Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. ModPerl>
  3. ModPerl
Apache 2.4, mod_perl 2.0.9, APR::SockAddr->port() missing ?
aw at ice-sa
Oct 29, 2016, 12:16 PM
Post #1 of 7 (3145 views)
Permalink
Hi.

Apologies to Steve and Torsten for posting this previously to them directly.
It somehow slipped my mind that this would have been a better place.
Anyway thus :

I am in the process of converting some mod_perl AAA code from Apache 2.2 to 2.4, and I
encounter the following problem :

Apache error log :

Can't locate object method "port" via package "APR::SockAddr" at
/home/mira/EFS/lib/AUTH/SLC.pm line 1184.\

which corresponds to :

1183: my $client_addr = $r->connection->client_addr;
1184: $remote_port = $client_addr->port;

In the Apache 2.2 version, this was :

$remote_port = $r->connection->remote_addr->port;

and worked fine.

Environment :

Linux d1s008 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-2+deb8u3 (2016-07-02) x86_64
GNU/Linux (Debian "Jessie" as far as I know)

Apache/2.4.10 (Debian) mod_apreq2-20090110/2.8.0 mod_perl/2.0.9dev Perl/v5.20.2 configured
-- resuming normal operations
(apache2 and mod_perl are the standard Debian Jessie apt-get packages)


I have tried to find clues on the WWW, CPAN etc.. but I do not find anything about
APR::SockAddr::port(), except this snippet (quite old..) :

CPAN :
mod_perl 2.10 Changes :
...
1.99_14 - May 21, 2004

APR::SockAddr::port() accessor is now read-only [Stas]

Also on the host, the APR::SockAddr module source :

/usr/lib/x86_64-linux-gnu/perl5/5.20/APR/SockAddr.pm :

quote
=item obj: C<$sock_addr>
( C<L<APR::SockAddr object|docs::2.0::api::APR::SockAddr>> )

=item ret: C<$port> ( integer )

=item since: 2.0.00
unquote

.. seems to imply that this should work.
(And so do
https://metacpan.org/pod/APR::SockAddr#port
http://perl.apache.org/docs/2.0/api/APR/SockAddr.html#C_port_
)

Am I doing something wrong ?

More importantly to me right now : how can I get the client's connection port number,
possibly using a workaround ? I am in control of the Apache httpd configuration.

I do not really care if this is the real client port, or a port of some intermediate
proxy, as long as it remains consistent across severall KeepAlive calls of the same client
workstation.
I need this port number to forward to another module (of which I do not have the source),
which uses this (and the remote IP), as a kind of persistent identifier for the client
connection (for Windows WIA authentication).

The only way I can think of right now, would be to add a request header at the httpd level
with the remote client IP:port, and then retrieve and decode that same header in my AAA
module. But that seems a bit convoluted and heavy-handed.
Is there a way in a PerlAuthenHandler to retrieve an "Apache environment variable"
directly, which would have been set like so ?

RewriteRule .* - [E=INFO_REMOTE_ADDR:"%{REMOTE_ADDR}\:%{REMOTE_PORT}",NE]


Thanks in advance
André Warnier
Re: Apache 2.4, mod_perl 2.0.9, APR::SockAddr->port() missing ? [ In reply to ]
randolf at modperl
Oct 29, 2016, 4:56 PM
Post #2 of 7 (3126 views)
Permalink
Do the following work for you?

