# apache2 mod_perl2



## z3R0 (May 28, 2009)

I'm having issues getting mod_perl2 to render .pl scripts.

I installed the mod_perl2 package from the ports collection and configured httpd.conf as so:

```
LoadModule perl_module libexec/apache2/mod_perl.so

PerlSwitches -wT

Alias /htdocs/ /usr/local/www/htdocs
<Location /htdocs/>
        SetHandler perl-script
        PerlResponseHandler ModPerl::Registry
        PerlOptions +ParseHeaders
        Options +ExecCGI
        Order allow,deny
        Allow from all
</Location>
```
The Apache error log reports

```
[Thu May 28 18:05:22 2009] [notice] Apache/2.0.63 (FreeBSD) mod_perl/2.0.4 Perl/v5.8.9 configured -- resuming normal operations
```

So it seems to be running.

I'm serving index.pl from htdocs and I get the RAW text versus a rendered page.

```
#!/usr/bin/perl
print "Content-type: text/plain\n\n";
print "Hello\n";
```
index.pl has chmod 755 permissions.

Not sure what's wrong.

Any ideas?

Thanks,
z3r0


----------



## z3R0 (May 29, 2009)

I tried installing mod_perl2 statically this time following these instructions: http://search.cpan.org/~gozer/mod_perl-2.0.1/docs/user/install/install.pod

With no luck. I receive the following errors in modperl_exports.c

error: `modperl_thx_interp_get' undeclared
error: `modperl_thx_interp_set' undeclared

I tried commenting out the get and set methods and running make again with no success.

Has anyone been able to successfully install mod_perl2 and apache2 successfully on freebsd 7.2?

What should the settings be in httpd.conf?

Thanks,
z3r0


----------



## anomie (May 29, 2009)

I briefly poked through the a few of the official mod_perl2 docs here and didn't see anything obviously wrong with your config. 

In these situations I normally crank up httpd's logging via the *LogLevel debug* directive and see what other clues I can get.


----------



## anomie (May 29, 2009)

Aha, I think I've got it. After cruising the 'net a bit, it looks like ModPerl::Registry is for CGI. 

So change your config to: 

```
LoadModule perl_module libexec/apache2/mod_perl.so

PerlSwitches -wT

ScriptAlias /htdocs /usr/local/www/htdocs
<Location /htdocs>
        SetHandler perl-script
        PerlResponseHandler ModPerl::Registry
        PerlOptions +ParseHeaders
        Options +ExecCGI
        Order allow,deny
        Allow from all
</Location>
```


----------



## z3R0 (Jun 1, 2009)

Thanks for the help anomie, but I'm still having no luck. The the perl file still does not get interpeted and I see the code.

I also tried the following:

PerlModule Apache2::compat

along with:

AddHandler perl-script .pl

After adding those lines the actual .pl is downloaded when visiting the page.

This is very strange behavior. No wonder mod_php is more popular then mod_perl.
I'm trying to get mod_perl up to run RT Tracker, if this keeps up I might just have to
recreate RT in PHP.

Where do I increase the error logging in Apache? Perhaps there will be something relevant to help solve the problem as you suggested earlier.

Thanks,
z3r0 




			
				anomie said:
			
		

> Aha, I think I've got it. After cruising the 'net a bit, it looks like ModPerl::Registry is for CGI.
> 
> So change your config to:
> 
> ...


----------



## anomie (Jun 1, 2009)

Hmm, I'd have thought ScriptAlias was the ticket for this situation. 

In your Apache config (probably something like /usr/local/etc/apache2/httpd.conf), simply find the LogLevel directive, and change it so that it looks like: 

```
LogLevel debug
```

Next, restart httpd so that your configuration changes take: 
`# apachectl -k restart`

Finally, keep an eye on your error_log (should be something like /var/log/httpd-error.log). 

With any luck, httpd will complain loudly about something or other that may point you in the right direction.


----------



## z3R0 (Jun 1, 2009)

Well here's what apache reports:


```
Mon Jun 01 09:15:33 2009] [info] mod_unique_id: using ip addr 
ap_get_server_banner() not available until httpd/2.2.4 falling back to
ap_get_server_version() at /usr/local/lib/perl5/5.8.9/mach/XSLoader.pm line 94.
ap_get_server_description() not available until httpd/2.2.4 falling back to
ap_get_server_version() at /usr/local/lib/perl5/5.8.9/mach/XSLoader.pm line 94.
[Mon Jun 01 09:15:34 2009] [info] mod_unique_id: using ip addr
[Mon Jun 01 09:15:35 2009] [notice] Apache/2.0.63 (FreeBSD) mod_perl/2.0.4 Perl/v5.8.9 configured -- resuming normal operations
[Mon Jun 01 09:15:35 2009] [info] Server built: May 29 2009 16:50:01
[Mon Jun 01 09:15:35 2009] [debug] prefork.c(956): AcceptMutex: flock (default: flock)
```

