You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Aaron Knister <aa...@umbc.edu> on 2012/02/10 12:46:01 UTC
disabling directives in .htaccess files
Hi,
I'm using mod_perl in a shared hosting environment for some server-side
configuration bits. All dynamic content for the users runs through SuEXEC,
however this obviously doesn't help in the case of mod_perl so I would like
to prevent users from specifying any handlers or other potentially
undesirable mod_perl options/directives in their .htaccess files.
I was thinking of something along these lines:
A per-directory config directive called PerlHtaccessOverrides with possible
values of Handlers, Others, Env, Options, All and None. These names are
based what seemed to be perceived significant groupings of the MP_CMD_DIR_*
cmd's in modperl_cmds.c.
Each cmd function would then check its context to see if it's an htaccess
file, and would check against the list of allowed htaccess overrides for
that location and deny accordingly. I'd also need to modify the Code.pm
file that generates most of the handler cmd definitions.
I've something like this working right now, so I know it's possible but
it's not quite as I described here so I need to re-write it.
Any feedback would be appreciated-- I don't want to write a patch that's
not likely to be accepted upstream :)
Thanks!
-Aaron
--
Aaron Knister
Systems Administrator
Division of Information Technology
University of Maryland, Baltimore County
aaronk@umbc.edu
Re: disabling directives in .htaccess files
Posted by Aaron Knister <aa...@umbc.edu>.
Hi Torsten,
I actually tried that. Problem is when I disable a given handler I can't use it at all, not even in the configs. I essentially want to be able to configure access handlers in the apache configs but disallow users from specifying ant handlers in their htaccess files. I can't turn off the overrides that allow that because it breaks other required features. IMHO the bigger issue here is the lack of fine grained override controls in httpd on htaccess files in general, but I digress.
Sent from my iPhone
On Feb 10, 2012, at 9:03 AM, Torsten Förtsch <to...@gmx.net> wrote:
> On Friday, 10 February 2012 06:46:01 Aaron Knister wrote:
>> I was thinking of something along these lines:
>>
>> A per-directory config directive called PerlHtaccessOverrides with possible
>> values of Handlers, Others, Env, Options, All and None. These names are
>> based what seemed to be perceived significant groupings of the MP_CMD_DIR_*
>> cmd's in modperl_cmds.c.
>
> Perhaps something along these lines:
>
> http://perl.apache.org/docs/2.0/user/config/config.html#C_Perl_Handler_
>
> Torsten Förtsch
>
> --
> Need professional modperl support? Hire me! (http://foertsch.name)
>
> Like fantasy? http://kabatinte.net
>
Re: disabling directives in .htaccess files
Posted by Torsten Förtsch <to...@gmx.net>.
On Friday, 10 February 2012 06:46:01 Aaron Knister wrote:
> I was thinking of something along these lines:
>
> A per-directory config directive called PerlHtaccessOverrides with possible
> values of Handlers, Others, Env, Options, All and None. These names are
> based what seemed to be perceived significant groupings of the MP_CMD_DIR_*
> cmd's in modperl_cmds.c.
Perhaps something along these lines:
http://perl.apache.org/docs/2.0/user/config/config.html#C_Perl_Handler_
Torsten Förtsch
--
Need professional modperl support? Hire me! (http://foertsch.name)
Like fantasy? http://kabatinte.net
Re: disabling directives in .htaccess files
Posted by Aaron Knister <aa...@umbc.edu>.
On Tue, Feb 21, 2012 at 6:55 PM, Cees Hek <ce...@gmail.com> wrote:
> On Mon, Feb 13, 2012 at 11:58 PM, Aaron Knister <aa...@umbc.edu> wrote:
> > Hi Tuomo,
> >
> > I don't mean 80,000 virtual hosts. I have over 80k unix accounts for
> which content is being served via mod_userdir. And I consider each one it's
> own "site". It's critical to the environment that users be prevented from
> specifying handlers in htaccess files in part exactly for the reasons you
> specified. The other issue is the potential for suexec abuse. I only have
> one perl access handler I need to use and it has no global variables.
>
> Hi Aaron,
>
> In the end would it not be safer to remove mod_perl all together? You
> don't mention exactly what you are doing with mod_perl so this may not
> be practical, but you do mention you only have one perl access
> handler. Can that not be rewritten in C? Is there no existing third
> party C module that can do what you need (or be modified slightly to
> do what you need)?
>
> Also, you briefly mentioned <Perl> sections. These are generally
> pretty easy to get around by just pre-generating your apache.conf file
> using a simple perl script and a templating module. This is how I
> understand most people create complex apache.conf files and this is
> how I have always done it.