$r->connection->remote_addr->port
$r->connection->local_addr->port

> Hi.
>
> Apologies to Steve and Torsten for posting this previously to them directly.
> It somehow slipped my mind that this would have been a better place.
> Anyway thus :
>
> I am in the process of converting some mod_perl AAA code from Apache 2.2 to 2.4, and I
> encounter the following problem :
>
> Apache error log :
>
> Can't locate object method "port" via package "APR::SockAddr" at
> /home/mira/EFS/lib/AUTH/SLC.pm line 1184.\
>
> which corresponds to :
>
> 1183: my $client_addr = $r->connection->client_addr;
> 1184: $remote_port = $client_addr->port;
>
> In the Apache 2.2 version, this was :
>
> $remote_port = $r->connection->remote_addr->port;
>
> and worked fine.
>
> Environment :
>
> Linux d1s008 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-2+deb8u3 (2016-07-02) x86_64
> GNU/Linux (Debian "Jessie" as far as I know)
>
> Apache/2.4.10 (Debian) mod_apreq2-20090110/2.8.0 mod_perl/2.0.9dev Perl/v5.20.2 configured
> -- resuming normal operations
> (apache2 and mod_perl are the standard Debian Jessie apt-get packages)
>
>
> I have tried to find clues on the WWW, CPAN etc.. but I do not find anything about
> APR::SockAddr::port(), except this snippet (quite old..) :
>
> CPAN :
> mod_perl 2.10 Changes :
> ...
> 1.99_14 - May 21, 2004
>
> APR::SockAddr::port() accessor is now read-only [Stas]
>
> Also on the host, the APR::SockAddr module source :
>
> /usr/lib/x86_64-linux-gnu/perl5/5.20/APR/SockAddr.pm :
>
> quote
> =item obj: C<$sock_addr>
> ( C<L<APR::SockAddr object|docs::2.0::api::APR::SockAddr>> )
>
> =item ret: C<$port> ( integer )
>
> =item since: 2.0.00
> unquote
>
> .. seems to imply that this should work.
> (And so do
> https://metacpan.org/pod/APR::SockAddr#port
> http://perl.apache.org/docs/2.0/api/APR/SockAddr.html#C_port_
> )
>
> Am I doing something wrong ?
>
> More importantly to me right now : how can I get the client's connection port number,
> possibly using a workaround ? I am in control of the Apache httpd configuration.
>
> I do not really care if this is the real client port, or a port of some intermediate
> proxy, as long as it remains consistent across severall KeepAlive calls of the same client
> workstation.
> I need this port number to forward to another module (of which I do not have the source),
> which uses this (and the remote IP), as a kind of persistent identifier for the client
> connection (for Windows WIA authentication).
>
> The only way I can think of right now, would be to add a request header at the httpd level
> with the remote client IP:port, and then retrieve and decode that same header in my AAA
> module. But that seems a bit convoluted and heavy-handed.
> Is there a way in a PerlAuthenHandler to retrieve an "Apache environment variable"
> directly, which would have been set like so ?
>
> RewriteRule .* - [E=INFO_REMOTE_ADDR:"%{REMOTE_ADDR}\:%{REMOTE_PORT}",NE]
>
>
> Thanks in advance
> André Warnier


Randolf Richardson - randolf@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Beautiful British Columbia, Canada
http://www.inter-corporate.com/
Re: Apache 2.4, mod_perl 2.0.9, APR::SockAddr->port() missing ? [ In reply to ]
aw at ice-sa
Oct 30, 2016, 12:34 AM
Post #3 of 7 (3127 views)
Permalink
On 30.10.2016 01:56, Randolf Richardson wrote:
> Do the following work for you?
>
> $r->connection->remote_addr->port
> $r->connection->local_addr->port
>

I'll check again, but $c->remote_addr is supposed to not exist anymore in httpd 2.4, as
far as I know.
Indeed :

When I modify the code as follows :

#my $client_addr = $r->connection->client_addr;
1184: my $client_addr = $r->connection->remote_addr;
$remote_port = $client_addr->port;
$remote_ip = $r->connection->client_ip;

Can't locate object method "remote_addr" via package "Apache2::Connection" at
/home/mira/EFS/lib/AUTH/SLC.pm line 1184.\n



>> Hi.
>>
>> Apologies to Steve and Torsten for posting this previously to them directly.
>> It somehow slipped my mind that this would have been a better place.
>> Anyway thus :
>>
>> I am in the process of converting some mod_perl AAA code from Apache 2.2 to 2.4, and I
>> encounter the following problem :
>>
>> Apache error log :
>>
>> Can't locate object method "port" via package "APR::SockAddr" at
>> /home/mira/EFS/lib/AUTH/SLC.pm line 1184.\
>>
>> which corresponds to :
>>
>> 1183: my $client_addr = $r->connection->client_addr;
>> 1184: $remote_port = $client_addr->port;
>>
>> In the Apache 2.2 version, this was :
>>
>> $remote_port = $r->connection->remote_addr->port;
>>
>> and worked fine.
>>
>> Environment :
>>
>> Linux d1s008 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-2+deb8u3 (2016-07-02) x86_64
>> GNU/Linux (Debian "Jessie" as far as I know)
>>
>> Apache/2.4.10 (Debian) mod_apreq2-20090110/2.8.0 mod_perl/2.0.9dev Perl/v5.20.2 configured
>> -- resuming normal operations
>> (apache2 and mod_perl are the standard Debian Jessie apt-get packages)
>>
>>
>> I have tried to find clues on the WWW, CPAN etc.. but I do not find anything about
>> APR::SockAddr::port(), except this snippet (quite old..) :
>>
>> CPAN :
>> mod_perl 2.10 Changes :
>> ...
>> 1.99_14 - May 21, 2004
>>
>> APR::SockAddr::port() accessor is now read-only [Stas]
>>
>> Also on the host, the APR::SockAddr module source :
>>
>> /usr/lib/x86_64-linux-gnu/perl5/5.20/APR/SockAddr.pm :
>>
>> quote
>> =item obj: C<$sock_addr>
>> ( C<L<APR::SockAddr object|docs::2.0::api::APR::SockAddr>> )
>>
>> =item ret: C<$port> ( integer )
>>
>> =item since: 2.0.00
>> unquote
>>
>> .. seems to imply that this should work.
>> (And so do
>> https://metacpan.org/pod/APR::SockAddr#port
>> http://perl.apache.org/docs/2.0/api/APR/SockAddr.html#C_port_
>> )
>>
>> Am I doing something wrong ?
>>
>> More importantly to me right now : how can I get the client's connection port number,
>> possibly using a workaround ? I am in control of the Apache httpd configuration.
>>
>> I do not really care if this is the real client port, or a port of some intermediate
>> proxy, as long as it remains consistent across severall KeepAlive calls of the same client
>> workstation.
>> I need this port number to forward to another module (of which I do not have the source),
>> which uses this (and the remote IP), as a kind of persistent identifier for the client
>> connection (for Windows WIA authentication).
>>
>> The only way I can think of right now, would be to add a request header at the httpd level
>> with the remote client IP:port, and then retrieve and decode that same header in my AAA
>> module. But that seems a bit convoluted and heavy-handed.
>> Is there a way in a PerlAuthenHandler to retrieve an "Apache environment variable"
>> directly, which would have been set like so ?
>>
>> RewriteRule .* - [E=INFO_REMOTE_ADDR:"%{REMOTE_ADDR}\:%{REMOTE_PORT}",NE]
>>
>>
>> Thanks in advance
>> André Warnier
>
>
> Randolf Richardson - randolf@inter-corporate.com
> Inter-Corporate Computer & Network Services, Inc.
> Beautiful British Columbia, Canada
> http://www.inter-corporate.com/
>
>
Re: Apache 2.4, mod_perl 2.0.9, APR::SockAddr->port() missing ? [ In reply to ]
aw at ice-sa
Oct 30, 2016, 4:12 AM
Post #4 of 7 (3125 views)
Permalink
Replying to self..

