Enviar pesquisa
Carregar
Apache mod authまわりとか
•
Transferir como KEY, PDF
•
1 gostou
•
710 visualizações
Toshiyuki Terashita
Seguir
Apacheモジュールの大まかな流れと、 認証によりリクエストボディの受信を止めることについて。
Leia menos
Leia mais
Tecnologia
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 19
Baixar agora
Recomendados
Introduction to Flask Micro Framework
Introduction to Flask Micro Framework
Mohammad Reza Kamalifard
Pycon - Python for ethical hackers
Pycon - Python for ethical hackers
Mohammad Reza Kamalifard
What\'s new in Rails 2.1
What\'s new in Rails 2.1
Keith Pitty
Retrofit Android by Chris Ollenburg
Retrofit Android by Chris Ollenburg
Trey Robinson
Using Logstash, elasticsearch & kibana
Using Logstash, elasticsearch & kibana
Alejandro E Brito Monedero
Ruby HTTP clients comparison
Ruby HTTP clients comparison
Hiroshi Nakamura
[JCConf 2020] 用 Kotlin 跨入 Serverless 世代
[JCConf 2020] 用 Kotlin 跨入 Serverless 世代
Shengyou Fan
Introduction to Vert.x
Introduction to Vert.x
Yiguang Hu
Recomendados
Introduction to Flask Micro Framework
Introduction to Flask Micro Framework
Mohammad Reza Kamalifard
Pycon - Python for ethical hackers
Pycon - Python for ethical hackers
Mohammad Reza Kamalifard
What\'s new in Rails 2.1
What\'s new in Rails 2.1
Keith Pitty
Retrofit Android by Chris Ollenburg
Retrofit Android by Chris Ollenburg
Trey Robinson
Using Logstash, elasticsearch & kibana
Using Logstash, elasticsearch & kibana
Alejandro E Brito Monedero
Ruby HTTP clients comparison
Ruby HTTP clients comparison
Hiroshi Nakamura
[JCConf 2020] 用 Kotlin 跨入 Serverless 世代
[JCConf 2020] 用 Kotlin 跨入 Serverless 世代
Shengyou Fan
Introduction to Vert.x
Introduction to Vert.x
Yiguang Hu
HTTPBuilder NG: Back From The Dead
HTTPBuilder NG: Back From The Dead
noamt
Lua tech talk
Lua tech talk
Locaweb
Groovy Powered Clean Code
Groovy Powered Clean Code
noamt
Roll Your Own API Management Platform with nginx and Lua
Roll Your Own API Management Platform with nginx and Lua
Jon Moore
Bootstrapping multidc observability stack
Bootstrapping multidc observability stack
Bram Vogelaar
Ruby HTTP clients
Ruby HTTP clients
Zoran Majstorovic
Edward
Edward
Tom Elliott
Bootstrapping multidc observability stack
Bootstrapping multidc observability stack
Bram Vogelaar
Puppet and the HashiStack
Puppet and the HashiStack
Bram Vogelaar
OneRing @ OSCamp 2010
OneRing @ OSCamp 2010
Qiangning Hong
Reliable Python REST API (by Volodymyr Hotsyk) - Web Back-End Tech Hangout - ...
Reliable Python REST API (by Volodymyr Hotsyk) - Web Back-End Tech Hangout - ...
Innovecs
Observability with Consul Connect
Observability with Consul Connect
Bram Vogelaar
Integrating icinga2 and the HashiCorp suite
Integrating icinga2 and the HashiCorp suite
Bram Vogelaar
Securing Prometheus exporters using HashiCorp Vault
Securing Prometheus exporters using HashiCorp Vault
Bram Vogelaar
Nginx-lua
Nginx-lua
Дэв Тим Афс
Annotation processing and code gen
Annotation processing and code gen
koji lin
Using ngx_lua in UPYUN
Using ngx_lua in UPYUN
Cong Zhang
Top Node.js Metrics to Watch
Top Node.js Metrics to Watch
Sematext Group, Inc.
Puppet Camp 2012
Puppet Camp 2012
Server Density
Codified PostgreSQL Schema
Codified PostgreSQL Schema
Sean Chittenden
Apache2.3 探訪
Apache2.3 探訪
KLab株式会社
20100305
20100305
Hironobu Koura
Mais conteúdo relacionado
Mais procurados
HTTPBuilder NG: Back From The Dead
HTTPBuilder NG: Back From The Dead
noamt
Lua tech talk
Lua tech talk
Locaweb
Groovy Powered Clean Code
Groovy Powered Clean Code
noamt
Roll Your Own API Management Platform with nginx and Lua
Roll Your Own API Management Platform with nginx and Lua
Jon Moore
Bootstrapping multidc observability stack
Bootstrapping multidc observability stack
Bram Vogelaar
Ruby HTTP clients
Ruby HTTP clients
Zoran Majstorovic
Edward
Edward
Tom Elliott
Bootstrapping multidc observability stack
Bootstrapping multidc observability stack
Bram Vogelaar
Puppet and the HashiStack
Puppet and the HashiStack
Bram Vogelaar
OneRing @ OSCamp 2010
OneRing @ OSCamp 2010
Qiangning Hong
Reliable Python REST API (by Volodymyr Hotsyk) - Web Back-End Tech Hangout - ...
