[MP2]lookup_uri and HTTPS

[titetluc titetluc <ti...@gmail.com>]

Hello all,

I am writing an handler generating sub-requests by using the lookup_uri and
run (Apache2::SubRequest) methods.
My question is : is it technically possible to generate HTTPS sub-request (I
observed that sub-requests were using HTTP) using the mod_perl API  ?
If yes, which API do I have to use (I can not find any examples, or I tried
the APR::URI class but unsuccessfully) ?
If not, which solution is possible (using LWP ?)

Thanks

Re: [MP2]lookup_uri and HTTPS

[André Warnier <aw...@ice-sa.com>]

titetluc titetluc wrote:
> My question is : is it technically possible to generate HTTPS sub-request (I
> observed that sub-requests were using HTTP) using the mod_perl API  ?

Forgive my impertinence, but on the face of it, that question does not 
seem to make a lot of sense.
HTTP or HTTPS are protocols that carry requests and responses over "the 
outside world" (e.g. the Internet or Intranet).  A sub-request is 
something that happens totally inside of Apache, so it does not really 
have (nor need) a protocol.  You just ask Apache to return the result of 
getting "/location/object", without ever leaving the context of Apache 
itself.

Now, a REDIRECT going back to the browser is another story, but above 
you mention sub-requests, don't you ?

André

Re: [MP2]lookup_uri and HTTPS

[titetluc titetluc <ti...@gmail.com>]

André, Torsten

Thank you for your answer (sorry for the delay)

No, Andre, your are not impertinent. I thought I had a problem related to
the request scheme, but in fact, my httpd configuration was wrong !!!

2008/7/1 Torsten Foertsch <to...@gmx.net>:

> On Tue 01 Jul 2008, titetluc titetluc wrote:
> > I am writing an handler generating sub-requests by using the lookup_uri
> and
> > run (Apache2::SubRequest) methods.
> > My question is : is it technically possible to generate HTTPS sub-request
> > (I observed that sub-requests were using HTTP)
>
> No, none of the protocols is used to make subreqs. HTTP/HTTPS are network
> protocols. With subreqs there is no network. A subreq is like a recursive
> call of the same request answering machine. Hence, HTTPS? is irrelevant.
> Normally the document accessed via a subreq has to be accessible locally.
>
> > using the mod_perl API  ?  If
> > yes, which API do I have to use (I can not find any examples, or I tried
> > the APR::URI class but unsuccessfully) ?
> > If not, which solution is possible (using LWP ?)
>
> But it can be any kind of document apache can serve. So it can be a regular
> file, something dynamically created (CGI/PHP/modperl etc) or even a
> document
> for which the current server acts as proxy.
>
> So in your case I see 2 options:
>
> 1) implement the included document via a CGI/modperl handler using LWP or
> similar
>
> 2) use mod_proxy as reverse proxy
>
> In both cases it's not possible to proxy an established SSL identity
> (client
> certificate) to the backend server due to the nature of SSL. Nor can your
> client verify the identity of the backend.
>
> If possible I'd go for the mod_proxy version. 1) it doesn't load perl
> routines
> in memory. 2) it passes the data an almost as fast as possible whereas
> homegrown LWP solutions tend to buffer the whole document before sending
> any
> output.
>
> But mod_proxy has also drawbacks. It is very difficult to make a POST
> request
> to the backend this way and feed it some data. I once had a similar problem
> when I wanted to include a proxied document and pass on the POST input of
> the
> original request to the backend. In the end I did it in Perl.
>
> Torsten
>
> --
> Need professional mod_perl support?
> Just hire me: torsten.foertsch@gmx.net
>

Re: [MP2]lookup_uri and HTTPS

[Torsten Foertsch <to...@gmx.net>]

On Tue 01 Jul 2008, titetluc titetluc wrote:
> I am writing an handler generating sub-requests by using the lookup_uri and
> run (Apache2::SubRequest) methods.
> My question is : is it technically possible to generate HTTPS sub-request
> (I observed that sub-requests were using HTTP)

No, none of the protocols is used to make subreqs. HTTP/HTTPS are network 
protocols. With subreqs there is no network. A subreq is like a recursive 
call of the same request answering machine. Hence, HTTPS? is irrelevant. 
Normally the document accessed via a subreq has to be accessible locally.

> using the mod_perl API  ?  If 
> yes, which API do I have to use (I can not find any examples, or I tried
> the APR::URI class but unsuccessfully) ?
> If not, which solution is possible (using LWP ?)

But it can be any kind of document apache can serve. So it can be a regular 
file, something dynamically created (CGI/PHP/modperl etc) or even a document 
for which the current server acts as proxy.

So in your case I see 2 options:

1) implement the included document via a CGI/modperl handler using LWP or 
similar

2) use mod_proxy as reverse proxy

In both cases it's not possible to proxy an established SSL identity (client 
certificate) to the backend server due to the nature of SSL. Nor can your 
client verify the identity of the backend.

If possible I'd go for the mod_proxy version. 1) it doesn't load perl routines 
in memory. 2) it passes the data an almost as fast as possible whereas 
homegrown LWP solutions tend to buffer the whole document before sending any 
output.

But mod_proxy has also drawbacks. It is very difficult to make a POST request 
to the backend this way and feed it some data. I once had a similar problem 
when I wanted to include a proxied document and pass on the POST input of the 
original request to the backend. In the end I did it in Perl.

Torsten

--
Need professional mod_perl support?
Just hire me: torsten.foertsch@gmx.net