New Versions for Apache 2.4
27 views
Skip to first unread message
Jan Wolter
Oct 6, 2011, 4:02:14 PM10/6/11
to mod_auth_external
Apache is in the process of developing a new version of their httpd
server. This will be Apache 2.4 when released. The development version
now available is Apache 2.3.
This new version makes major changes to the architecture of access
control modules, converting them to a provider-based architecture in
much the way authentication modules were converted in Apache 2.2.
I have released new versions of both mod_authnz_external and
mod_authz_unixgroup which are designed to work on this new
architecture. None of these are heavily tested yet. (I don't even
administer a web server these days, so my ability to test is limited.)
Apache 2.4 also makes some changes that should significantly reduce
the number of re-authentications for sub-requests. I never really got
around to figuring out why there was occasional reported flakiness
when one tried to do a directory listing for a directory protected
with mod_authnz_external, but I suspect that might have been due to
needing to do a sub-request for each file and having to re-
authenticate for each one. If so, Apache 2.4 should fix that.
Apache 2.4 also introduces a new module for caching authentication
credentials from request to request. This is mod_authn_socache.
Unfortunately it is designed in a way that does not make it entirely
natural to use with mod_authnz_external. I have some ideas for a
kludge that might work around this though and hope to release a
version supporting that soon. Caching would likely be a huge
performance boost for many mod_authnz_external applications.
- Jan Wolter
server. This will be Apache 2.4 when released. The development version
now available is Apache 2.3.
This new version makes major changes to the architecture of access
control modules, converting them to a provider-based architecture in
much the way authentication modules were converted in Apache 2.2.
I have released new versions of both mod_authnz_external and
mod_authz_unixgroup which are designed to work on this new
architecture. None of these are heavily tested yet. (I don't even
administer a web server these days, so my ability to test is limited.)
Apache 2.4 also makes some changes that should significantly reduce
the number of re-authentications for sub-requests. I never really got
around to figuring out why there was occasional reported flakiness
when one tried to do a directory listing for a directory protected
with mod_authnz_external, but I suspect that might have been due to
needing to do a sub-request for each file and having to re-
authenticate for each one. If so, Apache 2.4 should fix that.
Apache 2.4 also introduces a new module for caching authentication
credentials from request to request. This is mod_authn_socache.
Unfortunately it is designed in a way that does not make it entirely
natural to use with mod_authnz_external. I have some ideas for a
kludge that might work around this though and hope to release a
version supporting that soon. Caching would likely be a huge
performance boost for many mod_authnz_external applications.
- Jan Wolter
Reply all
Reply to author
Forward
0 new messages