[mod_python] newbie filter won't work

Graham Dumpleton grahamd at dscpl.com.au
Wed Oct 11 19:00:42 EDT 2006 

Sells, Fred wrote ..
> I'm new to mod_python and to apache config.
> 
> I would like to setup a master security "trap" that intercepts all .py
> urls
> and then  check for a cookie, and if it exists, I send it to the legacy
> server which should respond with the user name.  Most of our web stuff
> is on
> that legacy server and it has it's own security model that is outside my
> responsibility.  If the cookie doesn't exist, I redirect to our standard
> login page.
> 
> It doesn't look like I can use the Apache Basic authentication, since that
> gives me the Apache login popup.  I tried input filter, but can't get it
> to
> work.  Can anyone show what I'm doing wrong?  my setup is...
> 
> -----------httpd.conf---------------------------------
> <Directory "/var/www/html/modpytest">
>         AddHandler mod_python .py
>         PythonHandler form
> #       PythonHandler mod_python.publisher
>         PythonInputFilter security SECURITY
>         AddInputFilter SECURITY .py
>         PythonDebug On
> </Directory>
> 
> 
> -------------form.py------------------------------
> from mod_python import apache
> from mod_python import Cookie
> from mod_python import Session
> import urllib2
> 
> def handler(req):
>     apache.log_error('in handler')
>     req.content_type = "text/plain"
>     text = "basic handler works"
>     text += '\ndir(req) = ' 				+ str( dir(req))
>     text += '\nget_config returns %s' 		% req.get_config()
>     text += '\nget_remote_host() returns %s' 	% req.get_remote_host()
>     text += '\nreq.the_request %s' 			% req.the_request
>     text += '\nreq.unparsed_uri %s' 		% req.unparsed_uri
>     text += '\nreeq.uri %s' 				% req.uri
>     text += '\nreq.args = ' 			+ str(req.args) +'
> '+str(type(req.args))
>     req.write(text)
>     return apache.OK
> 
> ------------------security.py-----------------------
> from mod_python import apache
> 
> def inputfilter(filter):
>     apache.log_error("inputfilter called")
>     s = filter.read()
>     while s:
>         filter.write(s.upper())
>         s = filter.read()
>     if s is None:
>         filter.close() 

A filter is not the way to be doing this. Instead, probably best to use a
headerparserhandler(). Thus:

 <Directory "/var/www/html/modpytest">
         AddHandler mod_python .py
         PythonHeaderParserHandler cookiecheck
         PythonHandler mod_python.publisher
         PythonDebug On
 </Directory>

The cookiecheck module handler would be written as:

  from mod_python import apache
  import posixpath

  def headerparserhandler(req):
    ext = posixpath.path.split(req.filename)[1]
    if ext != '.py':
      return apache.OK

    # check for existence of required cookie

    if have_cookie:
      return apache.OK

    req.status = apache.HTTP_MOVED_TEMPORARILY
    req.err_headers_out["Location"] = 'http://somehost/some/url'
    # other stuff so that other site know where to redirect back to

    req.write('some informative text in case browser redirect is not prompt')
    return apache.DONE

Note that I have avoided using util.redirect() as will not work in mod_python
<3.3 in phases earlier than response handler.

Graham

More information about the Mod_python mailing list