httpd-test-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jacek Prucia <jacek.pru...@7bulls.com>
Subject [PATCH] flood: basic user auth
Date Wed, 04 Sep 2002 16:40:39 GMT

Well... we have that in STATUS:

    * It would be nice if a url in a urllist could handle basic
      authentication.

...and now looks like people really need that. So here's quick'n'dirty
patch for RBC. Following URL uses basic auth:

<url user="Aladdin" password="open
sesame">http://localhost:8080/auth</url>

I can also prepare round-robin-auth.xml, but it would then require
public resource protected (?) with well-known username and password.
Maybe somebody can setup such a beast on www.apache.org? ;) To be honest
I was thinking about http://httpd.apache.org/test/flood/test/ (yeah...
this url is stupid... it is supposed to be just a proof of concept) with
a bunch of files there. We could then demonstrate anything flood is
capable of (regexp matches, failures, auth and this kind of stuff). With
such setup changes in google responses wouldn't be that bad ;))

BTW: This patch kinda suck. The proper way to do this would be to define
realms like this:

<realm>
   <name>test</name>
   <user>foo</user>
   <password>bar</password>
   <!-- if somebody want to simulate typing -->
   <delay>10</delay>
</realm>

...and react to WWW-Authenticate header just like browsers and other
tiny clients (like wget) do. And I think we want to mimic browser
behaviour. OTOH this brings up other issue -- an url list where we can
insert new urls in realtime (like is planned for 3xx responses), which
needs a bit more work...

regards,
-- 
Jacek Prucia
7bulls.com S.A.
http://www.7bulls.com/



Mime
View raw message