Produced by Araxis Merge on 3/29/2017 4:53:20 PM Eastern Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
| # | Location | File | Last Modified |
|---|---|---|---|
| 1 | CTT-DM CIF Submission.zip\code\apache_extensions | README.md | Fri Mar 3 16:22:14 2017 UTC |
| 2 | CTT-DM CIF Submission.zip\code\apache_extensions | README.md | Tue Mar 28 17:56:22 2017 UTC |
| Description | Between Files 1 and 2 |
|
|---|---|---|
| Text Blocks | Lines | |
| Unchanged | 2 | 336 |
| Changed | 1 | 2 |
| Inserted | 0 | 0 |
| Removed | 0 | 0 |
| Whitespace | |
|---|---|
| Character case | Differences in character case are significant |
| Line endings | Differences in line endings (CR and LF characters) are ignored |
| CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
| 1 | ## apache_ extensions | |
| 2 | ||
| 3 | mod_perl a nd mod_pro xy can wor k together to provid e authenti cation mec hanisms | |
| 4 | within apa che. | |
| 5 | ||
| 6 | In our cas e, on the va-ctt pro ject, we m ust integr ate the De partment | |
| 7 | of Veteran s Affairs Single Sig n On softw are with s oftware su ch as Nexu s and Jenk ins | |
| 8 | despite th e fact tha t this sof tware does not integ rate out o f the box. | |
| 9 | This | |
| 10 | guide will document how to acc omplish th is. | |
| 11 | ||
| 12 | ||
| 13 | ||
| 14 | mod_perl: | |
| 15 | ||
| 16 | ||
| 17 | mod_perl m ust be ins talled aga inst the a pache webs erver: | |
| 18 | ``` | |
| 19 | yum -y ins tall mod_p erl | |
| 20 | ``` | |
| 21 | ||
| 22 | after the install yo u should h ave a perl .conf file , | |
| 23 | for exampl e: | |
| 24 | ``` | |
| 25 | /etc/httpd /conf.d/pe rl.conf | |
| 26 | ``` | |
| 27 | ||
| 28 | ||
| 29 | ||
| 30 | To validat e your ins tall add t he followi ng to perl .conf: | |
| 31 | ||
| 32 | ||
| 33 | ``` | |
| 34 | Alias /per l/ /var/ww w/cgi-bin/ | |
| 35 | <Location /perl> | |
| 36 | SetHan dler perl- script | |
| 37 | PerlRe sponseHand ler ModPer l::Registr y | |
| 38 | PerlOp tions +Par seHeaders | |
| 39 | Option s +ExecCGI | |
| 40 | Order deny,allow | |
| 41 | Allow from all | |
| 42 | </Location > | |
| 43 | ``` | |
| 44 | ||
| 45 | ||
| 46 | ||
| 47 | place cris .pl in: | |
| 48 | ``` | |
| 49 | /var/www/c gi-bin/ | |
| 50 | ``` | |
| 51 | ||
| 52 | cris.pl is dependent on Perl's CGI.pm mo dule (note some vers ions of CP AN do not require an d will not allows th e 'install ' keyword) : | |
| 53 | ``` | |
| 54 | cpan insta ll CGI | |
| 55 | ``` | |
| 56 | When hitti ng your ur l, perhaps : | |
| 57 | ``` | |
| 58 | https://my server/per l/cris.pl | |
| 59 | ``` | |
| 60 | If you see a page th at shows y ou the mod perl vers ion and yo ur header info, | |
| 61 | you have s ucceeded. | |
| 62 | ||
| 63 | ||
| 64 | ||
| 65 | Now to con figure hea der valida tion. In h ttpd.conf include th is line: | |
| 66 | ``` | |
| 67 | PerlRequir e /etc/htt pd/scripts /startup.p l | |
| 68 | ``` | |
| 69 | Obviously, startup.p l should b e there. s tartup.pl is what te lls mod_pe rl | |
| 70 | how to fi nd your va rious cust om modules for exten ding apach e. | |
| 71 | This file modifies | |
| 72 | Perl's inc lude path appropriat ely so per l can find all refer enced sour ce code. | |
| 73 | ||
| 74 | Now in htt pd.conf ad d: | |
| 75 | ``` | |
| 76 | <Location /> | |
| 77 | PerlFixu pHandler P risme::Val idateHeade r | |
| 78 | </Location > | |
| 79 | ``` | |
| 80 | ||
| 81 | ||
| 82 | *NOTE:: T his header validator can be co nfigured i n Apache's \<Locatio n\>, | |
| 83 | \<Director y\> or \<F iles\> sec tion. | |
| 84 | This curre nt config will only run the va lidator | |
| 85 | against th e root pat h ('/'). More resea rch is nee ded to enh ance the c onfig to r un where n eeded. | |
| 86 | ||
