On 5/1/12 3:35 PM, Van Doorn, Jan R wrote:
Hello,
I looked in the documentation, tried some different remap configs, but
can't make it do what I want...
I'd like to use the stats_over_http plugin, but restrict the clients
that can get to it to just a couple of addresses. Is that possible? What
is the best way to that?
No way at this point. I was thinking of adding a small config to this
plugin, which could allow for various levels of strength:
/__stats X-TS-Stats-Auth Secret
or (stronger)
/__stats X-TS-Stats-Auth-IP Secret
Where the header value is some cryptographic checksum of secret + client IP
(making replay attacks much harder). E.g. SHA1(secret+client-ip).
In the first case, the request would simply include e.g.
X-TS-Stats-Auth: A-Secret-String
and in the second, e.g.
X-TS-Stats-Auth-IP: abfd6a4da7ae42a126e915b55395838f7fe5efe2
The other option is to do some real authentication mechanisms around this,
but the above would be pretty close to trivial to implement (i.e. a few
hours at the most). Also, if done over HTTPS, it'd be difficult to intercept
even the simple, token secret (and, you can pick a path and header of your
own choosing to do more security by obscurity :).
Thoughts?
-- Leif
