You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Abdul-wahid Paterson <aw...@lintrix.net> on 2003/03/12 18:27:31 UTC
cookie authenticated caching proxy
Hi,
I am still pretty new to mod_perl and have only really dabbled with a
few small applications that I created. I am now looking to build
something quite specific and was wondering if anyones know of anything
similar to what I want to do so or whether they have any pointers as to
mod_perl's suitability for what I want to do.
The scenario:
I have a large web-site that is largely database driven. Many of the
pages are accessed frequently yet are only modified on average once a
day. The site is written in a variety of technologies including PHP and
Perl.
I wanted to develop a caching proxy that will return a cached page
instead of passing control to one of the PHP scripts or Perl scripts
that normally generate the pages. The web site is mainly accessed
through HTTP GET requests rather than POST requests and the resultant
page will be the same each time if given the same GET string. Can I use
mod_perl's proxy capabilities to cache the generated contents of the the
HTML page made by the PHP script?
One extra requirement is that some of the pages need authentication
which is cookie based. I would need to check the cookie against a
database to see if the caller is authenticated to access the particular
page. Has anyone done/seen anything similar implemented in mod_perl?
Thanks for your help,
Abdul-Wahid
Re: cookie authenticated caching proxy
Posted by Perrin Harkins <pe...@elem.com>.
Abdul-wahid Paterson wrote:
> In the docs you cited, it says:
>
> "ProxyPass happens before the authentication phase, so you do not have
> to worry about authenticating twice."
Hmmm, I thought you had an opportunity to do access control first.
Look at this, from the mod_proxy docs:
http://httpd.apache.org/docs/mod/mod_proxy.html#access
That shows use of mod_access. With mod_access, you can deny all
requests that don't have a particular environment variable set. You
should be able to code a module which sets that environment variable
based on your auth system.
However, I could be wrong about this since I've never looked at the
mod_proxy source.
If mod_proxy won't work, it is possible to do the whole thing in Perl.
Take a look at the modules listed here:
http://theoryx5.uwinnipeg.ca/mod_perl/cpan-search?search=apache+proxy&new=Search&filetype=+distribution+name+or+description&site=ftp.funet.fi&join=and&stem=no&arrange=file&case=clike&download=auto&age=
- Perrin
Re: cookie authenticated caching proxy
Posted by Abdul-wahid Paterson <aw...@lintrix.net>.
> > One extra requirement is that some of the pages need authentication
> > which is cookie based. I would need to check the cookie against a
> > database to see if the caller is authenticated to access the particular
> > page. Has anyone done/seen anything similar implemented in mod_perl?
>
> That's very easy to do in mod_perl, but you generally do not want to run
> mod_perl on the proxy server. The idea is to keep the proxy server
> really small and light. There are various auth modules for apache
> written in C which you might be able to use. If none of those suit your
> needs and you don't want to write a C module, you certainly can put
> mod_perl on the proxy and write what you want in Perl. The only
> drawback to this is the additional memory that will be needed for that
> server.
>
In the docs you cited, it says:
"ProxyPass happens before the authentication phase, so you do not have
to worry about authenticating twice."
How does this work? I need to check the clients cookie against a
database to make sure they have sufficient authorisation to access the
cached page. The authentication mechanisms are going to be different
depending on whether the page has already been cached. That is, if the
page is coming from the "dynamic" webserver then that webserver is going
to create the content and do the authentication/authorisation however
for subsequent visitors I need the caching "reverse proxy" to do the
authentication. Could you expand on the steps in the apache process
cycle involved here? I can't quite see how this fits together.
I would have thought that I would have to write my own authentication
module as our authentication system is somewhat custom. I would probably
prototype it in mod_perl then if needed re-write it in C.
Thanks,
Abdul-Wahid
Re: cookie authenticated caching proxy
Posted by Perrin Harkins <pe...@elem.com>.
Abdul-wahid Paterson wrote:
> I wanted to develop a caching proxy that will return a cached page
> instead of passing control to one of the PHP scripts or Perl scripts
> that normally generate the pages.
This is called a "reverse proxy" and is very common in mod_perl setups.
It is typically done with the mod_proxy module and mod_rewrite.
See this for more details:
http://perl.apache.org/docs/1.0/guide/strategy.html#Adding_a_Proxy_Server_in_http_Accelerator_Mode
> One extra requirement is that some of the pages need authentication
> which is cookie based. I would need to check the cookie against a
> database to see if the caller is authenticated to access the particular
> page. Has anyone done/seen anything similar implemented in mod_perl?
That's very easy to do in mod_perl, but you generally do not want to run
mod_perl on the proxy server. The idea is to keep the proxy server
really small and light. There are various auth modules for apache
written in C which you might be able to use. If none of those suit your
needs and you don't want to write a C module, you certainly can put
mod_perl on the proxy and write what you want in Perl. The only
drawback to this is the additional memory that will be needed for that
server.
- Perrin