Slide 1

Slide 1 text

mod_perl hacks PHP גࣜձࣾfonfun ඌܗ మ࣍ (OGATA Tetsuji) Twitter: @xtetsuji 2011/12/10

Slide 2

Slide 2 text

ࣗݾ঺հ

Slide 3

Slide 3 text

ࣗݾ঺հ • ඌܗ మ࣍ (OGATA Tetsuji) • Twitter: @xtetsuji • Blog: http://post.tetsuji.jp/ • ग़਎͸๺ւಓՏ౦܊Իߋொ(ଳ޿ࢢͷྡ) • େֶͰ্ژͯ͠ݱࡏ͸౦ژͷձࣾʹۈ຿

Slide 4

Slide 4 text

ࣗݾ঺հ • Hokkaido.pm#5Ͱʮmod_perlԹނ஌৽ʯ ͱ͍͏τʔΫΛਓੜॳ൸࿐ • ެͷ৔ͰͷτʔΫ͸ࠓճͰ3ճ໨ • ϞμϯPerlʹ৐Ε͍ͯͳ͍30୅ • झຯ: ΫϥγοΫԻָɺΧϑΣࢄࡦɺ ࿏ઢόε

Slide 5

Slide 5 text

ॴଐ঺հ • גࣜձࣾfonfun(ϑΥϯϑΝϯ) http://www.fonfun.co.jp/ • ओྗ੡඼ɿϦϞʔτϝʔϧ http://rmail.jp/ • ೚ҙஂମg15ΞιγΤʔγϣϯ http://g15.jp/

Slide 6

Slide 6 text

ॴଐ঺հ • גࣜձࣾfonfun(چ໊ࣾ:ωοτϏϨοδ) • 1999೥͔Β΢Σϒϝʔϧ (঎඼໊:ϦϞʔτϝʔϧ)Λӡ༻ • 2003೥ʹୈ4ੈ୅γεςϜ(Perl + Apache/ mod_perl + Oracle + Post fi x)Λ։ൃ • ࠷ۙ৽͍ٕ͠ज़తͳࢼΈʹνϟϨϯδத

Slide 7

Slide 7 text

Hokkaido.pm++ • ๺ւಓ͸(ຊ౰ʹ)ࢲͷނڷͰ͢ʂ • ॳεϐʔΧʔͷػձΛ༩͍͍͑ͯͨͩͯ ͋Γ͕ͱ͏͍͟͝·͢ʂ

Slide 8

Slide 8 text

Agenda

Slide 9

Slide 9 text

Agenda • mod_perlৼΓฦΓ • PHPৼΓฦΓ • mod_perl Hacks PHP • Authen/Authz Hacks • Output Filter Hacks

Slide 10

Slide 10 text

Agenda • લճɺ༁෼͔Βͣ੝ΓࠐΈ͗ͨ͢ͷͰ • 20෼ͰεϥΠυ90ຕ࡞ͬͨˠແཧ • ࠓճ͸ܰ͘ߦ͖·͢ • ʮmod_perlͱ͔Φϫίϯʯൃݴېࢭ

Slide 11

Slide 11 text

mod_perlৼΓฦΓ

Slide 12

Slide 12 text

mod_perlৼΓฦΓ • mod_perl͸Perl CGIͷߴ଎Խ΋Ͱ͖Δ • mod_perlͷਅ਷͸ApacheϞδϡʔϧͰ ग़དྷΔ༷ʑͳ͜ͱΛPerlͰॻ͚Δ͜ͱ • લճ(#5)ൃදͨ͠ʮmod_perlԹނ஌৽ʯ SlideshareͰެ։͍ͯ͠·͢

Slide 13

Slide 13 text

mod_perlৼΓฦΓ • ࠓճ͸mod_perl2ͷΈͷ͓࿩ • mod_perl1(Apache1.x)Ͱ͸ωΠςΟϒͷ ϑΟϧλؔ࿈͕·ͩొ৔લͳͷͰ… • ࠓճ͸ϑΟϧλؔ࿈ͷ͓࿩΋͠·͢

Slide 14

Slide 14 text

PHPৼΓฦΓ

Slide 15

Slide 15 text

PHPৼΓฦΓ http://ja.wikipedia.org/wiki/PHP:_Hypertext_Preprocessor

Slide 16

Slide 16 text

PHPৼΓฦΓ • ITۀքͰ͸جຊతͳ࿩ • ࢲୡ͸Perl Monger!! ͜͜͸Hokkaido.pm!! • PHP੡ιϑτΛ࢖͏ͷ͸ߏΘͳ͍͚Ͳɺ த਎Λ͍͡Δ·Ͱ͸༨Γͨ͘͠ͳ͍

Slide 17

Slide 17 text

PHP͋Δ͋Δʁ • ൃ஫ͨ͠΢ΣϒΞϓϦ͕PHP੡Ͱɺطʹ ୭͔͕উखʹೲ඼ͪ͠Ό͍ͬͯΔ • ֖Λ։͚Δͱ࣮૷ͱ͔͕ςΩτ΢ա͗ • ͰɺPerl MongerͷԶ͕मਖ਼͢Μͷʁ • PHPσόοάͱ͔Ϛδצ(ry

Slide 18

Slide 18 text

PHP͋Δ͋Δʁ •※ࠓͷ͓࿩͸ϑΟΫγϣϯͰ͢(ͨͿΜ)

Slide 19

Slide 19 text

PHP͋Δ͋Δʁ •※େਓͷੈքͷḨࡧ͸͓߇͍͑ͩ͘͞

Slide 20

Slide 20 text

େ੾ͳࣄͳͷͰ • PHPͱ͍͏ݴޠΛdisͬͯΔ༁Ͱ͸ͳ͍ • ྑ͍ιϑτ΢ΣΞ΋ͨ͘͞Μ͋Γ·͢

Slide 21

Slide 21 text

PHP੡ͷྑ࣭ιϑτ ͦͷଞ͍Ζ͍Ζʂ

Slide 22

Slide 22 text

ຊ୊΁ • PHPͷએ఻͸ஔ͍ͱ͍ͯ… • PHPʹͳΔ΂͘खΛՃ͑ͣɺػೳΛ௥Ճ ͨ͠Γ͢Δʹ͸Ͳ͏͢Ε͹͍͍͔ • Ͱ͖Ε͹PerlͰग़དྷΕ͹خ͍͠ • ͦ͜Ͱ…

Slide 23

Slide 23 text

mod_perl hacks PHP

Slide 24

Slide 24 text

mod_perl hacks PHP • PHP͕࣮ߦ͞ΕΔલޙʹmod_perlͰԿ͔ ϑοΫΛࠩ͠ࠐΊͳ͍͔ • PHPॲཧલʹೝূɾڐՄॲཧ • PHPॲཧޙʹग़ྗΛϑΟϧλ…౳ʑ

Slide 25

Slide 25 text

ॲཧϑΣʔζ:mod_perl2 PerlChildInitHandler PerlPostReadRequestHandler PerlInitHandler PerlTransHandler PerlMapToStorageHandler PerlHeaderParserHandler PerlAccessHandler PerlAuthenHandler PerlAuthzHandler PerlTypeHandler PerlFixupHandler PerlFixupHandler PerlResponseHandler PerlLogHandler PerlCleanupHandler PerlChildExitHandler ※Apache2ʹݩʑରԠ͢ΔϑΣʔζ͕͋Γ·͢ / ※݁ߏলུ͕͋Γ·͢ɻҎԼΛࢀর http://perl.apache.org/docs/2.0/user/con fi g/con fi g.html

Slide 26

Slide 26 text

Apache2 / mod_perl2 ॲཧϑΣʔζ ※ʮPractical mod_perlʯΑΓൈਮ

Slide 27

Slide 27 text

Apache2 / mod_perl2 ॲཧϑΣʔζ

Slide 28

Slide 28 text

͜͜Ͱٙ໰ • Q: PHP͸PerlResponseHandler͕ର Ԡ͢ΔApache2ϨεϙϯεϑΣʔζҎ֎ ͰԿ͔޼ົͳ͜ͱΛ͍ͯ͠ͳ͍ͷ͔ • A:͍ͯ͠ͳ͍Β͍͠(͠ͳ͍ͷ͕ϙϦγʔ) • PHPίΞͷ։ൃऀͷ୭͔͕ݴ͍ͬͯͨ ※ιʔεݟ͚ͭΒΕͳͯ͘͢Έ·ͤΜ

Slide 29

Slide 29 text

ͦΕͰ͸ຊ୊΁… • ͜ͷ࿩͸ଞͷApache্Ͱಈ࡞͢ΔLL΍ ϓϩάϥϜͰ΋௨༻͢Δ͔΋…Ͱ΋… • TomcatͷίωΫλͱ͔ṖͩΒ͚ • FastCGI / mod_{ଞͷݴޠ} ΋ • ͳͷͰࠓճ͸PHPʹݶ͓ͬͨ࿩ʹ

Slide 30

Slide 30 text

Authen/Authz Hacks

Slide 31

Slide 31 text

Authen/Authz Hacks • PHPͷೝূ͕Ϛζ͍έʔε • php.iniͷઃఆ͕Ϛζ͍ • PHPͷsession_start()౳ͷҰ࿈ͷηο γϣϯؔ࿈ؔ਺ͷ࢖͍ํ͕Ϛζ͍ • Կ΋Ϛζ͘ͳͯ͘΋طଘͷೝূ͕͋Δ

Slide 32

Slide 32 text

Authen/Authz Hacks • php.ini΍session_*()ؔ਺ͷॾʑͷॲཧΛ σόοά͢Δ͘Β͍ͳΒ… • طʹଞαΠτͰPerlͰ࡞ͬͨطଘͷೝূ ෇͖αΠτ͕͋ΔͳΒ… • →PHPଆͷηογϣϯ؅ཧΛࣺͯͯɺ γϯάϧαΠϯΦϯ(SSO)΋Մೳʹ

Slide 33

Slide 33 text

CookieͷಡΈॻ͖

Slide 34

Slide 34 text

CookieͷಡΈॻ͖ • sub handler { my $r = shift; ... } આ໌͸লུ • Raw Cookie ΛಡΈॻ͖͢ΔϞδϡʔϧ ͸ HTTP::Cookies ౳͍Ζ͍Ζ͋Γ·͢ • Apache2 (libapreq) ʹ΋ Apache2::Cookie ΍ APR::Request::Cookie ౳ͷϞδϡʔϧ ΋͋Γ

Slide 35

Slide 35 text

AAA • ΞΫηείϯτϩʔϧɾೝূɾڐՄ • 3ͭͷσΟϨΫςΟϒ • PerlAccessHandler • PerlAuthenHandler • PerlAuthzHandler

Slide 36

Slide 36 text

CPAN Module of Apache2::AuthCookie*

Slide 37

Slide 37 text

CPAN Module of Apache2::AuthCookie* • Apache2::AuthCookie ͸ࠓ΋ͳ͓ਫ਼ྗత ʹϝϯςφϯε͞Ε͍ͯΔ • ࠓճApache2::AuthCookie ͰσϞΛ࡞ͬ ͯΈΑ͏ͱࢥ͕ͬͨؒʹ߹Θͳ͔ͬͨ • ͢Έ·ͤΜ

Slide 38

Slide 38 text

Output Filter Hacks

Slide 39

Slide 39 text

Output Filter Hacks • PHPͷग़ྗͷॻ͖׵͑ • ApacheͷωΠςΟϒϑΟϧλͳͷͰɺ PHPͷob_*ܥઃఆ౳͸Ұ੾ؔ܎ແ͠

Slide 40

Slide 40 text

Output Filter Hacks • ߟ͑ΒΕΔ༻్ɿ • PHPͰॻ͖͖Εͳ͍ॲཧΛಠࣗϚʔΫ Ξοϓͷܗʹ͓͍ͯͯ͠PerlͰஔ׵ • i-modeֆจࣈͷSoftbank޲͚ม׵ (Perlͷֆจࣈม׵ٕज़͸๛෋Ͱߴ଎)

Slide 41

Slide 41 text

Output Filterͷॻ͖ํ • Filter ͷ৔߹ sub handler { ... } ͸ $r (Request Object)Ͱ͸ͳ͘ɺ $f (Filter Object) ΛୈҰҾ਺ʹड͚औΔ • PerlOutputFilterHandler σΟϨΫςΟϒ

Slide 42

Slide 42 text

Output Filterͷॻ͖ํ PerlOutputFilterHandler \ MyApache2::FilterObfuscate

Slide 43

Slide 43 text

Output Filterͷॻ͖ํ

Slide 44

Slide 44 text

DEMO

Slide 45

Slide 45 text

Filter͋Ε͜Ε • ύϑΥʔϚϯε͸ೋͷ࣍ͱͯ͠ɺpipeత ͳॲཧͰྑ͍ͳΒApache2.1͔Βͷඪ४ Ϟδϡʔϧmod_ fi lter͕͋Γ·͢ • ݴޠ͸໰Θͳ͍ɺͱ͍͏͔ ”*.html” Λ pipeͰw3mʹ౉ͯ͠text/plainʹ੔ܗͯ͠ ฦ͢౳ͷܳ౰΋Ͱ͖·͢

Slide 46

Slide 46 text

Filter͋Ε͜Ε

Slide 47

Slide 47 text

·ͱΊ

Slide 48

Slide 48 text

·ͱΊ • Apache্ͷPHPͰ͋Ε͹ɺॲཧͷલޙʹ mod_perlͰॲཧΛڬΉ͜ͱ͕Ͱ͖Δ • PHP͸ϨεϙϯεϑΣʔζҎ֎Ͱ͸߇͑ ໨ͳͷͰɺmod_perlΛࢥ͏ଘ෼࢖͑Δ

Slide 49

Slide 49 text

࠷ޙʹ

Slide 50

Slide 50 text

࠷ޙʹ • Webʹmod_perlͷ৘ใ͸ຊ౰ʹগͳ͍ • mod_perl2ͱ΋ͳΔͱյ໓త • APR:: Apache2:: ModPerl:: ·ΘΓ • ଞͷLLΑΓྺ࢙ͷݹ͍Perlݻ༗ͷ໰୊ʁ

Slide 51

Slide 51 text

೔ຊPerlվ଄ܭը • ʮ೔ຊPerlվ଄ܭըʯͱ͍͏ϨΨγʔ ࣌୅͕௕͔ͬͨPerlͷ৘ใݯΛ࡮৽ͯ͠ ͍͘ࢼΈ͕͋ΔΑ͏Ͱ͢

Slide 52

Slide 52 text

೔ຊPerlվ଄ܭը http://d.hatena.ne.jp/syohex/20111110/1320938963

Slide 53

Slide 53 text

೔ຊPerlվ଄ܭը • WAFશ੝ظͰ΋Apache͸݈ࡏ • ࠓճͷΑ͏ͳγνϡΤʔγϣϯ΋͋Δ • ͍͟ͱ͍͏࣌ͷͨΊͷmod_perl৘ใΛ ఏڙ͍ͨ͠

Slide 54

Slide 54 text

೔ຊPerlվ଄ܭը • ʮ೔ຊmod_perlվ଄ܭըʯΛ͍ͨ͠ • ೔ຊޠͰmod_perl(1 and 2)ͷ৘ใΛൃ৴ ͍ͯ͘͠ϙʔλϧαΠτ࡞੒Λܭըத • τʔΫͰ࿩ͤͳ͍෼ྔͷωλ΋ެ։ • ࢼΈ͸ϒϩά΍TwitterͰใࠂ͠·͢

Slide 55

Slide 55 text

ࢀߟจݙ • mod_perl2 User’s Guide (Onyx Neon 2007; http://modperl2book.org/)

Slide 56

Slide 56 text

͝ਗ਼ௌ ͋Γ͕ͱ͏͍͟͝·ͨ͠