RT 3.8 and Apache 2, NoAuth pages not parsed by RT?

I have done some additional troubleshooting and am still hitting a bit
of a snag.

I have pages created on our 3.6 RT install (apache 1.3) that read
similar to this:

…mumble…

<%PERL> my $tickets = new RT::Tickets($user); $tickets->LimitQueue(VALUE => 'QUEUENAME'); $tickets->LimitStatus(VALUE => 'open'); $tickets->LimitStatus(VALUE => 'new'); $tickets->OrderBy(FIELD => 'id', ALIAS => 'main', ORDER => 'DESC'); % if ($tickets->Count) {

… mumble mumble…

<%INIT>
my $user = new RT::CurrentUser(‘guest’);
my $queue = new RT::Queue($user);
my $i=0;
my $restrict;
</%INIT>

This allows a user in our helpdesk to view a page of open issues in
this particular example. We authenticate them via htaccess/htpasswd
and just let them cruise a page of open issues because we don’t want
to expose the contents of the tickets to anyone that isn’t a user in
the system.

I’m open to suggestions on other ways of handling this but this is the
way it has been done historically but our 3.8 install doesn’t seem to
like it. It doesn’t actually execute any of the %PERL glue and just
spits it out into the contents of the page. I am not sure if this is
an Apache configuration issue, an RT configuration issue, or both.

I do have mod_perl activated in httpd.conf and we are using fastcgi
and mason_handler.fcgi for the application itself.

In httpd.conf I have been trying out various directives but this is
what it looks like as of now for /NoAuth:

<Location /NoAuth>
satisfy any
SetHandler perl-script
PerlOptions +ParseHeaders
Options +ExecCGI
allow from all

One more thing I forgot to add is that I can never access /NoAuth/ on
the same port as the RT application itself, it always returns me to
the login screen and gives a page not found error.

e.g. https://rthost.tld:8383/NoAuth/images/

Gives me an RT-generated “The page you requested could not be found |
Please check the URL and try again” page. In the process of
troubleshooting this NoAuth page problem I’ve setup a vhost for the
NoAuth pages, which is where they don’t execute.

I’m quite certain this is a simple matter but I"ve been having a
difficult time with it. What should the directives in Apache’s
httpd.conf look like for proper access to pages under /NoAuth/
directories?On Thu, Mar 4, 2010 at 3:41 PM, Zuckercorn, Barry zuckercorn.barry@gmail.com wrote:

I have done some additional troubleshooting and am still hitting a bit
of a snag.

I have pages created on our 3.6 RT install (apache 1.3) that read
similar to this:

…mumble…

<%PERL> my $tickets = new RT::Tickets($user); $tickets->LimitQueue(VALUE => 'QUEUENAME'); $tickets->LimitStatus(VALUE => 'open'); $tickets->LimitStatus(VALUE => 'new'); $tickets->OrderBy(FIELD => 'id', ALIAS => 'main', ORDER => 'DESC'); % if ($tickets->Count) {

… mumble mumble…

<%INIT>
my $user = new RT::CurrentUser(‘guest’);
my $queue = new RT::Queue($user);
my $i=0;
my $restrict;
</%INIT>

This allows a user in our helpdesk to view a page of open issues in
this particular example. We authenticate them via htaccess/htpasswd
and just let them cruise a page of open issues because we don’t want
to expose the contents of the tickets to anyone that isn’t a user in
the system.

I’m open to suggestions on other ways of handling this but this is the
way it has been done historically but our 3.8 install doesn’t seem to
like it. It doesn’t actually execute any of the %PERL glue and just
spits it out into the contents of the page. I am not sure if this is
an Apache configuration issue, an RT configuration issue, or both.

I do have mod_perl activated in httpd.conf and we are using fastcgi
and mason_handler.fcgi for the application itself.

In httpd.conf I have been trying out various directives but this is
what it looks like as of now for /NoAuth:

<Location /NoAuth>
satisfy any
SetHandler perl-script
PerlOptions +ParseHeaders
Options +ExecCGI
allow from all

One more thing I forgot to add is that I can never access /NoAuth/ on
the same port as the RT application itself, it always returns me to
the login screen and gives a page not found error.

e.g. https://rthost.tld:8383/NoAuth/images/

Gives me an RT-generated “The page you requested could not be found |
Please check the URL and try again” page. In the process of
troubleshooting this NoAuth page problem I’ve setup a vhost for the
NoAuth pages, which is where they don’t execute.

I’m quite certain this is a simple matter but I"ve been having a
difficult time with it. What should the directives in Apache’s
httpd.conf look like for proper access to pages under /NoAuth/
directories?

Have you tried the configuration directives from the README included
with RT? You shouldn’t need any particular /NoAuth/ stanzas, other
than the NoAuth/images one, which is really just for performance
serving static files.

Also, you want to pick mod_perl or fastcgi, not try to use both of
them

-kevin> On Thu, Mar 4, 2010 at 3:41 PM, Zuckercorn, Barry zuckercorn.barry@gmail.com wrote:

I have done some additional troubleshooting and am still hitting a bit
of a snag.

I have pages created on our 3.6 RT install (apache 1.3) that read
similar to this:

…mumble…

<%PERL> my $tickets = new RT::Tickets($user); $tickets->LimitQueue(VALUE => 'QUEUENAME'); $tickets->LimitStatus(VALUE => 'open'); $tickets->LimitStatus(VALUE => 'new'); $tickets->OrderBy(FIELD => 'id', ALIAS => 'main', ORDER => 'DESC'); % if ($tickets->Count) {

… mumble mumble…

<%INIT>
my $user = new RT::CurrentUser(‘guest’);
my $queue = new RT::Queue($user);
my $i=0;
my $restrict;
</%INIT>

This allows a user in our helpdesk to view a page of open issues in
this particular example. We authenticate them via htaccess/htpasswd
and just let them cruise a page of open issues because we don’t want
to expose the contents of the tickets to anyone that isn’t a user in
the system.

I’m open to suggestions on other ways of handling this but this is the
way it has been done historically but our 3.8 install doesn’t seem to
like it. It doesn’t actually execute any of the %PERL glue and just
spits it out into the contents of the page. I am not sure if this is
an Apache configuration issue, an RT configuration issue, or both.

I do have mod_perl activated in httpd.conf and we are using fastcgi
and mason_handler.fcgi for the application itself.

In httpd.conf I have been trying out various directives but this is
what it looks like as of now for /NoAuth:

<Location /NoAuth>
satisfy any
SetHandler perl-script
PerlOptions +ParseHeaders
Options +ExecCGI
allow from all


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

2010 RT Training Sessions!
San Francisco, CA, USA - Feb 22 & 23
Dublin, Ireland - Mar 15 & 16
Boston, MA, USA - April 5 & 6
Washington DC, USA - Oct 25 & 26

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

One more thing I forgot to add is that I can never access /NoAuth/ on
the same port as the RT application itself, it always returns me to
the login screen and gives a page not found error.

e.g. https://rthost.tld:8383/NoAuth/images/

Gives me an RT-generated “The page you requested could not be found |
Please check the URL and try again” page. In the process of
troubleshooting this NoAuth page problem I’ve setup a vhost for the
NoAuth pages, which is where they don’t execute.

I’m quite certain this is a simple matter but I"ve been having a
difficult time with it. What should the directives in Apache’s
httpd.conf look like for proper access to pages under /NoAuth/
directories?

Have you tried the configuration directives from the README included
with RT? You shouldn’t need any particular /NoAuth/ stanzas, other
than the NoAuth/images one, which is really just for performance
serving static files.

Also, you want to pick mod_perl or fastcgi, not try to use both of
them.

I did remove my mod_perl load and I have looked at the README included
with RT. Under the fastcgi section the only reference to NoAuth is
this:

Alias /NoAuth/images/ /opt/rt3/share/html/NoAuth/images/

Which I have (though I changed the filesystem path to match my
install) in the Virtual Host configuration directive:

ServerName host.fqdn Alias /NoAuth/images/ /local/rt/rt-current/share/html/NoAuth/images/ Alias /NoAuth/resnet/ /local/rt/rt-current/share/html/NoAuth/resnet/ DocumentRoot "/local/rt/rt-current/share/html" ScriptAlias / /local/rt/rt3/bin/mason_handler.fcgi/

…mumble mumble SSL configuration… logs…

I added the /NoAuth/reset/ alias due to that url still not working.

If I try to go to https://host.fqdn:8383/NoAuth/resnet/index.html I am
getting a page that doesn’t render correctly in 3.8 but did in 3.6
(but again I moved from mod_perl to fcgi and am not clear on the
impact this has on executing the perl inside the page)

Instead of building the nice HTML table with the open tickets for that
group to view it spits back the code:

<%$ticket->Id%>

Which used to fill a table cell with the ticket ID number. Or % print $CF1; where the IP address used to go, etc.

If this isn’t a supported mechanism (I inherited this RT system) is
there a way to provide local users access to the same type of data in
a page that can be protected with htaccess instead of browsing full
ticket details inside of RT?

Instead of building the nice HTML table with the open tickets for that
group to view it spits back the code:

   <%$ticket->Id%>

Which used to fill a table cell with the ticket ID number. Or % print $CF1; where the IP address used to go, etc.

If this isn’t a supported mechanism (I inherited this RT system) is
there a way to provide local users access to the same type of data in
a page that can be protected with htaccess instead of browsing full
ticket details inside of RT?

I suppose I should include the full contents of the page so you can
see what we were/are actually doing:

building.html:

Open Incidents at test.edu

Open Security Incidents by Building

<%PERL>
my $tickets = new RT::Tickets($user);
$tickets->OrderBy(FIELD => ‘id’, ALIAS => ‘main’, ORDER => ‘DESC’);
$tickets->LimitStatus(VALUE => ‘open’);
$tickets->LimitStatus(VALUE => ‘new’);
$tickets->LimitStatus(VALUE => ‘stalled’);
</%PERL>
% if ($tickets->Count) {

% while (my $ticket = $tickets->Next) {

% $status = 1;
% $building = 1;
% $restrict = 1;

% my $Field1 = $ticket->CustomFieldValues(11);

% while (my $Test1 = $Field1->Next()) {
% $status = $Test1->Content;
% }

% my $Field2 = $ticket->CustomFieldValues(3);

% while (my $Test2 = $Field2->Next()) {
% $building = $Test2->Content;
% }

% my $Field3 = $ticket->CustomFieldValues(13);

% while (my $Test3 = $Field3->Next()) {
% $restrict = $Test3->Content;
% $Test3 = 1;
% }

% if($building eq $bid && $restrict ne ‘True’) {
% $i++;

% my $CF; % my $CFValue; % $CF = $ticket->CustomFieldValues(1); while ($CFValue = $CF->Next()){$CF1=$CFValue->Content;} % $CF = $ticket->CustomFieldValues(5); while ($CFValue = $CF->Next()){$CF5=$CFValue->Content;} % $CF = $ticket->CustomFieldValues(2); while ($CFValue = $CF->Next()){$CF2=$CFValue->Content;} % $CF = $ticket->CustomFieldValues(3); while ($CFValue = $CF->Next()){$CF3=$CFValue->Content;} % $CF = $ticket->CustomFieldValues(6); while ($CFValue = $CF->Next()){$CF6=$CFValue->Content;} % $CF = $ticket->CustomFieldValues(10); while ($CFValue = $CF->Next()){$CF10=$CFValue->Content} % $CF = $ticket->CustomFieldValues(7); while ($CFValue = $CF->Next()){$CF7=$CFValue->Content;} % $CF = $ticket->CustomFieldValues(12); while ($CFValue = $CF->Next()){$CF12=$CFValue->Content}; % ($CF5,$CF6,$CF2,$CF3,$CF4,$CF10,$CF7,$CF12) = ("","","","","","","",""); % } % } % }
ID Subject Status

Created

IP Address MAC Port Room Building Category Network Status Jack userID
<%$ticket->Id%>

<%$ticket->Subject%>

<%$ticket->Status%> <% $ticket->CreatedObj->AsString %> % print $CF1; % print $CF5; % print $CF6; % print $CF2; % print $CF3; % print $CF10; % print $status; % print $CF7;

% print $CF12;

%if ($i == 0){

There are currently no disabled ports in this building. %} <%ARGS> $bid => undef

</%ARGS>

<%INIT>
my $user = new RT::CurrentUser(‘guest’);
my $queue = new RT::Queue($user);
my $i = 0;
my $status;
my $building;
my $restrict;
my $CF1; my $CF5; my $CF6; my $CF2; my $CF3; my $CF4; my $CF10; my
$CF7; my $CF12;
</%INIT>

end

It would be great if we didn’t need to develop a new set of pages to
get this type of view out to the helpdesk and building contacts, but
like I said I’m open to suggestions if there is a better way. I’m
very curious as to why this doesn’t work anymore in 3.8 with fastcgi
however.

One more thing I forgot to add is that I can never access /NoAuth/ on
the same port as the RT application itself, it always returns me to
the login screen and gives a page not found error.

e.g. https://rthost.tld:8383/NoAuth/images/

Gives me an RT-generated “The page you requested could not be found |
Please check the URL and try again” page. In the process of
troubleshooting this NoAuth page problem I’ve setup a vhost for the
NoAuth pages, which is where they don’t execute.

