mod_perl hacks PHP

Transcript

1. mod_perl hacks PHP גࣜձࣾfonfun ඌܗ మ࣍ (OGATA Tetsuji) Twitter: @xtetsuji

   2011/12/10

2. ࣗݾ঺հ

3. ࣗݾ঺հ • ඌܗ మ࣍ (OGATA Tetsuji) • Twitter: @xtetsuji •

   Blog: http://post.tetsuji.jp/ • ग़਎͸๺ւಓՏ౦܊Իߋொ(ଳ޿ࢢͷྡ) • େֶͰ্ژͯ͠ݱࡏ͸౦ژͷձࣾʹۈ຿

4. ࣗݾ঺հ • Hokkaido.pm#5Ͱʮmod_perlԹނ஌৽ʯ ͱ͍͏τʔΫΛਓੜॳ൸࿐ • ެͷ৔ͰͷτʔΫ͸ࠓճͰ3ճ໨ • ϞμϯPerlʹ৐Ε͍ͯͳ͍30୅ • झຯ:

   ΫϥγοΫԻָɺΧϑΣࢄࡦɺ ࿏ઢόε

5. ॴଐ঺հ • גࣜձࣾfonfun(ϑΥϯϑΝϯ) http://www.fonfun.co.jp/ • ओྗ੡඼ɿϦϞʔτϝʔϧ http://rmail.jp/ • ೚ҙஂମg15ΞιγΤʔγϣϯ http://g15.jp/

6. ॴଐ঺հ • גࣜձࣾfonfun(چ໊ࣾ:ωοτϏϨοδ) • 1999೥͔Β΢Σϒϝʔϧ (঎඼໊:ϦϞʔτϝʔϧ)Λӡ༻ • 2003೥ʹୈ4ੈ୅γεςϜ(Perl + Apache/

   mod_perl + Oracle + Post fi x)Λ։ൃ • ࠷ۙ৽͍ٕ͠ज़తͳࢼΈʹνϟϨϯδத

7. Hokkaido.pm++ • ๺ւಓ͸(ຊ౰ʹ)ࢲͷނڷͰ͢ʂ • ॳεϐʔΧʔͷػձΛ༩͍͍͑ͯͨͩͯ ͋Γ͕ͱ͏͍͟͝·͢ʂ

8. Agenda

9. Agenda • mod_perlৼΓฦΓ • PHPৼΓฦΓ • mod_perl Hacks PHP •

   Authen/Authz Hacks • Output Filter Hacks

10. Agenda • લճɺ༁෼͔Βͣ੝ΓࠐΈ͗ͨ͢ͷͰ • 20෼ͰεϥΠυ90ຕ࡞ͬͨˠແཧ • ࠓճ͸ܰ͘ߦ͖·͢ • ʮmod_perlͱ͔Φϫίϯʯൃݴېࢭ

11. mod_perlৼΓฦΓ

12. mod_perlৼΓฦΓ • mod_perl͸Perl CGIͷߴ଎Խ΋Ͱ͖Δ • mod_perlͷਅ਷͸ApacheϞδϡʔϧͰ ग़དྷΔ༷ʑͳ͜ͱΛPerlͰॻ͚Δ͜ͱ • લճ(#5)ൃදͨ͠ʮmod_perlԹނ஌৽ʯ SlideshareͰެ։͍ͯ͠·͢

13. mod_perlৼΓฦΓ • ࠓճ͸mod_perl2ͷΈͷ͓࿩ • mod_perl1(Apache1.x)Ͱ͸ωΠςΟϒͷ ϑΟϧλؔ࿈͕·ͩొ৔લͳͷͰ… • ࠓճ͸ϑΟϧλؔ࿈ͷ͓࿩΋͠·͢

