Re: bl[ao]cklistd/apache integration

[Jean-Yves Migeon <jym%helkyn.org@localhost>]

Le 31/01/2024 à 16:14, Martin Neitzel a écrit :
> JYM> Does someone know whether there is an "integration" of bl*cklistd with a
> JYM> web server?
>
> Your question made me wonder about our (bozo)httpd coming with the
> base system, so I checked.  The first blocklistd support code appeared
> with:
>
> NetBSD-9.2, 9.3, 9-stable:

Dang I forgot about bozo, thanks for pointing it out!

It looks like the policy decision revolves around the HTTP code [1], 
which is what I was opting for in case of implementation.

Nice -- so there is indeed prior art I can take inspiration from.

Cheers,

> 	The man page is promising, read the BLOCKLIST SUPPORT section.
> 	However, the netbsd9 is compiled with -DNO_BLOCKLIST_SUPPORT,
> 	and that support is *not* active.
>
> 	To compile *with* support, retrofit these four lines in
> 	/usr/src/libexec/httpd to the 9's "blacklist" spelling:
>
> bozohttpd.h:#include <blocklist.h>
> bozohttpd.c:static struct blocklist *blstate;
> bozohttpd.c:            blstate = blocklist_open();
> bozohttpd.c:    (void)blocklist_r(blstate, what, 0, http_errors_short(code));
>
> 	In "Makefile",
> 	- nuke -DNO_BLOCKLIST_SUPPORT from COPTS+=
> 	- add -lblacklist to LDADD
> [snip > NetBSD-10 (RCs and and upcoming), -current:
>
> 	has indeed the support compiled in out of the box;
>
> There appear to be no functional changes.


[1] https://nxr.netbsd.org/xref/src/libexec/httpd/bozohttpd.c#2327

--
jym@