Reliable Python REST API (by Volodymyr Hotsyk) - Web Back-End Tech Hangout - ...
Innovecs
Observability with Consul Connect
Observability with Consul Connect
Bram Vogelaar
Integrating icinga2 and the HashiCorp suite
Integrating icinga2 and the HashiCorp suite
Bram Vogelaar
Securing Prometheus exporters using HashiCorp Vault
Securing Prometheus exporters using HashiCorp Vault
Bram Vogelaar
Nginx-lua
Nginx-lua
Дэв Тим Афс
Annotation processing and code gen
Annotation processing and code gen
koji lin
Using ngx_lua in UPYUN
Using ngx_lua in UPYUN
Cong Zhang
Top Node.js Metrics to Watch
Top Node.js Metrics to Watch
Sematext Group, Inc.
Puppet Camp 2012
Puppet Camp 2012
Server Density
Codified PostgreSQL Schema
Codified PostgreSQL Schema
Sean Chittenden
Mais procurados
(20)
HTTPBuilder NG: Back From The Dead
HTTPBuilder NG: Back From The Dead
Lua tech talk
Lua tech talk
Groovy Powered Clean Code
Groovy Powered Clean Code
Roll Your Own API Management Platform with nginx and Lua
Roll Your Own API Management Platform with nginx and Lua
Bootstrapping multidc observability stack
Bootstrapping multidc observability stack
Ruby HTTP clients
Ruby HTTP clients
Edward
Edward
Bootstrapping multidc observability stack
Bootstrapping multidc observability stack
Puppet and the HashiStack
Puppet and the HashiStack
OneRing @ OSCamp 2010
OneRing @ OSCamp 2010
Reliable Python REST API (by Volodymyr Hotsyk) - Web Back-End Tech Hangout - ...
Reliable Python REST API (by Volodymyr Hotsyk) - Web Back-End Tech Hangout - ...
Observability with Consul Connect
Observability with Consul Connect
Integrating icinga2 and the HashiCorp suite
Integrating icinga2 and the HashiCorp suite
Securing Prometheus exporters using HashiCorp Vault
Securing Prometheus exporters using HashiCorp Vault
Nginx-lua
Nginx-lua
Annotation processing and code gen
Annotation processing and code gen
Using ngx_lua in UPYUN
Using ngx_lua in UPYUN
Top Node.js Metrics to Watch
Top Node.js Metrics to Watch
Puppet Camp 2012
Puppet Camp 2012
Codified PostgreSQL Schema
Codified PostgreSQL Schema
Semelhante a Apache mod authまわりとか
Apache2.3 探訪
Apache2.3 探訪
KLab株式会社
20100305
20100305
Hironobu Koura
Go Web Development
Go Web Development
Cheng-Yi Yu
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
Soroush Dalili
Web前端性能优化 2014
Web前端性能优化 2014
Yubei Li
Hacking Wordpress Plugins
Hacking Wordpress Plugins
Larry Cashdollar
Rack
Rack
shaokun
HTTP Caching and PHP
HTTP Caching and PHP
David de Boer
IVS CTO Night And Day 2018 Winter - [re:Cap] Serverless & Mobile
IVS CTO Night And Day 2018 Winter - [re:Cap] Serverless & Mobile
Amazon Web Services Japan
Intro to CloudStack API
Intro to CloudStack API
Sebastien Goasguen
Logstash for SEO: come monitorare i Log del Web Server in realtime
Logstash for SEO: come monitorare i Log del Web Server in realtime
Andrea Cardinale
PHP記帳網頁教材(第一頁是空白的)
PHP記帳網頁教材(第一頁是空白的)
TaiShunHuang
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Anna Klepacka
rest3d Web3D 2014
rest3d Web3D 2014
Remi Arnaud
RoR Workshop - Web applications hacking - Ruby on Rails example
RoR Workshop - Web applications hacking - Ruby on Rails example
Railwaymen
Docker Logging and analysing with Elastic Stack - Jakub Hajek
Docker Logging and analysing with Elastic Stack - Jakub Hajek
PROIDEA
Docker Logging and analysing with Elastic Stack
Docker Logging and analysing with Elastic Stack
Jakub Hajek
From zero to hero - Easy log centralization with Logstash and Elasticsearch
From zero to hero - Easy log centralization with Logstash and Elasticsearch
Rafał Kuć
From Zero to Hero - Centralized Logging with Logstash & Elasticsearch
From Zero to Hero - Centralized Logging with Logstash & Elasticsearch
Sematext Group, Inc.
