[Catalyst] Providing a REST API from behind Apache/FastCGI?

brainbuz brainbuz at brainbuz.org
Mon Nov 11 20:51:38 GMT 2013

Newer versions of apache make some security changes
so apache, even though you don't think any access control is being 
applied on the server side,
might be blocking it by default (although that should be a 403 rather 
than 401).

You could try a block like this:

<Location /uri_for/my/app.fcgi>
  Order Allow,Deny
  Allow From All
  Satisfy Any

I wrote an article on deploying starman with apache in the 2011 
catalyst advent calendar, with some errata on my blog, you might want to 
consider switching, although you would still run afoul of tighter apache 
defaults if that is indeed your problem.

On 2013-11-08 15:54, Dan Lowe wrote:
> I have begun development of a RESTful API (using
> Catalyst::Controller::REST), intending to authenticate with basic 
> authentication. Using the myproject_server.pl debug server, 
> everything
> works fine. I send the GET, an Authorization: and an Accept: header,
> and I get a 200 response followed by JSON result.
> When I move this from dev to test, which means it goes behind
> mod_fastcgi, it stops working. Every request gets back 401
> Unauthorized. As far as I can tell, the Authorization header is not
> being passed through to Catalyst.
> Note that my main interactive application uses HTML form auth and
> cookies/sessions, so this is our first use case involving HTTP basic
> authentication.
> Things I have already tried:
> 1. "Adding -pass-header Authorization" to the FastCgiExternalServer
> parameter in httpd.conf
> tcpdump tells me that the "Authorization: Basic xxxxxxx" is being
> sent to the server on port 4900, but it never actually gets through 
> to
> where my req object can use it, e.g. $c->req->header('Authorization')
> is undef.
> 2. Rewriting the Authorization header as an env var
> RewriteCond %{HTTP:Authorization} ^(.+)
> RewriteRule ^(.*)$ $1 [E=HTTP_AUTHORIZATION:%1,PT]
> This turns out not to help because the environment seen by the
> fastcgi server is that of the user who started it, not the 
> environment
> Apache is running in. Dumping the contents of %ENV shows that this 
> env
> var is not available to Catalyst.
> 3. SSLOptions +StdEnvVars
> See #2, it sets env vars in the wrong environment.
> Has anyone had this problem and knows of some solution? I'm out of
> ideas at this point...
> Thanks,
> Dan
> _______________________________________________
> List: Catalyst at lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive: 
> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/

More information about the Catalyst mailing list