hoffies blog

lighttpd is a really nice webserver, but many people don’t find it useful for their purposes (often web hosting) because it doesn’t support per-directory configs. padeprops means “path-dependent properties” and is a tool which scans for such per-directory config files for lighttpd, similar to Apache’s .htaccess files, and should finally solve that issue (at least as long as you do not need files which change the behaviour of the web server immediately).

What currently works

• scan.py scans a given list of directories and processes .lighttpd files (lighttpd config syntax)
• the content of the file is parsed to ensure that the syntax is valid
• every used config key (such as server.document-root etc.) is checked against an access control list
• the access control list consists of a path and a list of allowed config keys (backlist/whitelist possible)

Drawbacks (compared to apache)

• .htaccess file format is not yet possible, but as the tool was developed with modularity in mind, it will be possible in the future
• changes are not immediate: this is the biggest disadvantage. Currently you need a cronjob which executes cron.sh (which itself calls ./scan.py and reloads lighttpd if there were changes)
• Needs lighttpd-1.5 or a patched lighttpd-1.4

Where to get it?

Currently there are no tarballs available. You can grab a first development snapshot (all features for 0.1 are implemented but there has hardly be done any testing) at svn://dev.hoffie.info/projects/lighttpd-padeprops

How to setup

While lighttpd-1.5 is becoming really neat it’s still in development at the time of writing. But sadly lighttpd-1.5 is a requirement to get padeprops working because it introduces the new $PHYSICAL[“path”] conditional which is heavily used by padeprops. Fortunately there is still a way to get it working with 1.4(.13): Patch it. I extracted a patch from the changeset between the two 1.5 revisions: http://home.hoffie.info/static/lighttpd-1.4-physical-path.patch

Getting a lighttpd which supports $PHYSICAL[“path”] was already the hardest bit, the rest is just about configuring padeprops: The supplied lighttpd-padeprops.conf should be pretty straightforward as I commented it pretty well, imo (in comparison to the rest of the code *cough*, btw better don’t look at parsers/lighttpd.py as the code is quite complex, hard-to-read and long :().

As it is written in Python, you obviously need a python interpreter. :)

Then do a test run by executing ./cron.sh and see whether it works. If everything went fine, you can set up a cronjob to execute ./cron.sh regularly. Also configure lighttpd (in your main config file, lighttpd.conf) to include the file which is generated by padeprops. By default it’s stdout which is not that useful, better choose something like lighttpd-perdirectory.conf or something.

Feedback

I’d really appreciate some feedback. I have written this because again and again it was asked on #lighttpd if there was a counterpart for .htaccess. We had to tell people that there are no or only very very simple implementations (which do not have validation or protection against malicious users at all). I want to know whether you like the principle (of not having a lighttpd module but an external solution), the implementation and if I should continue to work on it. I was planning to implement a parser for apache-style syntax in .htaccess files as well, but currently I don’t have the time for it and don’t know whether this would be useful or not. Many things in lighttpd are handled differently than in Apache (just look at mod_rewrite, Apache has [QSA], in lighttpd you can match against the query string; I like the latter idea more, but it’s still a difference and conversion is not easily possible without human intervention). So, please comment on it!

Development

Currently only more testing is important. Maybe I will be adding a parser for apache-style .htaccess files, but as already said above, I could need a bit help in that area. Feel free to contact me.