My basic question remains the same :
given that neither of the following seem to work under Apache 2.4 / mod_perl 2.0.9 :

$remote_port = $r->connection->client_addr->port;
or
$remote_port = $r->connection->remote_addr->port;

how could I best obtain, in a mod_perl AAA handler, some unique client port number that is
unlikely to change over the duration of a single HHTP client keepalive connection (whether
through proxies or not). I do not really care if this is really the port number which the
original client used to establish the connection, as long as it remains stable and unique
and, from the Apache/mod_perl webserver point of view, the combination IP:port really is
unique for a given client workstation currently accessing the server.

Unfortunately, I do need an "IP:port" combination, because of some back-end software that
relies on this and which I cannot change. Otherwise I guess that I could use
$r->connection->id.

(which I may still try to use as a kind of "alias" for the port number; maybe the back-end
software won't realise that it is a fake. But I guess that this is a bit risky, since
there is probably no guarantee that this would match the keepalive as the client sees it
through possible proxies).



>>>
>>> In the Apache 2.2 version, this was :
>>>
>>> $remote_port = $r->connection->remote_addr->port;



There was this change in Apache 2.4 compared to 2.2 :

https://httpd.apache.org/docs/trunk/developer/new_api_2_4.html

"conn_rec->remote_ip and conn_rec->remote_addr
These fields have been renamed in order to distinguish between the client IP address
of the connection and the useragent IP address of the request (potentially overridden by a
load balancer or proxy). References to either of these fields must be updated with one of
the following options, as appropriate for the module:

When you require the IP address of the user agent, which might be connected
directly to the server, or might optionally be separated from the server by a transparent
load balancer or proxy, use request_rec->useragent_ip and request_rec->useragent_addr.
When you require the IP address of the client that is connected directly to the
server, which might be the useragent or might be the load balancer or proxy itself, use
conn_rec->client_ip and conn_rec->client_addr.
"

With a corresponding discussion in : https://github.com/eprints/eprints/issues/214

Interesting how a change which was originally made as an improvement/clarification, can
have so many unforeseen ripple effects.