Here are the modules that are compiled in `# httpd -l`


```
Compiled in modules:
  core.c
  prefork.c
  http_core.c
  mod_so.c
```

Removing 
	
	



```
PerlModule Apache2::compat
```
 results in:


```
[Mon Jun 01 09:34:57 2009] [info] mod_unique_id: using ip addr
[Mon Jun 01 09:34:58 2009] [notice] Apache/2.0.63 (FreeBSD) mod_perl/2.0.4 Perl/v5.8.9 configured -- resuming normal operations
[Mon Jun 01 09:34:58 2009] [info] Server built: May 29 2009 16:50:01
[Mon Jun 01 09:34:58 2009] [debug] prefork.c(956): AcceptMutex: flock (default: flock)
```

hmmm... :\

z3r0



			
				anomie said:
			
		

> Hmm, I'd have thought ScriptAlias was the ticket for this situation.
> 
> In your Apache config (probably something like /usr/local/etc/apache2/httpd.conf), simply find the LogLevel directive, and change it so that it looks like:
> 
> ...


----------



## anomie (Jun 1, 2009)

I installed Apache 2.0 web server and mod_perl2 from ports just to confirm that this works. (It does.) 

Here are snippets from my httpd.conf: 

```
LoadModule perl_module libexec/apache2/mod_perl.so
...
<Directory /usr/local/www/perl>
    Options +ExecCGI
    SetHandler perl-script
    PerlResponseHandler ModPerl::Registry
    PerlOptions +ParseHeaders

    AllowOverride None
    Order Allow,Deny
    Allow from all
</Directory>
```

Some permissions information: 

```
sinbad# ls -ld /usr/local/www/perl/
drwxr-xr-x  2 root  wheel  512 Jun  1 11:57 /usr/local/www/perl/

sinbad# ls -l /usr/local/www/perl/test.pl 
-rwxr-xr-x  1 root  wheel  85 Jun  1 11:57 /usr/local/www/perl/test.pl
```

The script: 

```
#!/usr/bin/perl
print "Content-type: text/plain\n\n";
print "mod_perl 2.0 rocks!\n";
```

And the result: 




---

To eliminate possibilities:

 First, double check your directory and file permissions to ensure that the execute bit is set.
 Next, try setting your directory up (for now) _without_ using any Alias or ScriptAlias. Just put it somewhere under the DocumentRoot.


----------



## z3R0 (Jun 2, 2009)

Well I reinstalled apache2 and mod_perl2 and it seems to be working. Thanks =D

The only problem that I have now (totally unrelated) is that I can no longer access root. Seems that the password has changed or something fishy is going on.

I think I'm just gonna wipe the server and reinstall everything. Any tips on hardening FreeBSD?

z3r0



			
				anomie said:
			
		

> I installed Apache 2.0 web server and mod_perl2 from ports just to confirm that this works. (It does.)
> 
> Here are snippets from my httpd.conf:
> 
> ...


----------



## DutchDaemon (Jun 2, 2009)

Hardening? http://forums.freebsd.org/showthread.php?t=4108 for starters.


----------



## SirDice (Jun 3, 2009)

z3R0 said:
			
		

> The only problem that I have now (totally unrelated) is that I can no longer access root. Seems that the password has changed or something fishy is going on.


Boot to single user mode. You can change the password then.


----------



## z3R0 (Jun 5, 2009)

Thanks for the hardening link!

I'm working on securing MySQL and Apache. I'm planning in putting them in jails. I'll be running mod_perl2 along w/ php5 so I want to make sure everything is nice and secure.

What do you guys think of the following?

mod_jail
mod_security
mod_evasive 

I have aide, sshguard along w/ PF up and running. What else is recommended?

Thanks,
z3r0


----------



## anomie (Jun 11, 2009)

If your budget and free time allow, I would highly recommend picking up a copy of _Apache Security_ by Ivan Ristic. It's an illuminating work that should help you understand and implement proper Apache security (thus the name ). 

The guy also happens to be the mod_security author / maintainer, FWIW. 

(I don't know MySQL well, so I am not commenting on that one.)


----------



## z3R0 (Jun 12, 2009)

Thanks anomie!

I happen to own the book, the problem is that I'm reading like 5 other books right now so I haven't had change to get into it as I would like. 

Right now I'm having bigger issues updating ports and patching FreeBSD.

See here:
http://forums.freebsd.org/showthread.php?p=28040#post28040

I'm hoping I can fix the issues so I can get back to configuring apache and rt.

Wish didn't apply the updates now :\

z3r0



			
				anomie said:
			
		

> If your budget and free time allow, I would highly recommend picking up a copy of _Apache Security_ by Ivan Ristic. It's an illuminating work that should help you understand and implement proper Apache security (thus the name ).
> 
> The guy also happens to be the mod_security author / maintainer, FWIW.
> 
> (I don't know MySQL well, so I am not commenting on that one.)


----------