>
> It might sound odd for someone to tell you not to use mod_perl on the
> mod_perl mailing list, but I think in your situation a lighter-weight
> solution would save you a lot of headaches.
>
> Cheers,
>
> Cees
>
Hi Cees,
I think it may be safer to remove mod_perl all together and re-write the
module in C (exactly what I did a few days ago, actually). The support
curve is lower if the handler is written in Perl but the code is simple
enough that I think leaving it in C is a good compromise.
Thanks for the feedback!
-Aaron
--
Aaron Knister
Systems Administrator
Division of Information Technology
University of Maryland, Baltimore County
aaronk@umbc.edu
Re: disabling directives in .htaccess files
Posted by Cees Hek <ce...@gmail.com>.
On Mon, Feb 13, 2012 at 11:58 PM, Aaron Knister <aa...@umbc.edu> wrote:
> Hi Tuomo,
>
> I don't mean 80,000 virtual hosts. I have over 80k unix accounts for which content is being served via mod_userdir. And I consider each one it's own "site". It's critical to the environment that users be prevented from specifying handlers in htaccess files in part exactly for the reasons you specified. The other issue is the potential for suexec abuse. I only have one perl access handler I need to use and it has no global variables.
Hi Aaron,
In the end would it not be safer to remove mod_perl all together? You
don't mention exactly what you are doing with mod_perl so this may not
be practical, but you do mention you only have one perl access
handler. Can that not be rewritten in C? Is there no existing third
party C module that can do what you need (or be modified slightly to
do what you need)?
Also, you briefly mentioned <Perl> sections. These are generally
pretty easy to get around by just pre-generating your apache.conf file
using a simple perl script and a templating module. This is how I
understand most people create complex apache.conf files and this is
how I have always done it.
It might sound odd for someone to tell you not to use mod_perl on the
mod_perl mailing list, but I think in your situation a lighter-weight
solution would save you a lot of headaches.
Cheers,
Cees
Re: disabling directives in .htaccess files
Posted by Aaron Knister <aa...@umbc.edu>.
Hi Tuomo,
I don't mean 80,000 virtual hosts. I have over 80k unix accounts for which content is being served via mod_userdir. And I consider each one it's own "site". It's critical to the environment that users be prevented from specifying handlers in htaccess files in part exactly for the reasons you specified. The other issue is the potential for suexec abuse. I only have one perl access handler I need to use and it has no global variables.
Sent from my iPhone
On Feb 13, 2012, at 3:55 AM, Tuomo Salo <Tu...@cybercom.com> wrote:
> On Fri, Feb 10, 2012 at 08:50:21AM -0500, Aaron Knister wrote:
>
>> this is a personal web hosting setup for 80,000+ individual sites (think mod_userdir).
>
> I might be missing something, but does this not seem to be inherently
> impossible? 80 kilosites sharing a perl interpreter that persists any
> global variables from one request to another would seem to create any
> number of problems that are near-impossible to debug, the typical ones
> being name space collisions and module version conflicts.
>
> -Tuomo
Re: disabling directives in .htaccess files
Posted by Tuomo Salo <Tu...@cybercom.com>.
On Fri, Feb 10, 2012 at 08:50:21AM -0500, Aaron Knister wrote:
> this is a personal web hosting setup for 80,000+ individual sites (think mod_userdir).
I might be missing something, but does this not seem to be inherently
impossible? 80 kilosites sharing a perl interpreter that persists any
global variables from one request to another would seem to create any
number of problems that are near-impossible to debug, the typical ones
being name space collisions and module version conflicts.
-Tuomo
Re: disabling directives in .htaccess files
Posted by Dave Hodgkinson <da...@gmail.com>.
On 10 Feb 2012, at 13:50, Aaron Knister wrote:
> Hi Dave,
>
> Thanks for the feedback. Unfortunately the setup isn't fronted by apache proxies. Having an apache instance per site would, I think, be painful-- this is a personal web hosting setup for 80,000+ individual sites (think mod_userdir).
And al these sites could load their own perl? Painful.
And PLEASE front the sites with a reverse proxy: squid, varnish whatever. If
not, you're opening yourself up to all kinds of badness. Mod_perl is an *app*
server, not a web server.
Please read Stas' chapter on performance tuning!
Chapters 9 and 10:
http://modperlbook.org/html/part2.html
And the others.
Re: disabling directives in .htaccess files
Posted by Aaron Knister <aa...@umbc.edu>.
Hi Dave,
Thanks for the feedback. Unfortunately the setup isn't fronted by apache proxies. Having an apache instance per site would, I think, be painful-- this is a personal web hosting setup for 80,000+ individual sites (think mod_userdir).