14. PHPৼΓฦΓ

15. PHPৼΓฦΓ http://ja.wikipedia.org/wiki/PHP:_Hypertext_Preprocessor

16. PHPৼΓฦΓ • ITۀքͰ͸جຊతͳ࿩ • ࢲୡ͸Perl Monger!! ͜͜͸Hokkaido.pm!! • PHP੡ιϑτΛ࢖͏ͷ͸ߏΘͳ͍͚Ͳɺ த਎Λ͍͡Δ·Ͱ͸༨Γͨ͘͠ͳ͍

17. PHP͋Δ͋Δʁ • ൃ஫ͨ͠΢ΣϒΞϓϦ͕PHP੡Ͱɺطʹ ୭͔͕উखʹೲ඼ͪ͠Ό͍ͬͯΔ • ֖Λ։͚Δͱ࣮૷ͱ͔͕ςΩτ΢ա͗ • ͰɺPerl MongerͷԶ͕मਖ਼͢Μͷʁ •

    PHPσόοάͱ͔Ϛδצ(ry

18. PHP͋Δ͋Δʁ •※ࠓͷ͓࿩͸ϑΟΫγϣϯͰ͢(ͨͿΜ)

19. PHP͋Δ͋Δʁ •※େਓͷੈքͷḨࡧ͸͓߇͍͑ͩ͘͞

20. େ੾ͳࣄͳͷͰ • PHPͱ͍͏ݴޠΛdisͬͯΔ༁Ͱ͸ͳ͍ • ྑ͍ιϑτ΢ΣΞ΋ͨ͘͞Μ͋Γ·͢

21. PHP੡ͷྑ࣭ιϑτ ͦͷଞ͍Ζ͍Ζʂ

22. ຊ୊΁ • PHPͷએ఻͸ஔ͍ͱ͍ͯ… • PHPʹͳΔ΂͘खΛՃ͑ͣɺػೳΛ௥Ճ ͨ͠Γ͢Δʹ͸Ͳ͏͢Ε͹͍͍͔ • Ͱ͖Ε͹PerlͰग़དྷΕ͹خ͍͠ • ͦ͜Ͱ…

23. mod_perl hacks PHP

24. mod_perl hacks PHP • PHP͕࣮ߦ͞ΕΔલޙʹmod_perlͰԿ͔ ϑοΫΛࠩ͠ࠐΊͳ͍͔ • PHPॲཧલʹೝূɾڐՄॲཧ • PHPॲཧޙʹग़ྗΛϑΟϧλ…౳ʑ

25. ॲཧϑΣʔζ:mod_perl2 PerlChildInitHandler PerlPostReadRequestHandler PerlInitHandler PerlTransHandler PerlMapToStorageHandler PerlHeaderParserHandler PerlAccessHandler PerlAuthenHandler PerlAuthzHandler

    PerlTypeHandler PerlFixupHandler PerlFixupHandler PerlResponseHandler PerlLogHandler PerlCleanupHandler PerlChildExitHandler ※Apache2ʹݩʑରԠ͢ΔϑΣʔζ͕͋Γ·͢ / ※݁ߏলུ͕͋Γ·͢ɻҎԼΛࢀর http://perl.apache.org/docs/2.0/user/con fi g/con fi g.html

26. Apache2 / mod_perl2 ॲཧϑΣʔζ ※ʮPractical mod_perlʯΑΓൈਮ

27. Apache2 / mod_perl2 ॲཧϑΣʔζ

28. ͜͜Ͱٙ໰ • Q: PHP͸PerlResponseHandler͕ର Ԡ͢ΔApache2ϨεϙϯεϑΣʔζҎ֎ ͰԿ͔޼ົͳ͜ͱΛ͍ͯ͠ͳ͍ͷ͔ • A:͍ͯ͠ͳ͍Β͍͠(͠ͳ͍ͷ͕ϙϦγʔ) • PHPίΞͷ։ൃऀͷ୭͔͕ݴ͍ͬͯͨ

    ※ιʔεݟ͚ͭΒΕͳͯ͘͢Έ·ͤΜ

29. ͦΕͰ͸ຊ୊΁… • ͜ͷ࿩͸ଞͷApache্Ͱಈ࡞͢ΔLL΍ ϓϩάϥϜͰ΋௨༻͢Δ͔΋…Ͱ΋… • TomcatͷίωΫλͱ͔ṖͩΒ͚ • FastCGI / mod_{ଞͷݴޠ}

    ΋ • ͳͷͰࠓճ͸PHPʹݶ͓ͬͨ࿩ʹ

30. Authen/Authz Hacks

31. Authen/Authz Hacks • PHPͷೝূ͕Ϛζ͍έʔε • php.iniͷઃఆ͕Ϛζ͍ • PHPͷsession_start()౳ͷҰ࿈ͷηο γϣϯؔ࿈ؔ਺ͷ࢖͍ํ͕Ϛζ͍ •

    Կ΋Ϛζ͘ͳͯ͘΋طଘͷೝূ͕͋Δ

32. Authen/Authz Hacks • php.ini΍session_*()ؔ਺ͷॾʑͷॲཧΛ σόοά͢Δ͘Β͍ͳΒ… • طʹଞαΠτͰPerlͰ࡞ͬͨطଘͷೝূ ෇͖αΠτ͕͋ΔͳΒ… • →PHPଆͷηογϣϯ؅ཧΛࣺͯͯɺ

    γϯάϧαΠϯΦϯ(SSO)΋Մೳʹ

33. CookieͷಡΈॻ͖

34. CookieͷಡΈॻ͖ • sub handler { my $r = shift; ...

    } આ໌͸লུ • Raw Cookie ΛಡΈॻ͖͢ΔϞδϡʔϧ ͸ HTTP::Cookies ౳͍Ζ͍Ζ͋Γ·͢ • Apache2 (libapreq) ʹ΋ Apache2::Cookie ΍ APR::Request::Cookie ౳ͷϞδϡʔϧ ΋͋Γ

