Perl WAF Overview, with mod_perl גࣜձࣾfonfun ඌܗ మ࣍ (OGATA Tetsuji) Twitter: @xtetsuji 2012/05/12 Hokkaido.pm#7

*Preface for readers* • ͜ͷεϥΠυ͸ 2012/05/13ʹߦΘΕͨ Hokkaido.pm#7ʹͯʮඈͼೖΓLTʯΛ ߦͬͨࡍʹٳܜ࣌ؒதͷ10෼Ͱ࡞ͬͨ ଈ੮εϥΠυʹɺ࣮ࡍͷτʔΫ಺༰Λ ৫Γ·ͥͯ࠶ฤूͨ͠΋ͷͰ͢

ࣗݾ঺հ

ࣗݾ঺հ • ඌܗ మ࣍ (OGATA Tetsuji) • Twitter: @xtetsuji • Blog: http://post.tetsuji.jp/ • ग़਎͸๺ւಓՏ౦܊Իߋொ(ଳ޿ࢢͷྡ) • େֶͰ্ژͯ͠ݱࡏ͸౦ژͷձࣾʹۈ຿

ࣗݾ঺հ • Hokkaido.pm 3ճ໨ͷࢀՃ • Hokkaido.pm#5ʮmod_perlԹނ஌৽ʯ • Hokkaido.pm#6ʮmod_perl Hacks PHPʯ • ϞμϯPerlʹ৐Ε͍ͯͳ͍30୅ • mod_perl Hacker…ͳͷ͔ʁ

ॴଐ঺հ • גࣜձࣾfonfun(ϑΥϯϑΝϯ) http://www.fonfun.co.jp/ • ओྗ੡඼ɿϦϞʔτϝʔϧ http://rmail.jp/

Perl WAF, ancient and modern

Perl WAF, ancient • raw (not WAF?) • CGI::Application • ...etc

Perl WAF, modern • Catalyst • Jifty • ...etc

Perl WAF, post-modern • Dancer • Mojolicious • Amon2 • Kossy • ...etc

What is WAF? • ʮMVC෼཭ʯΛଅਐ͢Δ΋ͷʁ • ҧ͏ • Catalystͷࣦഊྫʁ • ModelΛWAFʹີணͤ͞Δͱɺ֎ଆͷ ؅ཧπʔϧ౳͔Β࢖͍ͮΒ͘ͳΔ

What is WAF? • ࢲ͸͜͏ࢥ͏… HTTP Request/Responseͷந৅Խ

What is WAF? •HTTP Request/Responseͷந৅Խ • Web Server͝ͱͷࠩҟΛٵऩ • Catalyst::Engine:: ͱ͔ͷόουϊ΢ϋ΢ •PSGI/Plackͷ࣮݁΁

ͦΜͳࡉ͔͍ࣄΑΓ mod_perl2

ΈΜͳେ޷͖ mod_perl2

Latest Perl WAF fashion • Sinatra (WAF, powered by Ruby) Like • Perl post-modern WAFs almost have Sinatratic syntax • Lightweight • Controller oriented

WAF by mod_perl2 • mod_perl1 ͸ׂѪɺmod_perl2 Λ࢖͏ • mod_perl2 ͷResponseHandlerΛ Sinatra Like ʹ͢Ε͹ WAF ͬͯݴ͍͍ͬͯΜ δϟϚΠΧʁ

WAF by mod_perl2 • ʮWeb Server͝ͱͷࠩҟΛٵऩʯͱ͔ ͖ͬ͞ݴ͍ͬͯͨࣄ͸ແࢹʂ •Apache2/mod_perl2΂ͬͨΓ • mod_perl2ͷ $r (Apache2::RequestRec)͸ Request/ResponseΛྑ͘ந৅Խ͍ͯ͠Δ

mod_perl2 handler’s simple “Hello world”

package MyApache2::Hello; use strict; use warnings; use Apache2::RequestRec; use Apache2::RequestIO; use Apache2::Const -compile => qw(OK); sub handler { my $r = shift; $r->content_type("text/plain"); $r->print("Hello, world"); return Apache2::Const::OK; } 1; __END__ PerlResponseHandler MyApache2::Hello

͜ΕΛSinatra Likeʹ ͢Ε͹͍͍

ͳΒ͹ͱॻ͍ͯΈͨ MyApache2::Sinatratic

package MyApache2::Sinatratic; use strict; use warnings; # $CALLBACK->{$handler_package}->{$http_method} = [ [$url, $handler], ... ]; my $CALLBACK = {}; sub import { my $pkg = shift; my @args = @_; my $callpkg = caller(0); for my $method (qw(get post put del)) { $CALLBACK->{$callpkg}->{$method} = []; } # sub handler definition require Apache2::RequestRec; require Apache2::RequestUtil; require APR::Table; no strict 'refs'; *{"$callpkg\::handler"} = \&import_handler; for my $method (qw(get post put del)) { *{"$callpkg\::$method"} = sub { my ($url, $handler) = @_; push @{$CALLBACK->{$callpkg}->{$method}}, [$url, $handler]; }; } *{"$callpkg\::default"} = sub { my $handler = shift; $CALLBACK->{$callpkg} ||= {}; $CALLBACK->{$callpkg}->{default} = $handler; }; }

֓ཁ͸͜Μͳײ͡

mod_perl2 handler’s Sinatratic “Hello world”

package MyApache2::Hello2; use strict; use warnings; use Apache2::RequestRec; use Apache2::RequestIO; use Apache2::Const -compile => qw(OK); use MyApache2::Sinatratic; get '/' => sub { my $r = shift; $r->content_type("text/plain"); $r->print("Hello, world"); return Apache2::Const::OK; }; 1; __END__ PerlResponseHandler MyApache2::Hello2

SinatraͬΆ͘ͳͬͨ! mod_perl2΋WAFͩ!

MyApache2::Sinatratic • …ͱ͍͏ͷ͸׬શͳΔδϣʔΫ • ଍Γͳ͍ػೳɺόάຬࡌ • ϓϨʔεϗϧμʹରԠͨͭ͠΋Γఔ౓

MyApache2::Sinatratic • ෺޷͖ͷͨΊʹGistʹ์ΓࠐΜͩ • ࢖͏ਓ͸͍ͳ͍ͱࢥ͏͚Ͳɺ࢖͓͏ͱ ࢥ͏༐ऀ͸CAVEATSΛख़ಡͯ͠ʂ • ༐ऀ͕ू·Ε͹ModPerl::Sinatratic(Ծশ) ϓϩδΣΫτ΋΍ͬͪΌ͏͔΋ʂ

MyApache2::Sinatratic • ॻ͍͍ͯͯࢥͬͨࣄ • Sinatra LikeͳWAFͬͯɺPlackແ͠Ͱ΋ ͜͏࡞Ε͹͍͍ΜͩͱษڧͰ͖ͨ • γϯϘϧςʔϒϧ͍͡Γָ͍̇͠ •I ὑ Perl!

͝ਗ਼ௌ ͋Γ͕ͱ͏͍͟͝·ͨ͠