| 87 | A quick ex amination of startup .pl shows us that: | |
| 88 | ``` | |
| 89 | /etc/httpd /scripts/m odules | |
| 90 | ``` | |
| 91 | is on the include pa th. We ne ed to ensu re that th e subdirec tory 'Pris me' is pre sent | |
| 92 | and that i t contains the perl module 'Va lidatePris me.pm' | |
| 93 | ||
| 94 | ValidatePr isme.pm ne eds the fo llowing so ftware ins talled, (k eep in min d 'install ' might no t be requi red): | |
| 95 | ``` | |
| 96 | cpan insta ll LWP | |
| 97 | cpan insta ll JSON::P arse | |
| 98 | ``` | |
| 99 | ||
| 100 | There is a file call ed constan ts.pl, you must add it in http d.conf: | |
| 101 | ``` | |
| 102 | PerlRequir e /etc/htt pd/scripts /constants .pl | |
| 103 | ``` | |
| 104 | ||
| 105 | I put it r ight below startup.p l. This f ile is eng ineered to be easy f or a sys a dmin to mo dify. | |
| 106 | It looks p artly like this: | |
| 107 | ``` | |
| 108 | #System ad ministrato r have at the follow ing: | |
| 109 | #number of seconds w e will cac he a users roles for | |
| 110 | $SECONDS_C ACHE = 5*6 0; #every five minut es re-fetc h. | |
| 111 | $PRISME_RO LES_URL = 'https:// DNS : PORT /rails_pri sme/roles/ get_ssoi_r oles.json' ; | |
| 112 | #$PRISME_R OLES_URL = 'http://l ocalhost:3 000/roles/ get_ssoi_r oles.json' ; | |
| 113 | $REQUIRED_ ROLES = [' super_user ','adminis trator']; #at least one of the se role mu st be pres ent to pre vent the d readed 'FO RBIDDEN'! | |
| 114 | $CGI_USER_ NAME = 'id '; | |
| 115 | $JSON_ROLE _NAME_KEY = 'name'; | |
| 116 | $LOG_HEADE RS=0; #0 i s false 1 is true, l ogs at the info log level. | |
| 117 | $ACCEPT_AL L_REQUESTS =0; #if 0 works as e xpected (r ole valida tion occur s), if 1 r ole valida tion is di sabled | |
| 118 | ``` | |
| 119 | ||
| 120 | our mod pe rl module does quite a bit of logging. To set log levels lo ok for som ething | |
| 121 | like this in the app ropriate . conf file | |
| 122 | ``` | |
| 123 | # Use sepa rate log f iles for t he SSL vir tual host; note that LogLevel | |
| 124 | # is not i nherited f rom httpd. conf. | |
| 125 | ErrorLog l ogs/ssl_er ror_log | |
| 126 | TransferLo g logs/ssl _access_lo g | |
| 127 | LogLevel w arn | |
| 128 | ``` | |
| 129 | ||
| 130 | The initia l implemen tation all ows Claudi o's and Cr is' accoun ts access and denies all | |
| 131 | others. | |
| 132 | ||
| 133 | *NOTE:: lo gging occu rs in /var /log/httpd * | |
| 134 | ||
| 135 | mod_proxy | |
| 136 | ||
| 137 | ########## ########## ## | |
| 138 | ||
| 139 | mod_proxy: | |
| 140 | ||
| 141 | The object ive is to forward/pr oxy the in coming req uest over ssl to its final des tination. | |
| 142 | In this in itial impl ementation , we are p roxying / (root) ove r to the d estination server. | |
| 143 | We have to nest the mod_proxy config in the ssl.co nf file un der httpd/ conf.d/ssl .conf | |
| 144 | In this in itial impl ementation we aren't using Vir tualHost(s ) yet. | |
| 145 | ||
| 146 | mod_proxy config: | |
| 147 | ||
| 148 | ||
| 149 | # We must load the f ollowing m odules: | |
| 150 | LoadModule proxy_mod ule module s/mod_prox y.so | |
| 151 | LoadModule proxy_htt p_module m odules/mod _proxy_htt p.so | |
| 152 | ||
| 153 | # Add the following directives : | |
| 154 | ProxyReque sts Off | |
| 155 | ProxyPrese rveHost On | |
| 156 | ProxyPass / h ttps://vas ervername: 4848 | |
| 157 | ProxyPassR everse / h ttps://vas ervername: 4848 | |
| 158 | ||
| 159 | # Need to research A ccess Cont rol for th e version of httpd w e are runn ing in the VAservers : | |
| 160 | # http://h ttpd.apach e.org/docs /2.4/upgra ding.html# run-time | |
| 161 | ||
| 162 | ||
| 163 | ||
| 164 | ||
| 165 | ||
| 166 | ||
| 167 | ||
| 168 | ||
| 169 |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.