35. AAA • ΞΫηείϯτϩʔϧɾೝূɾڐՄ • 3ͭͷσΟϨΫςΟϒ • PerlAccessHandler • PerlAuthenHandler •

    PerlAuthzHandler

36. CPAN Module of Apache2::AuthCookie*

37. CPAN Module of Apache2::AuthCookie* • Apache2::AuthCookie ͸ࠓ΋ͳ͓ਫ਼ྗత ʹϝϯςφϯε͞Ε͍ͯΔ • ࠓճApache2::AuthCookie

    ͰσϞΛ࡞ͬ ͯΈΑ͏ͱࢥ͕ͬͨؒʹ߹Θͳ͔ͬͨ • ͢Έ·ͤΜ

38. Output Filter Hacks

39. Output Filter Hacks • PHPͷग़ྗͷॻ͖׵͑ • ApacheͷωΠςΟϒϑΟϧλͳͷͰɺ PHPͷob_*ܥઃఆ౳͸Ұ੾ؔ܎ແ͠

40. Output Filter Hacks • ߟ͑ΒΕΔ༻్ɿ • PHPͰॻ͖͖Εͳ͍ॲཧΛಠࣗϚʔΫ Ξοϓͷܗʹ͓͍ͯͯ͠PerlͰஔ׵ • i-modeֆจࣈͷSoftbank޲͚ม׵

    (Perlͷֆจࣈม׵ٕज़͸๛෋Ͱߴ଎)

41. Output Filterͷॻ͖ํ • Filter ͷ৔߹ sub handler { ... }

    ͸ $r (Request Object)Ͱ͸ͳ͘ɺ $f (Filter Object) ΛୈҰҾ਺ʹड͚औΔ • PerlOutputFilterHandler σΟϨΫςΟϒ

42. Output Filterͷॻ͖ํ <VirtualHost *:80> <FilesMatch “.*(html?|php)$”> PerlOutputFilterHandler \ MyApache2::FilterObfuscate </FilesMatch>

    </VirtualHost>

43. Output Filterͷॻ͖ํ

44. DEMO

45. Filter͋Ε͜Ε • ύϑΥʔϚϯε͸ೋͷ࣍ͱͯ͠ɺpipeత ͳॲཧͰྑ͍ͳΒApache2.1͔Βͷඪ४ Ϟδϡʔϧmod_ fi lter͕͋Γ·͢ • ݴޠ͸໰Θͳ͍ɺͱ͍͏͔ ”*.html”

    Λ pipeͰw3mʹ౉ͯ͠text/plainʹ੔ܗͯ͠ ฦ͢౳ͷܳ౰΋Ͱ͖·͢

46. Filter͋Ε͜Ε

47. ·ͱΊ

48. ·ͱΊ • Apache্ͷPHPͰ͋Ε͹ɺॲཧͷલޙʹ mod_perlͰॲཧΛڬΉ͜ͱ͕Ͱ͖Δ • PHP͸ϨεϙϯεϑΣʔζҎ֎Ͱ͸߇͑ ໨ͳͷͰɺmod_perlΛࢥ͏ଘ෼࢖͑Δ

49. ࠷ޙʹ

50. ࠷ޙʹ • Webʹmod_perlͷ৘ใ͸ຊ౰ʹগͳ͍ • mod_perl2ͱ΋ͳΔͱյ໓త • APR:: Apache2:: ModPerl:: ·ΘΓ

    • ଞͷLLΑΓྺ࢙ͷݹ͍Perlݻ༗ͷ໰୊ʁ

51. ೔ຊPerlվ଄ܭը • ʮ೔ຊPerlվ଄ܭըʯͱ͍͏ϨΨγʔ ࣌୅͕௕͔ͬͨPerlͷ৘ใݯΛ࡮৽ͯ͠ ͍͘ࢼΈ͕͋ΔΑ͏Ͱ͢

52. ೔ຊPerlվ଄ܭը http://d.hatena.ne.jp/syohex/20111110/1320938963

53. ೔ຊPerlվ଄ܭը • WAFશ੝ظͰ΋Apache͸݈ࡏ • ࠓճͷΑ͏ͳγνϡΤʔγϣϯ΋͋Δ • ͍͟ͱ͍͏࣌ͷͨΊͷmod_perl৘ใΛ ఏڙ͍ͨ͠

54. ೔ຊPerlվ଄ܭը • ʮ೔ຊmod_perlվ଄ܭըʯΛ͍ͨ͠ • ೔ຊޠͰmod_perl(1 and 2)ͷ৘ใΛൃ৴ ͍ͯ͘͠ϙʔλϧαΠτ࡞੒Λܭըத • τʔΫͰ࿩ͤͳ͍෼ྔͷωλ΋ެ։

    • ࢼΈ͸ϒϩά΍TwitterͰใࠂ͠·͢

55. ࢀߟจݙ • mod_perl2 User’s Guide (Onyx Neon 2007; http://modperl2book.org/)

56. ͝ਗ਼ௌ ͋Γ͕ͱ͏͍͟͝·ͨ͠