Sent from my iPhone
On Feb 10, 2012, at 7:20 AM, Dave Hodgkinson <da...@gmail.com> wrote:
>
> On 10 Feb 2012, at 11:46, Aaron Knister wrote:
>
>> Hi,
>>
>> I'm using mod_perl in a shared hosting environment for some server-side configuration bits. All dynamic content for the users runs through SuEXEC, however this obviously doesn't help in the case of mod_perl so I would like to prevent users from specifying any handlers or other potentially undesirable mod_perl options/directives in their .htaccess files.
>
> Are the Apaches fronted by proxies?
>
> In which case, I'd seriously consider everyone having their own Apaches with a limited
> number of processes and an appropriately (automatically generated?) startup.pl for maximum
> shared memory in those processes.
>
> Obviously, that number can be tuned depending on the site, but you'd be surprised at how
> few most sites need if the responses are quick.
>
> See Stas Bekman's immortal tuning work.
>
>
Re: disabling directives in .htaccess files
Posted by Dave Hodgkinson <da...@gmail.com>.
On 10 Feb 2012, at 11:46, Aaron Knister wrote:
> Hi,
>
> I'm using mod_perl in a shared hosting environment for some server-side configuration bits. All dynamic content for the users runs through SuEXEC, however this obviously doesn't help in the case of mod_perl so I would like to prevent users from specifying any handlers or other potentially undesirable mod_perl options/directives in their .htaccess files.
Are the Apaches fronted by proxies?
In which case, I'd seriously consider everyone having their own Apaches with a limited
number of processes and an appropriately (automatically generated?) startup.pl for maximum
shared memory in those processes.
Obviously, that number can be tuned depending on the site, but you'd be surprised at how
few most sites need if the responses are quick.
See Stas Bekman's immortal tuning work.
Re: disabling directives in .htaccess files
Posted by Perrin Harkins <pe...@elem.com>.
On Sat, Feb 11, 2012 at 7:23 PM, Aaron Knister <aa...@umbc.edu> wrote:
> I need to allow htaccess files for users to be able to customize their
> websites as required (specify authentication/authorization methods, rewrite
> rules, mime types, custom handlers etc.). I wish I could turn them off but I
> fear that it's not feasible for me to do so.
Well, here's my idea. I'd turn off htaccess and provide an alternate
way for people to configure those things. That might just be a file
called user.conf or something that you parse yourself and set conf
directives with. Not exactly simple, but if security is the issue I
usually like a list of things you can do better than a list of things
you can't.
- Perrin
Re: disabling directives in .htaccess files
Posted by Aaron Knister <aa...@umbc.edu>.
Hi Perrin,
I need to allow htaccess files for users to be able to customize their
websites as required (specify authentication/authorization methods, rewrite
rules, mime types, custom handlers etc.). I wish I could turn them off but
I fear that it's not feasible for me to do so.
Specifically, the directives I would like to prevent are:
Perl*Handler
Perl*Var
Perl*Env
PerlOptions
PerlModule
PerlRequire
<Perl>
Pretty much any directive defined with the MP_CMD_DIR_* macros.
-Aaron
On Sat, Feb 11, 2012 at 6:29 PM, Perrin Harkins <pe...@elem.com> wrote:
> On Fri, Feb 10, 2012 at 6:46 AM, Aaron Knister <aa...@umbc.edu> wrote:
> > I'm using mod_perl in a shared hosting environment for some server-side
> > configuration bits. All dynamic content for the users runs through
> SuEXEC,
> > however this obviously doesn't help in the case of mod_perl so I would
> like
> > to prevent users from specifying any handlers or other potentially
> > undesirable mod_perl options/directives in their .htaccess files.
>
> Is it necessary to allow htaccess files? If there's something that
> you want people to be able to specify, maybe you can use a custom conf
> file for it instead of allowing htaccess.
>
> If it is necessary, can you provide an example of an htaccess
> directive that you're trying to prevent?
>
> - Perrin
>
--
Aaron Knister
Systems Administrator
Division of Information Technology
University of Maryland, Baltimore County
aaronk@umbc.edu
Re: disabling directives in .htaccess files
Posted by Perrin Harkins <pe...@elem.com>.
On Fri, Feb 10, 2012 at 6:46 AM, Aaron Knister <aa...@umbc.edu> wrote:
> I'm using mod_perl in a shared hosting environment for some server-side
> configuration bits. All dynamic content for the users runs through SuEXEC,
> however this obviously doesn't help in the case of mod_perl so I would like
> to prevent users from specifying any handlers or other potentially
> undesirable mod_perl options/directives in their .htaccess files.
Is it necessary to allow htaccess files? If there's something that
you want people to be able to specify, maybe you can use a custom conf
file for it instead of allowing htaccess.
If it is necessary, can you provide an example of an htaccess
directive that you're trying to prevent?
- Perrin