A FastCGIExternalServer Directive Change for NetCloak
NetCloak uses the FastCGI module to interface between Apache2 and a
NetCloak server running on localhost:9008.
Apache httpd.conf modifications to configure FastCGI for this are:
LoadModule fastcgi_module /usr/local/apache2/modules/mod_fastcgi.so
AddHandler fastcgi-script .nclk .fdml FastCgiExternalServer
/usr/local/apache2/htdocs -host localhost:9008 -pass-header
The general expectation is that the use of AddHandler .nclk .fdml will
allow any URL that ends in .nclk or .fdml to be handed to netcloak for
processing. Also all other URLs will be processed normally. FastCGI,
however, doesn't quite work that way.
Alone, the AddHandler directive takes any URI ending in .fcgi or .fdml
and tries to execute it as a CGI script. The small number of .fcgi
files we were able to look at contained html and netcloak commands and
not shell commands so the raw text contents was returned to a browser
making the original request.
The FastCgiExternalServer directive causes mod_fastCGI to take any url
that falls in the directory - /usr/local/apache2/htdocs - and hand that
to the server running on the specified host - localhost:9008 - in this
case NetCloak. So the FastCgiExternalServer directive is overriding the
AddHandler directive and handing all urls inside htdocs to NetCloak.
This works fine for content that contains NetCloak or html as NetCloak
seems to process it correctly and return correct results. However,
certain valid graphic or image content such as a gif file are not
processed properly by NetCloak and appear as broken links to the
A lot of investigation was done to understand if there was some kind of
fastCGI configuration that would honor the AddHandler directive in
concert with the FastCGIExternalServer so that only URI with AddHandler
specified extensions would be handed to the FastCGIExternalServer.
Unfortunately mod_fastCgi wasn't built this way. In fact there is
commentary in the fastCGI change log that with release 2.4.0 the
FastCgiExternalServer directive didn't need an AddHandler directive, so
this is seen as a feature by the fastCGI developers and it was concluded
that there are no configurations of the existing fastCGI module that
will make it work properly for NetCloak.
Changing the fastCGI was investigated and a small change to the
FastCgiExternalServer directive implemented. The change has the goal of
restricting the URL requests that are handed to the specified server.
Obviously we could have just modified fastCGI to hand its
CgiExternalServer requests that ended with the suffix .fcgi and .fdml,
but this seemed too much like a hack. However the idea of generally
extending the CgiExternalServer directory specification as a generalized
string matching pattern which could be used to match URLs with .fcgi and
.fdml suffixes seemed to make sense.
It turns out that Apache has already been endowed with Perl regular
expression processing facilities internally so modifications to
conditionally treat the CgiExternalServer directory specification as a
fully formed regular expression were straightforward.
A new modFastCGI FastCgiExternalServer directive was created that has an
optional '-re' parameter. When this parameter is specified, the
FastCgiExternalServer directory specification is treated as a fully
capable Perl regular expression -
http://www.pcre.org>http://www.pcre.org. New versions of the
iTools8.2.0 and iTools8.2.0i will contain the updated mod_fastCGI.so.
This means then that the Apache httpd.conf directives for NetCloak
LoadModule fastcgi_module modules/mod_fastcgi.so
FastCgiExternalServer /Library/Tenon/WebServer/Documents/.*(.nclk|.fdml) -re
-host localhost:9008 -pass-header Authorization
With these directives, the new mod_fastCGI.so and NetCloak in place and
everything seems to work well in that the proper URLs are handed to
NetCloak and graphic and other URLs not matched by the regular
expression are handled by Apache in the normal way.
| Tenon Home |
Contact Us |
About Tenon |
Tech Support |
Press Room |
Mailing Lists |
Copyrightę2006 Tenon Intersystems, 232 Anacapa Street, Suite 2A, Santa Barbara,
CA 93101. All rights reserved.
Questions about our website - Contact: