Authorization is based on username/password stored in database.
First of all I authenticate user and afterwards redirection is done.
I have following RewriteRule but it does not work at all.
RewriteRule ^/([^/]+)$ ${unity:$1|/$1} [L]
RewriteRule ^/([^/]+)/(.*) ${unity:$1|/opt/apache/htdocs/ssldocs/$1}/$2 [L]
which is used for my module and
in location is:
Location /PAC/
ProxyPass http://192.168.187.150:8080/PACCBAdmin
ProxyPassReversehttp://192.168.187.150:8080/PACCBAdmin/
ProxyPassReverseCookiePath /PACCBAdmin/PAC
Order Allow,Deny
Allow from all
/Location
I hope that it is correct.
BR
Petr
2010/4/23 Jeffrey E Burgoyne burgo...@keenuh.com
I think that would require two modules as the authorization and redirect
hooks happen at different phases. I've actually written modules for both
of these phases, it is pretty easy as far as modules go. And remember, the
authorization module will ALWAYS be called before the redirection modules,
so you already know if you hit your redirection module that authorization
was correct.
You may not, however, have to write a module. You may be able to use one
of the already provided auth modules plus mod_rewrite to do this.
Now your authorization, is it based on a username/password, or some other
restriction (i.e. connecting IP)?
If username/password, is it basic authentication controlled? If not, I've
no experience in that area. If it is, then what is the DB used?
Thanks but I forgott to mentioned that my module makes an authorization
against database and I would like to catch that if user access some proxy
than first of all he has to be authorized by my module and afterwards it
will be redirect to the proxy. Is it possible to do that somehow?
Thanks
2010/4/23 Jeffrey E Burgoyne burgo...@keenuh.com
I'm not using it in a specific module, although you easily could.
I'm not at work today, but it goes something like this :
I want to force all hits to go through our front end web server which
acts
as a reverse proxy to the back end apache server. The logic is if there
is
no X_FORWARDED_FOR (meaning it was not proxied), then redirect the hit
to
the front end reverse proxy server. I used the logic that if the
X_FORWARDED_FOR did not start with 1-9 then it was not a valid proxied
request :
RewriteCond %{X_FORWARDED_FOR} !^[1-9]
RewriteRule /(.*) http://proxiedhost.ca/$1 [R,L]
For your module you can access the headers from the request pool and
look
for X_FORWARDED_FOR.
Note it may be more complicated depending on your setup. Some load
balancers put that value into the HTTP stream, so you may have to
account
for that. If it runs through multiple proxies (perhaps including a load
balancer), the IP's will be list form comma seperated.
Note too I have DNS lookups off, so if you have them on I suspect you
would get the DNS name, not the IP, but I cannot say with 100%
certainty.
for example,
if a client from 192.168.2.10 access 10.10.10.10, the web server sees :
connecting IP - 192.168.2.10
X_FORWARDED_HEADER - blank
If the server at 10.10.10.10 proxies to 10.20.20.20 the web server at
the
.20 address sees :
connecting IP - 10.10.10.01
X_FORWARDED_HEADER - 192.168.2.10
How do you have configured RewriteRule together with your own module?
Could you please send me more details or example?
Thanks
Petr
2010/4/23 Jeffrey E Burgoyne burgo...@keenuh.com
I use the environment variable X_FORWARDED_FOR
http://en.wikipedia.org/wiki/X-Forwarded-For
with mod_rewrite to determine if it came via a proxy or not.
It may be of use to you.
2010/4/22 Petr Hracek phrac...@gmail.com
Hello *,
I hope that I am sending those question to the correct discussion
list.
In my Apache2 (2.2.3) configuration file I have:
VirtualHost _default_:443
SSLEngine on
DocumentRoot /opt/apache/htdocs/ssldocs
ProxyPass /PAC/ http://192.168.187.101:8080/PACCBAdmin
ProxyPassReverse/PAC/
http://192.168.187.150:8080/PACCBAdmin/
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
RewriteMap unity txt:/opt/apache/conf/unity.map
RewriteRule ^/([^/]+)$ ${unity:$1|/$1} [L]
RewriteRule ^/([^/]+)/(.*)
${unity:$1|/opt/apache/htdocs/ssldocs/$1}/$2
[L]
RewriteLog /var/log/apache2/rewrite_log
RewriteLogLevel 3
Location /PAC/
ProxyPassReverseCookiePath /PACCBAdmin /PAC
Order Allow,Deny
Allow from all
/Location
/VirtualHost
In the my modules which takes care about AAA, Security issues,
etc.
I would like to catch in my module when URL contains /PAC/ (which
means
that this is proxy) than it tell to module that this request is
not a
bussiness for them.
Is it possible to do that