On, or in the near vicinity of Wed, 18 Jun 2003 18:34:09 -0700 (PDT)
Mustafa Tan <musnat@[...].com>  has thus spoken:

>  Another question is that, why hosting guys avoid using
>  mod_perl. Is it just because mod_perl is memory
>  hungry? 
>  

One reason I've heard is because of namespace security issues.  Ie. if ISPs
allow all their users access to mod_perl on the same Apache server, then any
user can potentially interfere with/have access to other users' mod_perl
modules.  Don't know if this is a really valid reason (it seems with
Apache::Registry this would not be a problem), it's just something I've heard.

Has anyone in the mod_perl community given namespace security much thought?

>  Finally how can I dynamically ban an ip address in
>  mod_perl. For example, normally you can specify
>  certain ip addresses with Allow, Deny directives. How
>  can I do that dynamically using mod_perl.
>  

You would need to write your own AuthzHandler, and specify it with a
PerlAuthzHandler directive in your Apache conf file.  See the mod_perl
docs/guide/books etc.  Very briefly, you'll want to do something like:

package My::IPFilter;
use Apache::Constants qw(:common M_GET FORBIDDEN REDIRECT);
sub ip_filter {
  my ($class, $r) = @_;
  my $ip = $r-> connection->remote_ip;
  my @banned_ips = ('w.x.y.z', 'a.b.c.d', ...);
  if (grep($ip eq $_, @banned_ips)) {
    return FORBIDDEN;
  }
  return OK;
}

Then, in your httpd.conf:

<Location "/secure_uris"> 
  SetHandler perl-script
  PerlAuthzHandler My::IPFilter-> ip_filter
</Location> 

This is a very minimal example of what you need, just to get you started in the
right direction - you should consult the docs to get you further.  You may want
to use "require" statements in your conf file, in which case you'll need more
than that.  I recommend Apache::AuthCookie as it has good builtin support for
custom require methods in mod_perl.

-Adi