Ticket #322 (new enhancement)

Opened 3 years ago

Last modified 4 weeks ago

FastCGI Authorizer support for Variable-name variable passing

Reported by: cpisto@nmxs.com Assigned to: jan
Priority: highest Milestone: 1.4.20
Component: mod_fastcgi Version: 1.4.19
Severity: blocker Keywords:
Cc: Blocking:
Need Feedback: 0

Description

The FastCGI Spec states that authorizers can emit headers of the format Variable-name: value and those variables will be placed into the environment of all subsequent authorized requests as name: value. It would be great if lighttpd supported this.

See http://www.fastcgi.com/devkit/doc/fcgi-spec.html#S6.3 for further information.

Attachments

fastcgi-authorizer-fixes.diff (6.6 kB) - added by maherb on 06/20/2006 11:58:41 AM.
All fastcgi mode=authorizer fixes (Variable- env works, proper re-dispatching, and assert failure fix when auth is running in front of cgi).

Change History

06/01/2006 04:13:05 AM changed by maherb

I agree, this support would be excellent, especially if mod_accesslog allowed you to print these environment variables in your access log. For example, the most common use case for an authorizer FastCGI process is when you want to set the REMOTE_USER cgi environment variable, and most people will want to log the contents of that environment variable.

06/03/2006 07:18:02 AM changed by maherb

If you download and apply the attached fastcgi-authorizer-fixes.diff file, both #321 and #322 will be fixed (as well as a fix for infinite 301 redirection when specifying "/" as your authorizer).

06/20/2006 11:58:41 AM changed by maherb

  • attachment fastcgi-authorizer-fixes.diff added.

All fastcgi mode=authorizer fixes (Variable- env works, proper re-dispatching, and assert failure fix when auth is running in front of cgi).

10/15/2006 11:07:21 PM changed by 2uBuZ81V3k

gviEgLlape9 JJXo5ZRmA9Tb vJTAwVdr2S9S5h

01/16/2007 03:40:10 PM changed by André Cruz

This is excellent news. When can this be applied to the main trunk?

(follow-up: ↓ 6 ) 01/25/2007 04:28:19 PM changed by EDevil

I think that with this patch we still have to opt between serving static content or another fcgi application, by configuring or not a docroot.

Why can't we serve both? If I protect the / URL with an authorizer I want to serve static content, the site CSS, and process the PHP files using a fcgi application.

I enabled this by setting con->status = 0 on line 3114 of mod_fastcgi.c (after the patch). This way mod_staticfile catches the request.

Is there something I am forgetting with this small change?

(in reply to: ↑ 5 ) 02/01/2007 07:17:41 PM changed by maherb

Replying to EDevil:

I think that with this patch we still have to opt between serving static content or another fcgi application, by configuring or not a docroot.

This should not be the case. I've used this patch successfully for many months to serve static content, cgi content, and fastcgi content "behind" a fastcgi authorizer.

Why can't we serve both? If I protect the / URL with an authorizer I want to serve static content, the site CSS, and process the PHP files using a fcgi application. I enabled this by setting con->status = 0 on line 3114 of mod_fastcgi.c (after the patch). This way mod_staticfile catches the request.

The connection struct (typedef struct defined in base.h) does not have a status field. It does have an http_status field. Perhaps you tried to apply the patch against an older version of lighttpd? I've applied the patch against svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x/.

Is there something I am forgetting with this small change?

04/21/2008 11:59:26 AM changed by anonymous

  • blocking changed.
  • pending changed.

FYI, this patch does not apply cleanly since 1.4.15. It's about time this patch is integrated.

04/21/2008 11:59:57 AM changed by anonymous

  • priority changed from normal to highest.
  • version set to 1.4.19.
  • severity changed from normal to blocker.
  • milestone set to 1.4.20.

Add/Change #322 (FastCGI Authorizer support for Variable-name variable passing)




Change Properties