On 30.10.2016 08:34, A. Warnier wrote:
> On 30.10.2016 01:56, Randolf Richardson wrote:
>> Do the following work for you?
>>
>> $r->connection->remote_addr->port
>> $r->connection->local_addr->port
>>
>
> I'll check again, but $c->remote_addr is supposed to not exist anymore in httpd 2.4, as
> far as I know.
> Indeed :
>
> When I modify the code as follows :
>
> #my $client_addr = $r->connection->client_addr;
> 1184: my $client_addr = $r->connection->remote_addr;
> $remote_port = $client_addr->port;
> $remote_ip = $r->connection->client_ip;
>
> Can't locate object method "remote_addr" via package "Apache2::Connection" at
> /home/mira/EFS/lib/AUTH/SLC.pm line 1184.\n
>
>
>
>>> Hi.
>>>
>>> Apologies to Steve and Torsten for posting this previously to them directly.
>>> It somehow slipped my mind that this would have been a better place.
>>> Anyway thus :
>>>
>>> I am in the process of converting some mod_perl AAA code from Apache 2.2 to 2.4, and I
>>> encounter the following problem :
>>>
>>> Apache error log :
>>>
>>> Can't locate object method "port" via package "APR::SockAddr" at
>>> /home/mira/EFS/lib/AUTH/SLC.pm line 1184.\
>>>
>>> which corresponds to :
>>>
>>> 1183: my $client_addr = $r->connection->client_addr;
>>> 1184: $remote_port = $client_addr->port;
>>>
>>> In the Apache 2.2 version, this was :
>>>
>>> $remote_port = $r->connection->remote_addr->port;
>>>
>>> and worked fine.
>>>
>>> Environment :
>>>
>>> Linux d1s008 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-2+deb8u3 (2016-07-02) x86_64
>>> GNU/Linux (Debian "Jessie" as far as I know)
>>>
>>> Apache/2.4.10 (Debian) mod_apreq2-20090110/2.8.0 mod_perl/2.0.9dev Perl/v5.20.2 configured
>>> -- resuming normal operations
>>> (apache2 and mod_perl are the standard Debian Jessie apt-get packages)
>>>
>>>
>>> I have tried to find clues on the WWW, CPAN etc.. but I do not find anything about
>>> APR::SockAddr::port(), except this snippet (quite old..) :
>>>
>>> CPAN :
>>> mod_perl 2.10 Changes :
>>> ...
>>> 1.99_14 - May 21, 2004
>>>
>>> APR::SockAddr::port() accessor is now read-only [Stas]
>>>
>>> Also on the host, the APR::SockAddr module source :
>>>
>>> /usr/lib/x86_64-linux-gnu/perl5/5.20/APR/SockAddr.pm :
>>>
>>> quote
>>> =item obj: C<$sock_addr>
>>> ( C<L<APR::SockAddr object|docs::2.0::api::APR::SockAddr>> )
>>>
>>> =item ret: C<$port> ( integer )
>>>
>>> =item since: 2.0.00
>>> unquote
>>>
>>> .. seems to imply that this should work.
>>> (And so do
>>> https://metacpan.org/pod/APR::SockAddr#port
>>> http://perl.apache.org/docs/2.0/api/APR/SockAddr.html#C_port_
>>> )
>>>
>>> Am I doing something wrong ?
>>>
>>> More importantly to me right now : how can I get the client's connection port number,
>>> possibly using a workaround ? I am in control of the Apache httpd configuration.
>>>
>>> I do not really care if this is the real client port, or a port of some intermediate
>>> proxy, as long as it remains consistent across severall KeepAlive calls of the same client
>>> workstation.
>>> I need this port number to forward to another module (of which I do not have the source),
>>> which uses this (and the remote IP), as a kind of persistent identifier for the client
>>> connection (for Windows WIA authentication).
>>>
>>> The only way I can think of right now, would be to add a request header at the httpd level
>>> with the remote client IP:port, and then retrieve and decode that same header in my AAA
>>> module. But that seems a bit convoluted and heavy-handed.
>>> Is there a way in a PerlAuthenHandler to retrieve an "Apache environment variable"
>>> directly, which would have been set like so ?
>>>
>>> RewriteRule .* - [E=INFO_REMOTE_ADDR:"%{REMOTE_ADDR}\:%{REMOTE_PORT}",NE]
>>>
>>>
>>> Thanks in advance
>>> André Warnier
>>
>>
>> Randolf Richardson - randolf@inter-corporate.com
>> Inter-Corporate Computer & Network Services, Inc.
>> Beautiful British Columbia, Canada
>> http://www.inter-corporate.com/
>>
>>
>
Re: Apache 2.4, mod_perl 2.0.9, APR::SockAddr->port() missing ? [ In reply to ]
randolf at modperl
Oct 30, 2016, 9:57 AM
Post #5 of 7 (3123 views)
Permalink
I haven't tested the newest mod_perl yet, but I know that this is
going to be an issue for me too because I have a number of projects
that rely on the value provided by $r->connection->remote_addr->port
(along with $r->connection->remote_addr->remote_ip as well).

If there's a different way to go about retrieving these values now,
I'm certainly interested to know about it. It's important for Perl
code to have access to information about the remote host, including
IP address and port number, so that we can do things like requesting
that the user login again if their IP addresses changes (e.g., as one
of a number of security measures in custom authentication code, which
is something that I developed and have been having success with).

