On Mon, 1 Apr 2002, Fury wrote:
> I've recently reconfigured a web server to use the front-end proxy/back-end
> mod_perl configuration. One application runs happily on the mod_perl
> server, with static content being served from the proxy, and dynamic
> requests forwarded to the backend.
>
> However, I have a request to insert a bunch of static content onto the proxy
> server, which is fine. As an added requirement, the content is to be
> protected. Now, I could just use the standard Apache access files, but
> they're ugly, and get slow as they grow.
>
> Ideally, I'd like to use the backend database to hold the user information
> used for authentication. How can I configure the proxy (which doesn't have
> mod_perl) to authenticate against the back end?
>
> My first thoughts were to use mod_proxy to forward requests for
> /protected/login to the backend, where the authentication will be done.
> Then, just redirect the request to another URL behind /protected. The
> authentication information should be passed as part of the request, should
> it not? I'd also reverse proxy the URL's - I don't think this would work if
> I didn't.
mod_accel can do such authorization with directive AccelRevalidateUser.
Authorization can be done via HTTP Basic authorization or cookie.
If directive is active the following happens:
1. if there is no cached response then it request is passed to backend;
2 if backend reponses with 200 code then reponse is cached;
3. if there is cached reponse then request is passed to backend with
If-Modified-Since header that set to Last-Modified header of cached
reponse;
4. if backend reponses with code 304 or 200 then cached or received
reponse send to client;
5. if backend reponses with any other codes then reponse send to client
but cached reponse is not deleted.
But this feature is usefull only if backend authorization and
304 (Not Modified) generating is cheaper then full reponse (200) generating.
Igor Sysoev
igor @ sysoev.ru
