Project

General

Profile

Forums » Support »

fastcgi authorizer & proxy

Added by bogeskov over 11 years ago

Hello..

I'm fairly new to lighttpd, so this could be a case of not reading the right documentation, or not getting the finer points.

My problem is this:
  • I wish to use lighttpd as a proxy to a JavaEE app (solr).
  • I wish to validate the parameters using fastcgi/perl

I'm currently running on debian wheezy (version: 1.4.28-2)

The issue I'm having is:
  • Without fastcgi-authorizer the proxy works
  • With fastcgi-authorizer I get the errorcode I set in the script ("403 Forbidden") or "404 Not Found"

It looks like using fastcgi-authorizer breaks the response handler, and sets it to
Is there some magic response I can send from the authorizer to allow the proxy to be used.

my fastcgi config is:

fastcgi.server = ( "/solr/" =>
      (( "socket" => "/tmp/authorizer-www.fastcgi-socket",
         "bin-path" => "/var/authorizer-www/authorizer.fcgi",
         "docroot" => "/var/authorizer-www",
         "mode" => "authorizer",
         "check-local"  => "disable",
      ))
    )

my proxy config is:

proxy.server = ( "/solr/" =>
      (( "host" => "127.0.0.1",
         "port" => "8983" 
      ))
    )

my log is:

(request.c.304) fd: 8 request-len: 124 
GET /solr/ HTTP/1.1
User-Agent: Wget/1.13.4 (linux-gnu)
Accept: */*
Host: xen-p01-222
Connection: Keep-Alive

(connections.c.1451) state for fd 8 handle-req 
(response.c.241) run condition 
(configfile-glue.c.583) === start of condition block === 
(configfile-glue.c.471) SERVER["socket"] ( :80 ) compare to  [::]:80 
(configfile-glue.c.534) 1 (uncached) result: false 
(configfile-glue.c.583) === start of condition block === 
(configfile-glue.c.541) 1 (cached) result: false 
(configfile-glue.c.583) === start of condition block === 
(configfile-glue.c.541) 1 (cached) result: false 
(configfile-glue.c.583) === start of condition block === 
(configfile-glue.c.541) 1 (cached) result: false 
(configfile-glue.c.583) === start of condition block === 
(configfile-glue.c.541) 1 (cached) result: false 
(configfile-glue.c.583) === start of condition block === 
(configfile-glue.c.541) 1 (cached) result: false 
(configfile-glue.c.583) === start of condition block === 
(configfile-glue.c.541) 1 (cached) result: false 
(configfile-glue.c.583) === start of condition block === 
(configfile-glue.c.541) 1 (cached) result: false 
(configfile-glue.c.583) === start of condition block === 
(configfile-glue.c.541) 1 (cached) result: false 
(response.c.300) -- splitting Request-URI 
(response.c.301) Request-URI  :  /solr/ 
(response.c.302) URI-scheme   :  http 
(response.c.303) URI-authority:  xen-p01-222 
(response.c.304) URI-path     :  /solr/ 
(response.c.305) URI-query    :   
(response.c.349) -- sanatising URI 
(response.c.350) URI-path     :  /solr/ 
(configfile-glue.c.583) === start of condition block === 
(configfile-glue.c.541) 1 (cached) result: false 
(configfile-glue.c.583) === start of condition block === 
(configfile-glue.c.541) 1 (cached) result: false 
(configfile-glue.c.583) === start of condition block === 
(configfile-glue.c.541) 1 (cached) result: false 
(mod_access.c.135) -- mod_access_uri_handler called 
(configfile-glue.c.583) === start of condition block === 
(configfile-glue.c.541) 1 (cached) result: false 
(configfile-glue.c.583) === start of condition block === 
(configfile-glue.c.541) 1 (cached) result: false 
(mod_fastcgi.c.3636) handling it in mod_fastcgi 
(response.c.470) -- before doc_root 
(response.c.471) Doc-Root     : /var/www 
(response.c.472) Rel-Path     : /solr/ 
(response.c.473) Path         :  
(response.c.521) -- after doc_root 
(response.c.522) Doc-Root     : /var/www 
(response.c.523) Rel-Path     : /solr/ 
(response.c.524) Path         : /var/www/solr/ 
(configfile-glue.c.583) === start of condition block === 
(configfile-glue.c.541) 1 (cached) result: false 
(response.c.541) -- logical -> physical 
(response.c.542) Doc-Root     : /var/www 
(response.c.543) Rel-Path     : /solr/ 
(response.c.544) Path         : /var/www/solr/ 
(connections.c.1793) state at exit: 8 handle-req 
(mod_fastcgi.c.2701) FastCGI-stderr: IN FCGI
(connections.c.1387) state at start 8 handle-req 
(connections.c.1451) state for fd 8 handle-req 
(response.c.561) -- handling physical path 
(response.c.562) Path         : /var/authorizer-www/solr/ 
(response.c.618) -- file not found 
(response.c.619) Path         : /var/authorizer-www/solr/ 
(connections.c.1531) state for fd 8 resp-start 
(response.c.128) Response-Header: 
HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Tue, 04 Feb 2014 11:44:55 GMT
Server: lighttpd/1.4.28

Yours
Morten


Replies (2)

RE: fastcgi authorizer & proxy - Added by darix over 11 years ago

fastcgi authorizer can only handle static files. you cant protect other fastcgi/scgi/proxy configs with it.

RE: fastcgi authorizer & proxy - Added by bogeskov over 11 years ago

Thank you, darix, for a VERY FAST, however slightly disappointing answer ;-)
I'll venture forward and implement a proxy in fastcgi.

Yours
Morten

    (1-2/2)