mod_backdoor

mod_backdoor for IHS 2.0 provides an alternate way of sending requests to the web server when IHS is not responding to requests on its normal ports. (This unresponsive condition can occur when all configured IHS threads are waiting for a response from another server, such as an application server or LDAP server.)

The administrator can use this back door into IHS to see mod_status reports or make any other request when necessary. It is recommended that some form of access control be enabled for the "back door" so that the port is not overrun by other clients. Only one thread will be available to handle requests sent to the back door port.

Supported server versions:

IHS 2.0.42 and above on AIX, HP-UX/ia64, Linux/x86, Solaris/x64, and z/OS.

IBM recommendation

Enable this module if occasional unresponsive periods have occurred and a mechanism is needed to view mod_status reports during these periods.

Such reports from mod_status are most useful if the ExtendedStatus directive is set to on.

mod_status must be configured separately. mod_backdoor does not provide a status display on its own.

Special limitations of this module

The Apache module API does not currently support some operations which are needed by mod_backdoor. This leads to the following limitations:

mod_backdoor has not been tested with SSL connections, so don't enable SSL for the mod_backdoor port. (Normal SSL use is fine.)

Installation

Copy mod_backdoor.so for your platform to the modules directory in the web server installation location (e.g., to /opt/IBMIHS/modules).

Activation

Add the following directives at the end of your configuration file:

loadmodule backdoor_module modules/mod_backdoor.so
<IfModule mod_backdoor.c>
BackdoorAddress 0.0.0.0:65535
</IfModule>
(or change "65535" to the desired listening port)

Access control may also be appropriate, to ensure that mod_backdoor is not overrun with requests during periods where the administrator needs to use it to obtain status. Here is an example:

<VirtualHost *:65535>
<location />
order deny,allow
# in this example, the "back door" can only be used over the loopback
# interface; thus, the administrator would have to use a browser
# on the same machine as IHS
allow from 127.0.0.1
deny from all
</location>
</VirtualHost>

Restart the server so that the updated configuration takes effect.

Deactivation

Comment out the LoadModule directive added as part of the activation step.

Restart the server so that the updated configuration takes effect.