Web Standards Support in WebKit
Web Standards Support in WebKit
Joone Hur
Semelhante a Apache mod authまわりとか
(20)
Apache2.3 探訪
Apache2.3 探訪
20100305
20100305
Go Web Development
Go Web Development
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
Web前端性能优化 2014
Web前端性能优化 2014
Hacking Wordpress Plugins
Hacking Wordpress Plugins
Rack
Rack
HTTP Caching and PHP
HTTP Caching and PHP
IVS CTO Night And Day 2018 Winter - [re:Cap] Serverless & Mobile
IVS CTO Night And Day 2018 Winter - [re:Cap] Serverless & Mobile
Intro to CloudStack API
Intro to CloudStack API
Logstash for SEO: come monitorare i Log del Web Server in realtime
Logstash for SEO: come monitorare i Log del Web Server in realtime
PHP記帳網頁教材(第一頁是空白的)
PHP記帳網頁教材(第一頁是空白的)
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
rest3d Web3D 2014
rest3d Web3D 2014
RoR Workshop - Web applications hacking - Ruby on Rails example
RoR Workshop - Web applications hacking - Ruby on Rails example
Docker Logging and analysing with Elastic Stack - Jakub Hajek
Docker Logging and analysing with Elastic Stack - Jakub Hajek
Docker Logging and analysing with Elastic Stack
Docker Logging and analysing with Elastic Stack
From zero to hero - Easy log centralization with Logstash and Elasticsearch
From zero to hero - Easy log centralization with Logstash and Elasticsearch
From Zero to Hero - Centralized Logging with Logstash & Elasticsearch
From Zero to Hero - Centralized Logging with Logstash & Elasticsearch
Web Standards Support in WebKit
Web Standards Support in WebKit
Último
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
The Digital Insurer
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
DianaGray10
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Remote DBA Services
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Michael W. Hawkins
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
RTylerCroy
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
hans926745
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Maria Levchenko
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
Pixlogix Infotech
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Anna Loughnan Colquhoun
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Khem
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
Boston Institute of Analytics
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
lior mazor
Último
(20)
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
Apache mod authまわりとか
1.
mod_auth
2011/04/08 @suzumura_ss
2.
• tottoruby
3.
Apache Hooks •
• Input filter • Content generator • Output filter •
4.
Input filter (1) •
post_read_request • translate_name • ex) mod_alias • map_to_storage • ex) <Directory />, <Files />, mod_proxy • header_parser • ex) mod_setenvif
5.
Input filter (2) •
access_checker • ex) mod_access, mod_authz_host • check_user_id • auth_checker • type_checker • fixups
6.
Content generator
and Output filter • • Content generator • mod_passenger, mod_cgi, ... • Output filter • mod_xsendfile
7.
mod_passenger+Rails •
Request request /tmp header Body Rails response Rails • Content generator
8.
mod_cgi • /tmp
request response CGI
9.
10.
/cgi-bin/401.cgi 1:
#!/usr/bin/ruby 2: STDERR.puts "Incoming CGI..." 3: 4: puts <<__RESULT__ 5: Status: 401 6: 7: __RESULT__ 8: 9: STDERR.puts "CGI done."
11.
PUT /cgi-bin/401.cgi $ curl
localhost/cgi-bin/401.cgi -T xcode_3.2.6_and_ios_sdk_4.3__final.dmg > /dev/null % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 4237M 0 0 100 4237M 0 114M 0:00:37 0:00:37 --:--:-- 118M ==> access_log <== ::1 - - [05/Apr/2011:14:37:13 +0900] "PUT /cgi-bin/401.cgi HTTP/1.1" 401 - ==> error_log <== [Tue Apr 05 14:37:50 2011] [error] [client ::1] Incoming CGI... [Tue Apr 05 14:37:50 2011] [error] [client ::1] CGI done. 14:37:13 PUT 14:37:50
12.
13.
Input filter • • •
14.
•
• ap_hook_auth_checker() hook • ACCESS DENIED • ap_hook_access_checker() hook
15.
mod_auth_httprequest •
• https://github.com/suzumura-ss/ mod_auth_httprequest • URL HEAD 200(OK), 201(Created), 202(Accepted)
16.
• ap_hook_check_user_id() hook
libcurl HEAD • ap_hook_auth_checker() hook • config
17.
PUT /
HEAD /cgi-bin/auth.cgi response
18.
httpd.conf <Directory "/var/www/html">
: Require valid-request AuthType AuthHttpRequest AuthName X-Auth-HttpRequest AuthHttpRequest-URL http://localhost/cgi-bin/401.cgi </Directory>
19.
$ curl localhost/
-T xcode_3.2.6_and_ios_sdk_4.3__final.dmg % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 4237M 100 475 0 0 90338 0 --:--:-- --:--:-- --:--:-- 0 ==> access_log <== 127.0.0.1 - - [05/Apr/2011:17:57:34 +0900] "HEAD /cgi-bin/auth.cgi HTTP/1.1" 401 - "-" "mod_auth_httprequest/0.1 libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5" 127.0.0.1 - - [05/Apr/2011:17:57:34 +0900] "PUT /xcode%5F3%2E2%2E6%5Fand%5Fios %5Fsdk%5F4%2E3%5F%5Ffinal%2Edmg HTTP/1.1" 401 475 "-" "curl/7.15.5 (i686- redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5" ==> error_log <== [Tue Apr 05 17:57:34 2011] [error] [client 127.0.0.1] Incoming CGI... [Tue Apr 05 17:57:34 2011] [error] [client 127.0.0.1] CGI done.
Notas do Editor
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
Baixar agora