apache2 mod_perl2

[z3R0]

I'm having issues getting mod_perl2 to render .pl scripts.

I installed the mod_perl2 package from the ports collection and configured httpd.conf as so:

LoadModule perl_module libexec/apache2/mod_perl.so

PerlSwitches -wT

Alias /htdocs/ /usr/local/www/htdocs
<Location /htdocs/>
        SetHandler perl-script
        PerlResponseHandler ModPerl::Registry
        PerlOptions +ParseHeaders
        Options +ExecCGI
        Order allow,deny
        Allow from all
</Location>

The Apache error log reports

[Thu May 28 18:05:22 2009] [notice] Apache/2.0.63 (FreeBSD) mod_perl/2.0.4 Perl/v5.8.9 configured -- resuming normal operations

So it seems to be running.

I'm serving index.pl from htdocs and I get the RAW text versus a rendered page.

#!/usr/bin/perl
print "Content-type: text/plain\n\n";
print "Hello\n";

index.pl has chmod 755 permissions.

Not sure what's wrong.

Any ideas?

Thanks,
z3r0

 

[z3R0]

I tried installing mod_perl2 statically this time following these instructions: http://search.cpan.org/~gozer/mod_perl-2.0.1/docs/user/install/install.pod

With no luck. I receive the following errors in modperl_exports.c

error: `modperl_thx_interp_get' undeclared
error: `modperl_thx_interp_set' undeclared

I tried commenting out the get and set methods and running make again with no success.

Has anyone been able to successfully install mod_perl2 and apache2 successfully on freebsd 7.2?

What should the settings be in httpd.conf?

Thanks,
z3r0

 

[anomie]

I briefly poked through the a few of the official mod_perl2 docs here and didn't see anything obviously wrong with your config.

In these situations I normally crank up httpd's logging via the LogLevel debug directive and see what other clues I can get.

 

[anomie]

Aha, I think I've got it. After cruising the 'net a bit, it looks like ModPerl::Registry is for CGI.

So change your config to:

LoadModule perl_module libexec/apache2/mod_perl.so

PerlSwitches -wT

ScriptAlias /htdocs /usr/local/www/htdocs
<Location /htdocs>
        SetHandler perl-script
        PerlResponseHandler ModPerl::Registry
        PerlOptions +ParseHeaders
        Options +ExecCGI
        Order allow,deny
        Allow from all
</Location>

 

[z3R0]

Thanks for the help anomie, but I'm still having no luck. The the perl file still does not get interpeted and I see the code.

I also tried the following:

PerlModule Apache2::compat

along with:

AddHandler perl-script .pl

After adding those lines the actual .pl is downloaded when visiting the page.

This is very strange behavior. No wonder mod_php is more popular then mod_perl.
I'm trying to get mod_perl up to run RT Tracker, if this keeps up I might just have to
recreate RT in PHP.

Where do I increase the error logging in Apache? Perhaps there will be something relevant to help solve the problem as you suggested earlier.

Thanks,
z3r0

Aha, I think I've got it. After cruising the 'net a bit, it looks like ModPerl::Registry is for CGI.

So change your config to:

LoadModule perl_module libexec/apache2/mod_perl.so

PerlSwitches -wT

ScriptAlias /htdocs /usr/local/www/htdocs
<Location /htdocs>
        SetHandler perl-script
        PerlResponseHandler ModPerl::Registry
        PerlOptions +ParseHeaders
        Options +ExecCGI
        Order allow,deny
        Allow from all
</Location>

 

[anomie]

Hmm, I'd have thought ScriptAlias was the ticket for this situation.

In your Apache config (probably something like /usr/local/etc/apache2/httpd.conf), simply find the LogLevel directive, and change it so that it looks like:

LogLevel debug

Next, restart httpd so that your configuration changes take:
# apachectl -k restart

Finally, keep an eye on your error_log (should be something like /var/log/httpd-error.log).

With any luck, httpd will complain loudly about something or other that may point you in the right direction.

 

[z3R0]

Well here's what apache reports:

Mon Jun 01 09:15:33 2009] [info] mod_unique_id: using ip addr 
ap_get_server_banner() not available until httpd/2.2.4 falling back to
ap_get_server_version() at /usr/local/lib/perl5/5.8.9/mach/XSLoader.pm line 94.
ap_get_server_description() not available until httpd/2.2.4 falling back to
ap_get_server_version() at /usr/local/lib/perl5/5.8.9/mach/XSLoader.pm line 94.
[Mon Jun 01 09:15:34 2009] [info] mod_unique_id: using ip addr
[Mon Jun 01 09:15:35 2009] [notice] Apache/2.0.63 (FreeBSD) mod_perl/2.0.4 Perl/v5.8.9 configured -- resuming normal operations
[Mon Jun 01 09:15:35 2009] [info] Server built: May 29 2009 16:50:01
[Mon Jun 01 09:15:35 2009] [debug] prefork.c(956): AcceptMutex: flock (default: flock)

Here are the modules that are compiled in # httpd -l

Compiled in modules:
  core.c
  prefork.c
  http_core.c
  mod_so.c

Removing

PerlModule Apache2::compat

results in:

[Mon Jun 01 09:34:57 2009] [info] mod_unique_id: using ip addr
[Mon Jun 01 09:34:58 2009] [notice] Apache/2.0.63 (FreeBSD) mod_perl/2.0.4 Perl/v5.8.9 configured -- resuming normal operations
[Mon Jun 01 09:34:58 2009] [info] Server built: May 29 2009 16:50:01
[Mon Jun 01 09:34:58 2009] [debug] prefork.c(956): AcceptMutex: flock (default: flock)

hmmm... :\

z3r0

Hmm, I'd have thought ScriptAlias was the ticket for this situation.