> Replying to self..
>
> My basic question remains the same :
> given that neither of the following seem to work under Apache 2.4 / mod_perl 2.0.9 :
>
> $remote_port = $r->connection->client_addr->port;
> or
> $remote_port = $r->connection->remote_addr->port;
>
> how could I best obtain, in a mod_perl AAA handler, some unique client port number that is
> unlikely to change over the duration of a single HHTP client keepalive connection (whether
> through proxies or not). I do not really care if this is really the port number which the
> original client used to establish the connection, as long as it remains stable and unique
> and, from the Apache/mod_perl webserver point of view, the combination IP:port really is
> unique for a given client workstation currently accessing the server.
>
> Unfortunately, I do need an "IP:port" combination, because of some back-end software that
> relies on this and which I cannot change. Otherwise I guess that I could use
> $r->connection->id.
>
> (which I may still try to use as a kind of "alias" for the port number; maybe the back-end
> software won't realise that it is a fake. But I guess that this is a bit risky, since
> there is probably no guarantee that this would match the keepalive as the client sees it
> through possible proxies).
>
>
>
> >>>
> >>> In the Apache 2.2 version, this was :
> >>>
> >>> $remote_port = $r->connection->remote_addr->port;
>
>
>
> There was this change in Apache 2.4 compared to 2.2 :
>
> https://httpd.apache.org/docs/trunk/developer/new_api_2_4.html
>
> "conn_rec->remote_ip and conn_rec->remote_addr
> These fields have been renamed in order to distinguish between the client IP address
> of the connection and the useragent IP address of the request (potentially overridden by a
> load balancer or proxy). References to either of these fields must be updated with one of
> the following options, as appropriate for the module:
>
> When you require the IP address of the user agent, which might be connected
> directly to the server, or might optionally be separated from the server by a transparent
> load balancer or proxy, use request_rec->useragent_ip and request_rec->useragent_addr.
> When you require the IP address of the client that is connected directly to the
> server, which might be the useragent or might be the load balancer or proxy itself, use
> conn_rec->client_ip and conn_rec->client_addr.
> "
>
> With a corresponding discussion in : https://github.com/eprints/eprints/issues/214
>
> Interesting how a change which was originally made as an improvement/clarification, can
> have so many unforeseen ripple effects.
>
>
>
>
> On 30.10.2016 08:34, A. Warnier wrote:
> > On 30.10.2016 01:56, Randolf Richardson wrote:
> >> Do the following work for you?
> >>
> >> $r->connection->remote_addr->port
> >> $r->connection->local_addr->port
> >>
> >
> > I'll check again, but $c->remote_addr is supposed to not exist anymore in httpd 2.4, as
> > far as I know.
> > Indeed :
> >
> > When I modify the code as follows :
> >
> > #my $client_addr = $r->connection->client_addr;
> > 1184: my $client_addr = $r->connection->remote_addr;
> > $remote_port = $client_addr->port;
> > $remote_ip = $r->connection->client_ip;
> >
> > Can't locate object method "remote_addr" via package "Apache2::Connection" at
> > /home/mira/EFS/lib/AUTH/SLC.pm line 1184.\n
> >
> >
> >
> >>> Hi.
> >>>
> >>> Apologies to Steve and Torsten for posting this previously to them directly.
> >>> It somehow slipped my mind that this would have been a better place.
> >>> Anyway thus :
> >>>
> >>> I am in the process of converting some mod_perl AAA code from Apache 2.2 to 2.4, and I
> >>> encounter the following problem :
> >>>
> >>> Apache error log :
> >>>
> >>> Can't locate object method "port" via package "APR::SockAddr" at
> >>> /home/mira/EFS/lib/AUTH/SLC.pm line 1184.\
> >>>
> >>> which corresponds to :
> >>>
> >>> 1183: my $client_addr = $r->connection->client_addr;
> >>> 1184: $remote_port = $client_addr->port;
> >>>
> >>> In the Apache 2.2 version, this was :
> >>>
> >>> $remote_port = $r->connection->remote_addr->port;
> >>>
> >>> and worked fine.
> >>>
> >>> Environment :
> >>>
> >>> Linux d1s008 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-2+deb8u3 (2016-07-02) x86_64
> >>> GNU/Linux (Debian "Jessie" as far as I know)
> >>>
> >>> Apache/2.4.10 (Debian) mod_apreq2-20090110/2.8.0 mod_perl/2.0.9dev Perl/v5.20.2 configured
> >>> -- resuming normal operations
> >>> (apache2 and mod_perl are the standard Debian Jessie apt-get packages)
> >>>
> >>>
> >>> I have tried to find clues on the WWW, CPAN etc.. but I do not find anything about
> >>> APR::SockAddr::port(), except this snippet (quite old..) :
> >>>
> >>> CPAN :
> >>> mod_perl 2.10 Changes :
> >>> ...
> >>> 1.99_14 - May 21, 2004
> >>>
> >>> APR::SockAddr::port() accessor is now read-only [Stas]
> >>>
> >>> Also on the host, the APR::SockAddr module source :
> >>>
> >>> /usr/lib/x86_64-linux-gnu/perl5/5.20/APR/SockAddr.pm :
> >>>
> >>> quote
> >>> =item obj: C<$sock_addr>
> >>> ( C<L<APR::SockAddr object|docs::2.0::api::APR::SockAddr>> )
> >>>
> >>> =item ret: C<$port> ( integer )
> >>>
> >>> =item since: 2.0.00
> >>> unquote
> >>>
> >>> .. seems to imply that this should work.
> >>> (And so do
> >>> https://metacpan.org/pod/APR::SockAddr#port
> >>> http://perl.apache.org/docs/2.0/api/APR/SockAddr.html#C_port_
> >>> )
> >>>
> >>> Am I doing something wrong ?
> >>>
> >>> More importantly to me right now : how can I get the client's connection port number,
> >>> possibly using a workaround ? I am in control of the Apache httpd configuration.
> >>>
> >>> I do not really care if this is the real client port, or a port of some intermediate
> >>> proxy, as long as it remains consistent across severall KeepAlive calls of the same client
> >>> workstation.
> >>> I need this port number to forward to another module (of which I do not have the source),
> >>> which uses this (and the remote IP), as a kind of persistent identifier for the client
> >>> connection (for Windows WIA authentication).
> >>>
> >>> The only way I can think of right now, would be to add a request header at the httpd level
> >>> with the remote client IP:port, and then retrieve and decode that same header in my AAA
> >>> module. But that seems a bit convoluted and heavy-handed.
> >>> Is there a way in a PerlAuthenHandler to retrieve an "Apache environment variable"
> >>> directly, which would have been set like so ?
> >>>
> >>> RewriteRule .* - [E=INFO_REMOTE_ADDR:"%{REMOTE_ADDR}\:%{REMOTE_PORT}",NE]
> >>>
> >>>
> >>> Thanks in advance
> >>> André Warnier
> >>
> >>
> >> Randolf Richardson - randolf@inter-corporate.com
> >> Inter-Corporate Computer & Network Services, Inc.
> >> Beautiful British Columbia, Canada
> >> http://www.inter-corporate.com/
> >>
> >>
> >
>


