NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: bl[ao]cklistd/apache integration



Le 31/01/2024 à 16:14, Martin Neitzel a écrit :
JYM> Does someone know whether there is an "integration" of bl*cklistd with a
JYM> web server?

Your question made me wonder about our (bozo)httpd coming with the
base system, so I checked.  The first blocklistd support code appeared
with:

NetBSD-9.2, 9.3, 9-stable:

Dang I forgot about bozo, thanks for pointing it out!

It looks like the policy decision revolves around the HTTP code [1], which is what I was opting for in case of implementation.

Nice -- so there is indeed prior art I can take inspiration from.

Cheers,


	The man page is promising, read the BLOCKLIST SUPPORT section.
	However, the netbsd9 is compiled with -DNO_BLOCKLIST_SUPPORT,
	and that support is *not* active.

	To compile *with* support, retrofit these four lines in
	/usr/src/libexec/httpd to the 9's "blacklist" spelling:

bozohttpd.h:#include <blocklist.h>
bozohttpd.c:static struct blocklist *blstate;
bozohttpd.c:            blstate = blocklist_open();
bozohttpd.c:    (void)blocklist_r(blstate, what, 0, http_errors_short(code));

	In "Makefile",
	- nuke -DNO_BLOCKLIST_SUPPORT from COPTS+=
	- add -lblacklist to LDADD
[snip > NetBSD-10 (RCs and and upcoming), -current:

	has indeed the support compiled in out of the box;

There appear to be no functional changes.


[1] https://nxr.netbsd.org/xref/src/libexec/httpd/bozohttpd.c#2327

--
jym@



Home | Main Index | Thread Index | Old Index