of the client that is connected
directly to the server, which might be the useragent or
might be the
load balancer or proxy itself, use conn_rec->client_ip
and
conn_rec->client_addr.
"
With a corresponding discussion in :
https://github.com/eprints/eprints/issues/214
Interesting how a change which was originally made as an
improvement/clarification, can have so many unforeseen
ripple effects.
On 30.10.2016 08:34, A. Warnier wrote:
> On 30.10.2016 01:56, Randolf Richardson wrote:
>> Do the following work for
you?
>>
>>
$r->connection->remote_addr->port
>>
$r->connection->local_addr->port
>>
>
> I'll check again, but $c->remote_addr is supposed to
not exist anymore in httpd 2.4, as
> far as I know.
> Indeed :
>
> When I modify the code as follows :
>
> #my $client_addr =
$r->connection->client_addr;
> 1184: my $client_addr =
$r->connection->remote_addr;
> $remote_port =
$client_addr->port;
> $remote_ip =
$r->connection->client_ip;
>
> Can't locate object method "remote_addr" via package
"Apache2::Connection" at
> /home/mira/EFS/lib/AUTH/SLC.pm line 1184.\n
>
>
>
>>> Hi.
>>>
>>> Apologies to Steve and Torsten for posting this
previously to them directly.
>>> It somehow slipped my mind that this would have
been a better place.
>>> Anyway thus :
>>>
>>> I am in the process of converting some mod_perl
AAA code from Apache 2.2 to 2.4, and I
>>> encounter the following problem :
>>>
>>> Apache error log :
>>>
>>> Can't locate object method "port" via package
"APR::SockAddr" at
>>> /home/mira/EFS/lib/AUTH/SLC.pm line 1184.\
>>>
>>> which corresponds to :
>>>
>>> 1183: my $client_addr =
$r->connection->client_addr;
>>> 1184: $remote_port =
$client_addr->port;
>>>
>>> In the Apache 2.2 version, this was :
>>>
>>> $remote_port =
$r->connection->remote_addr->port;
>>>
>>> and worked fine.
>>>
>>> Environment :
>>>
>>> Linux d1s008 3.16.0-4-amd64 #1 SMP Debian
3.16.7-ckt25-2+deb8u3 (2016-07-02) x86_64
>>> GNU/Linux (Debian "Jessie" as far as I know)
>>>
>>> Apache/2.4.10 (Debian)
mod_apreq2-20090110/2.8.0 mod_perl/2.0.9dev Perl/v5.20.2
configured
>>> -- resuming normal operations
>>> (apache2 and mod_perl are the standard Debian
Jessie apt-get packages)
>>>
>>>
>>> I have tried to find clues on the WWW, CPAN
etc.. but I do not find anything about
>>> APR::SockAddr::port(), except this snippet
(quite old..) :
>>>
>>> CPAN :
>>> mod_perl 2.10 Changes :
>>> ...
>>> 1.99_14 - May 21, 2004
>>>
>>>
APR::SockAddr::port() accessor is now
read-only [Stas]
>>>
>>> Also on the host, the APR::SockAddr module
source :
>>>
>>>
/usr/lib/x86_64-linux-gnu/perl5/5.20/APR/SockAddr.pm :
>>>
>>> quote
>>> =item obj: C<$sock_addr>
>>> ( C object|docs::2.0::api::APR::SockAddr>> )
>>>
>>> =item ret: C<$port> ( integer )
>>>
>>> =item since: 2.0.00
>>> unquote
>>>
>>> .. seems to imply that this should work.
>>> (And so do
>>> https://metacpan.org/pod/APR::SockAddr#port
>>> http://perl.apache.org/docs/2.0/api/APR/SockAddr.html#C_port_
>>> )
>>>
>>> Am I doing something wrong ?
>>>
>>> More importantly to me right now : how can I
get the client's connection port number,
>>> possibly using a workaround ? I am in control
of the Apache httpd configuration.
>>>
>>> I do not really care if this is the real client
port, or a port of some intermediate
>>> proxy, as long as it remains consistent across
severall KeepAlive calls of the same client
>>> workstation.
>>> I need this port number to forward to another
module (of which I do not have the source),
>>> which uses this (and the remote IP), as a kind
of persistent identifier for the client
>>> connection (for Windows WIA authentication).
>>>
>>> The only way I can think of right now, would be
to add a request header at the httpd level
>>> with the remote client IP:port, and then
retrieve and decode that same header in my AAA
>>> module. But that seems a bit convoluted and
heavy-handed.
>>> Is there a way in a PerlAuthenHandler to
retrieve an "Apache environment variable"
>>> directly, which would have been set like so ?
>>>
>>> RewriteRule .* -
[E=INFO_REMOTE_ADDR:"%{REMOTE_ADDR}\:%{REMOTE_PORT}",NE]
>>>
>>>
>>> Thanks in advance
>>> André Warnier
>>
>>
>> Randolf Richardson - randolf-at-inter-corporate.com
>> Inter-Corporate Computer & Network Services,
Inc.
>> Beautiful British Columbia, Canada
>> http://www.inter-corporate.com/
>>
>>
>
_______________________________________________
hangout mailing list
hangout-at-nylxs.com
http://www.nylxs.com/
_______________________________________________
hangout mailing list
hangout-at-nylxs.com
http://www.nylxs.com/
|
|