Randolf Richardson - randolf@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Beautiful British Columbia, Canada
http://www.inter-corporate.com/
Re: Apache 2.4, mod_perl 2.0.9, APR::SockAddr->port() missing ? [ In reply to ]
J.Gao at sydney
Oct 31, 2016, 5:16 PM
Post #6 of 7 (3122 views)
Permalink
This is what I use:

my $c = $r->connection();
my $client_addr = $c->client_addr->ip_get();
my $client_port = $c->client_addr->port();

Regards,

Jie

* A. Warnier <aw@ice-sa.com> wrote:

> Date: Sat, 29 Oct 2016 21:16:35 +0200
> From: "A. Warnier" <aw@ice-sa.com>
> To: mod_perl list <modperl@perl.apache.org>
> Subject: Apache 2.4, mod_perl 2.0.9, APR::SockAddr->port() missing ?
> User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:38.0) Gecko/20100101
> Thunderbird/38.5.0
>
> Hi.
>
> Apologies to Steve and Torsten for posting this previously to them directly.
> It somehow slipped my mind that this would have been a better place.
> Anyway thus :
>
> I am in the process of converting some mod_perl AAA code from Apache 2.2 to
> 2.4, and I encounter the following problem :
>
> Apache error log :
>
> Can't locate object method "port" via package "APR::SockAddr" at
> /home/mira/EFS/lib/AUTH/SLC.pm line 1184.\
>
> which corresponds to :
>
> 1183: my $client_addr = $r->connection->client_addr;
> 1184: $remote_port = $client_addr->port;
>
> In the Apache 2.2 version, this was :
>
> $remote_port = $r->connection->remote_addr->port;
>
> and worked fine.
>
> Environment :
>
> Linux d1s008 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-2+deb8u3 (2016-07-02)
> x86_64 GNU/Linux (Debian "Jessie" as far as I know)
>
> Apache/2.4.10 (Debian) mod_apreq2-20090110/2.8.0 mod_perl/2.0.9dev
> Perl/v5.20.2 configured -- resuming normal operations
> (apache2 and mod_perl are the standard Debian Jessie apt-get packages)
>
>
> I have tried to find clues on the WWW, CPAN etc.. but I do not find anything
> about APR::SockAddr::port(), except this snippet (quite old..) :
>
> CPAN :
> mod_perl 2.10 Changes :
> ...
> 1.99_14 - May 21, 2004
>
> APR::SockAddr::port() accessor is now read-only [Stas]
>
> Also on the host, the APR::SockAddr module source :
>
> /usr/lib/x86_64-linux-gnu/perl5/5.20/APR/SockAddr.pm :
>
> quote
> =item obj: C<$sock_addr>
> ( C<L<APR::SockAddr object|docs::2.0::api::APR::SockAddr>> )
>
> =item ret: C<$port> ( integer )
>
> =item since: 2.0.00
> unquote
>
> .. seems to imply that this should work.
> (And so do
> https://metacpan.org/pod/APR::SockAddr#port
> http://perl.apache.org/docs/2.0/api/APR/SockAddr.html#C_port_
> )
>
> Am I doing something wrong ?
>
> More importantly to me right now : how can I get the client's connection
> port number, possibly using a workaround ? I am in control of the Apache
> httpd configuration.
>
> I do not really care if this is the real client port, or a port of some
> intermediate proxy, as long as it remains consistent across severall
> KeepAlive calls of the same client workstation.
> I need this port number to forward to another module (of which I do not have
> the source), which uses this (and the remote IP), as a kind of persistent
> identifier for the client connection (for Windows WIA authentication).
>
> The only way I can think of right now, would be to add a request header at
> the httpd level with the remote client IP:port, and then retrieve and decode
> that same header in my AAA module. But that seems a bit convoluted and
> heavy-handed.
> Is there a way in a PerlAuthenHandler to retrieve an "Apache environment
> variable" directly, which would have been set like so ?
>
> RewriteRule .* - [E=INFO_REMOTE_ADDR:"%{REMOTE_ADDR}\:%{REMOTE_PORT}",NE]
>
>
> Thanks in advance
> André Warnier
Re: Apache 2.4, mod_perl 2.0.9, APR::SockAddr->port() missing ? [ In reply to ]
J.Gao at sydney
Oct 31, 2016, 8:26 PM
Post #7 of 7 (3123 views)
Permalink
In Apache 2.4, client_addr belongs to 'conn_rec', from which you get the information about the peer of the connection, which could be a proxy server.