In your Apache config (probably something like /usr/local/etc/apache2/httpd.conf), simply find the LogLevel directive, and change it so that it looks like:

LogLevel debug

Next, restart httpd so that your configuration changes take:
# apachectl -k restart

Finally, keep an eye on your error_log (should be something like /var/log/httpd-error.log).

With any luck, httpd will complain loudly about something or other that may point you in the right direction.

 

[anomie]

I installed Apache 2.0 web server and mod_perl2 from ports just to confirm that this works. (It does.)

Here are snippets from my httpd.conf:

LoadModule perl_module libexec/apache2/mod_perl.so
...
<Directory /usr/local/www/perl>
    Options +ExecCGI
    SetHandler perl-script
    PerlResponseHandler ModPerl::Registry
    PerlOptions +ParseHeaders

    AllowOverride None
    Order Allow,Deny
    Allow from all
</Directory>

Some permissions information:

sinbad# ls -ld /usr/local/www/perl/
drwxr-xr-x  2 root  wheel  512 Jun  1 11:57 /usr/local/www/perl/

sinbad# ls -l /usr/local/www/perl/test.pl 
-rwxr-xr-x  1 root  wheel  85 Jun  1 11:57 /usr/local/www/perl/test.pl

The script:

#!/usr/bin/perl
print "Content-type: text/plain\n\n";
print "mod_perl 2.0 rocks!\n";

And the result:


---

To eliminate possibilities:

• First, double check your directory and file permissions to ensure that the execute bit is set.
• Next, try setting your directory up (for now) without using any Alias or ScriptAlias. Just put it somewhere under the DocumentRoot.

 

[z3R0]

Well I reinstalled apache2 and mod_perl2 and it seems to be working. Thanks =D

The only problem that I have now (totally unrelated) is that I can no longer access root. Seems that the password has changed or something fishy is going on.

I think I'm just gonna wipe the server and reinstall everything. Any tips on hardening FreeBSD?

z3r0

I installed Apache 2.0 web server and mod_perl2 from ports just to confirm that this works. (It does.)

Here are snippets from my httpd.conf:

LoadModule perl_module libexec/apache2/mod_perl.so
...
<Directory /usr/local/www/perl>
    Options +ExecCGI
    SetHandler perl-script
    PerlResponseHandler ModPerl::Registry
    PerlOptions +ParseHeaders

    AllowOverride None
    Order Allow,Deny
    Allow from all
</Directory>

Some permissions information:

sinbad# ls -ld /usr/local/www/perl/
drwxr-xr-x  2 root  wheel  512 Jun  1 11:57 /usr/local/www/perl/

sinbad# ls -l /usr/local/www/perl/test.pl 
-rwxr-xr-x  1 root  wheel  85 Jun  1 11:57 /usr/local/www/perl/test.pl

The script:

#!/usr/bin/perl
print "Content-type: text/plain\n\n";
print "mod_perl 2.0 rocks!\n";

And the result:


---

To eliminate possibilities:

• First, double check your directory and file permissions to ensure that the execute bit is set.
• Next, try setting your directory up (for now) without using any Alias or ScriptAlias. Just put it somewhere under the DocumentRoot.

 

[DutchDaemon]

Hardening? http://forums.freebsd.org/showthread.php?t=4108 for starters.

 

[SirDice]

The only problem that I have now (totally unrelated) is that I can no longer access root. Seems that the password has changed or something fishy is going on.

Boot to single user mode. You can change the password then.

 

[z3R0]

Thanks for the hardening link!

I'm working on securing MySQL and Apache. I'm planning in putting them in jails. I'll be running mod_perl2 along w/ php5 so I want to make sure everything is nice and secure.

What do you guys think of the following?

mod_jail
mod_security
mod_evasive

I have aide, sshguard along w/ PF up and running. What else is recommended?

Thanks,
z3r0

 

[anomie]

If your budget and free time allow, I would highly recommend picking up a copy of Apache Security by Ivan Ristic. It's an illuminating work that should help you understand and implement proper Apache security (thus the name ).

The guy also happens to be the mod_security author / maintainer, FWIW.

(I don't know MySQL well, so I am not commenting on that one.)

 

[z3R0]

Thanks anomie!

I happen to own the book, the problem is that I'm reading like 5 other books right now so I haven't had change to get into it as I would like.

Right now I'm having bigger issues updating ports and patching FreeBSD.

See here:
http://forums.freebsd.org/showthread.php?p=28040#post28040

I'm hoping I can fix the issues so I can get back to configuring apache and rt.

Wish didn't apply the updates now :\

z3r0

If your budget and free time allow, I would highly recommend picking up a copy of Apache Security by Ivan Ristic. It's an illuminating work that should help you understand and implement proper Apache security (thus the name ).

The guy also happens to be the mod_security author / maintainer, FWIW.

(I don't know MySQL well, so I am not commenting on that one.)