bimimicah
commented
3 years ago How fast does it take to load the same directory listing (or whatever content page you are testing with) when mod_authnz_external is disabled?
Closed johndunlap closed 2 years ago
bimimicah
commented
3 years ago How fast does it take to load the same directory listing (or whatever content page you are testing with) when mod_authnz_external is disabled?
johndunlap
commented
3 years ago 79ms without
bimimicah
commented
3 years ago Yeah, that's definitely not right. What sort of environment are you working with? Please provide the following information:
If possible, please attach your Apache configuration file(s). Feel free to mask any sensitive bits with ***** or something before you send them.
johndunlap
commented
3 years ago OS:
LINUX
Distribution source & version number:
Pop!_OS 20.04 LTS 64-bit bullseye/sid
Kernel:
Linux pop-os 5.8.0-7630-generic #32~1609193707~20.04~781bb80-Ubuntu SMP
Apache package & version:
Apache/2.4.41 (Ubuntu) built 2020-08-12T19:46:17
Installed Apache packages:
apache2-bin/focal-security,focal-updates,now 2.4.41-4ubuntu3.1 amd64 [installed,automatic] apache2-data/focal-security,focal-security,focal-updates,focal-updates,now 2.4.41-4ubuntu3.1 all [installed,automatic] apache2-utils/focal-security,focal-updates,now 2.4.41-4ubuntu3.1 amd64 [installed,automatic] apache2/focal-security,focal-updates,now 2.4.41-4ubuntu3.1 amd64 [installed] libapache2-mod-apreq2/focal,now 2.13-7 amd64 [installed] libapache2-mod-authnz-external/focal,now 3.3.2-0.1 amd64 [installed] libapache2-mod-perl2-dev/focal,focal,now 2.0.11-2 all [installed] libapache2-mod-perl2/focal,now 2.0.11-2 amd64 [installed] libapache2-mod-php7.4/focal-security,focal-updates,now 7.4.3-4ubuntu2.4 amd64 [installed,automatic] libapache2-mod-php/focal,focal,now 2:7.4+75 all [installed] libapache2-reload-perl/focal,focal,now 0.13-3 all [installed,automatic] libapache2-request-perl/focal,now 2.13-7 amd64 [installed]
Apache threading model (mpm module) used - event, worker, prefork, or something else?
mpm_prefork - It's the only one that works with mod_perl
What language is your authenticator script using? PHP, perl, bash shell script, or something else?
Perl
Perl version:
This is perl 5, version 20, subversion 2 (v5.20.2) built for x86_64-linux-gnu-thread-multi
Apache configuration: <VirtualHost *:80> ServerAdmin support@foo.co ServerName repo1.foocentral.net DocumentRoot "/usr/local/repo1/"
DefineExternalAuth fooauth pipe /etc/apache2/foo_authenticator.pl
<Directory /usr/local/repo1>
Options None
allow from all
Require all granted
</Directory>
<Location />
AuthType Basic
AuthName "Foo"
AuthBasicProvider external
AuthExternal fooauth
Require valid-user
</Location>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}<VirtualHost *:443> ServerAdmin support@foo.co ServerName repo1.foocentral.net DocumentRoot "/usr/local/repo1/"
SSLEngine on
SSLCertificateFile /etc/apache2/ssl.crt/foocentral.net.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/foocentral.net.key
SSLCertificateChainFile /etc/apache2/ssl.crt/sf_issuing.crt
DefineExternalAuth fooauth pipe /etc/apache2/foo_authenticator.pl
<Directory /usr/local/repo1>
Options Indexes
allow from all
Require all granted
</Directory>
<Location />
AuthType Basic
AuthName "Foo"
AuthBasicProvider external
AuthExternal fooauth
Require valid-user
</Location>It looks like you are using:
libapache2-mod-authnz-external/focal,now 3.3.2-0.1 amd64 [installed]
According to the Debian changelog, that package is from 2014, and there have been 32 commits to this repository since the 3.3.2 release. Admittedly, I think this is probably not your problem, since those fixes don't appear to have much to do with your issue, but it would be a good idea to build a recent copy rather than using the old package, regardless.
Another thing to check is whether your perl script is running into a user permission issue. Apache usually runs under a separate user (e.g. the apache user), and therefore any external processes triggered by apache (such as mod_authnz_external's external authenticators) also run under that user. Make sure the user account used by apache has permission to perform whatever actions your script is taking.
If you are able to, please attach the perl authenticator script (or e-mail it to me directly, if you wish). If you can't due to security concerns or other reasons, I understand, but it may be harder for us to figure out the issue.
johndunlap
commented
3 years ago I have directly emailed you the authenticator script.
bimimicah
commented
3 years ago Ok. I looked over the script and didn't see anything that would be obviously slowing things down.
I think the first thing to try would be to replace the whole script with just exit 1; and check if the slowdown still exists. That way we can determine if it's an initialization issue or something caused by the contents of the script.
If that solves the problem, then the next thing I would try is replacing the curl commands with dummy JSON to see if they are causing the issue. It's possible something about the apache user context is causing trouble.
Also, if your linux box uses them, try temporarily turning off firewalld or whatever firewall or antivirus you may be using and see if that has any effect.
Sorry I don't have a more concrete solution right now.
bimimicah
commented
3 years ago Were you able to try any of the suggestions? If you resolved the problem, please let us know so I can close this issue. Thanks!
bimimicah
commented
2 years ago Since there was no response in over a year, I will go ahead and close this issue for now. If you're still having the problem, feel free to reopen the issue and post what you tried. Thanks for your report!
It's likely that I'm doing something wrong but my authenticator script runs on the command line in approximately 0.05seconds. However, it takes approximately 15 seconds for my directory listing to appear. I'm really not sure why it's so slow. Can you give me any ideas?