'useragent_ip' belongs to request_rec, from which you get the information about the HTTP request from the real user end point (the Web browser) on the application layer. You can do:

$useragent_ip = $r->useragent_ip()

.


It seems that '$r->useragent_addr' is mapped to 'apr_sockaddr_t', which means you can do:

$useragent_ip = $r->useragent_addr->ip_get();

and

$useragent_port = $r->useragent_addr->port();

.



Regards,


Jie

* A. Warnier <aw@ice-sa.com> wrote:

> Date: Sun, 30 Oct 2016 12:12:57 +0100
> From: "A. Warnier" <aw@ice-sa.com>
> To: modperl@perl.apache.org
> Subject: Re: Apache 2.4, mod_perl 2.0.9, APR::SockAddr->port() missing ?
> User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:38.0) Gecko/20100101
> Thunderbird/38.5.0
>
> Replying to self..
>
> My basic question remains the same :
> given that neither of the following seem to work under Apache 2.4 / mod_perl 2.0.9 :
>
> $remote_port = $r->connection->client_addr->port;
> or
> $remote_port = $r->connection->remote_addr->port;
>
> how could I best obtain, in a mod_perl AAA handler, some unique client port
> number that is unlikely to change over the duration of a single HHTP client
> keepalive connection (whether through proxies or not). I do not really care
> if this is really the port number which the original client used to
> establish the connection, as long as it remains stable and unique and, from
> the Apache/mod_perl webserver point of view, the combination IP:port really
> is unique for a given client workstation currently accessing the server.
>
> Unfortunately, I do need an "IP:port" combination, because of some back-end
> software that relies on this and which I cannot change. Otherwise I guess
> that I could use $r->connection->id.
>
> (which I may still try to use as a kind of "alias" for the port number;
> maybe the back-end software won't realise that it is a fake. But I guess
> that this is a bit risky, since there is probably no guarantee that this
> would match the keepalive as the client sees it through possible proxies).
>
>
>
> >>>
> >>> In the Apache 2.2 version, this was :
> >>>
> >>> $remote_port = $r->connection->remote_addr->port;
>
>
>
> There was this change in Apache 2.4 compared to 2.2 :
>
> https://httpd.apache.org/docs/trunk/developer/new_api_2_4.html
>
> "conn_rec->remote_ip and conn_rec->remote_addr
> These fields have been renamed in order to distinguish between the
> client IP address of the connection and the useragent IP address of the
> request (potentially overridden by a load balancer or proxy). References to
> either of these fields must be updated with one of the following options, as
> appropriate for the module:
>
> When you require the IP address of the user agent, which might be
> connected directly to the server, or might optionally be separated from the
> server by a transparent load balancer or proxy, use
> request_rec->useragent_ip and request_rec->useragent_addr.
> When you require the IP address of the client that is connected
> directly to the server, which might be the useragent or might be the load
> balancer or proxy itself, use conn_rec->client_ip and conn_rec->client_addr.
> "
>
> With a corresponding discussion in : https://github.com/eprints/eprints/issues/214
>
> Interesting how a change which was originally made as an
> improvement/clarification, can have so many unforeseen ripple effects.
>
>
>
>
> On 30.10.2016 08:34, A. Warnier wrote:
> >On 30.10.2016 01:56, Randolf Richardson wrote:
> >> Do the following work for you?
> >>
> >> $r->connection->remote_addr->port
> >> $r->connection->local_addr->port
> >>
> >
> >I'll check again, but $c->remote_addr is supposed to not exist anymore in httpd 2.4, as
> >far as I know.
> >Indeed :
> >
> >When I modify the code as follows :
> >
