Hi Jozef, I have done this using mod wsgi. But your stack should be a bit bigger.
Nginx Redis Apache ModWsgi 1. Catch requests with nginx server and location. Proxy them to a specific apache virtual host (ideally using a dedicated port rather than servername). 2. Have WSGIScriptAlias catch all of these requests. Verify authentication. 3. Return x-accel-redirect header to nginx instructing it to serve from your other location which is marked as private. 4. This alternate location or locations can serve content directly or even reproxy to apache. We use it for protecting trees of static content including every asset. Suggest using redis to cache auth info for extra speed. While this may seem inefficient you need to remember that mod wsgi overhead is very small and a basic hello world script can benchmark at 8000 requests per second (average server hardware). Nginx is screaming fast. Both of these intermediate handlers are likely much faster than php app at any rate. If you want config examples email me. Thanks. JG On Mar 19, 2014 6:59 AM, "Jozef Vesely" <[email protected]> wrote: > Hello, > > I am trying to implement something akin to mod_auth_tkt with mod_wsgi. > mod_auth_tkt intercepts apache access check hook to redirect user to login > page and set auth cookies. > > When I looked at mod_wsgi possibilities it seems that access hook's > response is limited to True/False. How do I redirect or set auth cookie > without access to response headers? > > I could do it as a wsgi middle-ware but I want it to work transparently > for any content served by apache: static files, cgi, php.... > (It would be possible to wrap those in the wsgi app as well but hey than I > don't need apache anymore...) > > Thanks for hints > > Jozef > > > > -- > You received this message because you are subscribed to the Google Groups > "modwsgi" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/modwsgi. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "modwsgi" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/modwsgi. For more options, visit https://groups.google.com/d/optout.