I’m quite certain this is a simple matter but I"ve been having a
difficult time with it. What should the directives in Apache’s
httpd.conf look like for proper access to pages under /NoAuth/
directories?

Have you tried the configuration directives from the README included
with RT? You shouldn’t need any particular /NoAuth/ stanzas, other
than the NoAuth/images one, which is really just for performance
serving static files.

Also, you want to pick mod_perl or fastcgi, not try to use both of
them.

I did remove my mod_perl load and I have looked at the README included
with RT. Under the fastcgi section the only reference to NoAuth is
this:

Alias /NoAuth/images/ /opt/rt3/share/html/NoAuth/images/

Which I have (though I changed the filesystem path to match my
install) in the Virtual Host configuration directive:

ServerName host.fqdn Alias /NoAuth/images/ /local/rt/rt-current/share/html/NoAuth/images/ Alias /NoAuth/resnet/ /local/rt/rt-current/share/html/NoAuth/resnet/

This rather explicitly tells apache not to pass the resnet pages
through RT, so I’m hardly surprised that it is failing.

-kevin

ServerName host.fqdn Alias /NoAuth/images/ /local/rt/rt-current/share/html/NoAuth/images/ Alias /NoAuth/resnet/ /local/rt/rt-current/share/html/NoAuth/resnet/

This rather explicitly tells apache not to pass the resnet pages
through RT, so I’m hardly surprised that it is failing.

The only reason I tried that was because RT is not presenting
/NoAuth/resnet correctly. When I remove that line and so that the
only non-SSL-related directives are:

ServerName host.fqdn Alias /NoAuth/images/ /local/rt/rt-current/share/html/NoAuth/images/ DocumentRoot "/local/rt/rt-current/share/html" ScriptAlias / /local/rt/rt3/bin/mason_handler.fcgi/

<Location /NoAuth/images>
SetHandler default-handler

It doesn’t allow a request for /NoAuth/resnet/index.html to be
processed at all – I get an RT page that says the file isn’t found.

If I just request /NoAuth/resnet/ it generates the page but doesn’t
execute any of the perl needed to create the table like it does on our
production system.

This ( http://farm3.static.flickr.com/2769/4408373509_40b85ff521.jpg )
is a window-grab that shows a browser window of how it looks when
requesting /NoAuth/resnet/ from RT to better illustrate what I’m
seeing in the hopes that it shows something useful to you (or anyone else)!

If you don’t want to view the image I’ll paste what is generated:

New & Open Resnet Tickets.
<%PERL> my $tickets = new RT::Tickets($user);
$tickets->LimitQueue(VALUE => ‘resnet’); $tickets->LimitStatus(VALUE
=> ‘open’); $tickets->LimitStatus(VALUE => ‘new’);
$tickets->OrderBy(FIELD => ‘id’, ALIAS => ‘main’, ORDER => ‘DESC’); %
if ($tickets->Count) { %while (my $ticket = $tickets->Next) { %
$restrict = 1; %my $Field1 = $ticket->CustomFieldValues(13); % while
(my $Test1 = $Field1->Next()) { % $restrict = $Test1->Content; % }
%if($restrict ne ‘True’) { % $i++; % } % } % }

(and then the HTML table with <%$ticket->Id%> under ID,
<%$ticket->Subject%> under Subject, etc.

So it looks to me like the perl isn’t being executed at all but I
don’t know why.

This is the last blocker I have before I can deploy 3.8, I have
everything else working as before except for these pages. Thank you
again for taking the time to assist.

ServerName host.fqdn Alias /NoAuth/images/ /local/rt/rt-current/share/html/NoAuth/images/ Alias /NoAuth/resnet/ /local/rt/rt-current/share/html/NoAuth/resnet/

This rather explicitly tells apache not to pass the resnet pages
through RT, so I’m hardly surprised that it is failing.

The only reason I tried that was because RT is not presenting
/NoAuth/resnet correctly. When I remove that line and so that the
only non-SSL-related directives are:

ServerName host.fqdn Alias /NoAuth/images/ /local/rt/rt-current/share/html/NoAuth/images/ DocumentRoot "/local/rt/rt-current/share/html" ScriptAlias / /local/rt/rt3/bin/mason_handler.fcgi/

<Location /NoAuth/images>
SetHandler default-handler

It doesn’t allow a request for /NoAuth/resnet/index.html to be
processed at all – I get an RT page that says the file isn’t found.

I suggest you work with that error, and read your logs.
Your problem is that the file is being served by apache, not RT’s
mason handler.

-kevin