> > #my $client_addr = $r->connection->client_addr;
> >1184: my $client_addr = $r->connection->remote_addr;
> > $remote_port = $client_addr->port;
> > $remote_ip = $r->connection->client_ip;
> >
> >Can't locate object method "remote_addr" via package "Apache2::Connection" at
> >/home/mira/EFS/lib/AUTH/SLC.pm line 1184.\n
> >
> >
> >
> >>>Hi.
> >>>
> >>>Apologies to Steve and Torsten for posting this previously to them directly.
> >>>It somehow slipped my mind that this would have been a better place.
> >>>Anyway thus :
> >>>
> >>>I am in the process of converting some mod_perl AAA code from Apache 2.2 to 2.4, and I
> >>>encounter the following problem :
> >>>
> >>>Apache error log :
> >>>
> >>>Can't locate object method "port" via package "APR::SockAddr" at
> >>>/home/mira/EFS/lib/AUTH/SLC.pm line 1184.\
> >>>
> >>>which corresponds to :
> >>>
> >>>1183: my $client_addr = $r->connection->client_addr;
> >>>1184: $remote_port = $client_addr->port;
> >>>
> >>>In the Apache 2.2 version, this was :
> >>>
> >>> $remote_port = $r->connection->remote_addr->port;
> >>>
> >>>and worked fine.
> >>>
> >>>Environment :
> >>>
> >>>Linux d1s008 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-2+deb8u3 (2016-07-02) x86_64
> >>>GNU/Linux (Debian "Jessie" as far as I know)
> >>>
> >>>Apache/2.4.10 (Debian) mod_apreq2-20090110/2.8.0 mod_perl/2.0.9dev Perl/v5.20.2 configured
> >>>-- resuming normal operations
> >>>(apache2 and mod_perl are the standard Debian Jessie apt-get packages)
> >>>
> >>>
> >>>I have tried to find clues on the WWW, CPAN etc.. but I do not find anything about
> >>>APR::SockAddr::port(), except this snippet (quite old..) :
> >>>
> >>>CPAN :
> >>>mod_perl 2.10 Changes :
> >>>...
> >>>1.99_14 - May 21, 2004
> >>>
> >>> APR::SockAddr::port() accessor is now read-only [Stas]
> >>>
> >>>Also on the host, the APR::SockAddr module source :
> >>>
> >>>/usr/lib/x86_64-linux-gnu/perl5/5.20/APR/SockAddr.pm :
> >>>
> >>>quote
> >>>=item obj: C<$sock_addr>
> >>>( C<L<APR::SockAddr object|docs::2.0::api::APR::SockAddr>> )
> >>>
> >>>=item ret: C<$port> ( integer )
> >>>
> >>>=item since: 2.0.00
> >>>unquote
> >>>
> >>>.. seems to imply that this should work.
> >>>(And so do
> >>>https://metacpan.org/pod/APR::SockAddr#port
> >>>http://perl.apache.org/docs/2.0/api/APR/SockAddr.html#C_port_
> >>>)
> >>>
> >>>Am I doing something wrong ?
> >>>
> >>>More importantly to me right now : how can I get the client's connection port number,
> >>>possibly using a workaround ? I am in control of the Apache httpd configuration.
> >>>
> >>>I do not really care if this is the real client port, or a port of some intermediate
> >>>proxy, as long as it remains consistent across severall KeepAlive calls of the same client
> >>>workstation.
> >>>I need this port number to forward to another module (of which I do not have the source),
> >>>which uses this (and the remote IP), as a kind of persistent identifier for the client
> >>>connection (for Windows WIA authentication).
> >>>
> >>>The only way I can think of right now, would be to add a request header at the httpd level
> >>>with the remote client IP:port, and then retrieve and decode that same header in my AAA
> >>>module. But that seems a bit convoluted and heavy-handed.
> >>>Is there a way in a PerlAuthenHandler to retrieve an "Apache environment variable"
> >>>directly, which would have been set like so ?
> >>>
> >>>RewriteRule .* - [E=INFO_REMOTE_ADDR:"%{REMOTE_ADDR}\:%{REMOTE_PORT}",NE]
> >>>
> >>>
> >>>Thanks in advance
> >>>André Warnier
> >>
> >>
> >>Randolf Richardson - randolf@inter-corporate.com
> >>Inter-Corporate Computer & Network Services, Inc.
> >>Beautiful British Columbia, Canada
> >>http://www.inter-corporate.com/
> >>
> >>
> >
>

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal