On Sat, Aug 16, 2014 at 6:57 PM, Vivek Malik <[email protected]> wrote: > Hi, > > I would like to set up a configuration where users are required to > authenticate via a custom authentication web app before navigating to > the content backend. > > I was thinking on lines of haproxy server sending the request to the > auth server when a map entry is missing. When the user authenticates, > the authentication app will insert an entry into the haproxy map and > put a cookie in http response with same entry value. > > Questions: > a) Is it possible to make entries expire in map? > b) Does this design look feasible? > > Thanks for your input. I have used haproxy 1.4 quite a bit, but > haven't used 1.5/map feature/stick table yet. > > Regards, > Vivek >
Hi Vivek, You have the right design and almost the right configuration in HAProxy. HAProxy 1.5 just misses one feature: ability to lookup content in a table. This feature will be available in 1.6 (and is already developed, so you can give it a try in a POC). Basically, when the server generates the Cookie, you store it in a stick table, with the expiration time. Each time the client send a request, just slap the cookie value in the table, so its expiration time is reset. When the expiration time occurs, the cookie is automatically purged from the table, so HAProxy can forward the user to the authentication page. If the cookie is manually generated by the user, then it does not appear in the table, so HAProxy forward also the user to the authentication page. Baptiste
