This README contains information specific to Red Hat's distribution of
mod_auth_mellon.
Diagnostic logging can be used to collect run time information to help
diagnose problems with your mod_auth_mellon deployment. Please see
the "Mellon Diagnostics" section in the Mellon User Guide for more
details.
Diagnostic logging adds overhead to the execution of
mod_auth_mellon. The code to emit diagnostic logging must be
compiled into mod_auth_mellon at build time. In addition the
diagnostic log file may contain security sensitive information which
should not normally be written to a log file. If you have a
version of mod_auth_mellon which was built with diagnostics you
can disable diagnostic logging via the MellonDiagnosticsEnable
configuration directive. However given human nature the potential to
enable diagnostic logging while resolving a problem and then forget to
disable it is not a situation that should exist by default. Therefore
given the overhead consideration and the desire to avoid enabling
diagnostic logging by mistake the Red Hat mod_auth_mellon RPM's
ship with two versions of the mod_auth_mellon Apache module.
mod_auth_mellon RPM contains the normal Apache module
/usr/lib*/httpd/modules/mod_auth_mellon.somod_auth_mellon-diagnostics RPM contains the diagnostic
version of the Apache module
/usr/lib*/httpd/modules/mod_auth_mellon-diagnostics.soBecause each version of the module has a different name both the
normal and diagnostic modules can be installed simultaneously without
conflict. But Apache will only load one of the two modules. Which
module is loaded is controlled by the
/etc/httpd/conf.modules.d/10-auth_mellon.conf config file which
has a line in it which looks like this:
LoadModule auth_mellon_module modules/mod_auth_mellon.so
To load the diagnostics version of the module you need to change the module name so it looks like this:
LoadModule auth_mellon_module modules/mod_auth_mellon-diagnostics.so
Don't forget to change it back again when you're done debugging.
You'll also need to enable the collection of diagnostic information, do this by adding this directive at the top of your Mellon conf.d config file or inside your virtual host config (diagnostics are per server instance):
MellonDiagnosticsEnable On
Note
Some versions of the Mellon User Guide have a typo in the name of
this directive, it incorrectly uses MellonDiagnosticEnable
instead of MellonDiagnosticsEnable. The difference is
Diagnostics is plural.
The Apache error_log will contain a message indicating how it
processed the MellonDiagnosticsEnable directive. If you loaded the
standard module without diagnostics you'll see a message like this:
MellonDiagnosticsEnable has no effect because Mellon was not compiled with diagnostics enabled, use ./configure --enable-diagnostics at build time to turn this feature on.
If you've loaded the diagnostics version of the module you'll see a
message in the error_log like this:
mellon diagnostics enabled for virtual server *:443 (/etc/httpd/conf.d/my_server.conf:7) ServerName=https://my_server.example.com:443, diagnostics filename=logs/mellon_diagnostics