httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Petr Hracek <phrac...@gmail.com>
Subject [users@httpd] Re: Authentication of proxy over own module
Date Wed, 16 Jun 2010 09:10:27 GMT
Sorry my wrong explanation. I have ment the when the request is
authorized/authenticated by my module how the request should be sent to the
"proxy" IP address define in apache module:


RewriteRule ^/PAC$ http://192.168.0.23:8080/PACAdmin [P]
RewriteRule ^/PAC/(.*) http://192.168.0.23:8080/PACAdmin/$1 [P]
RewriteRule ^/([^/]+)$     ${foo:$1|/$1} [L]
RewriteRule ^/([^/]+)/(.*)     ${foo:$1|/opt/apache/htdocs/ssldocs/$1}/$2
[L]

<Location "/PAC/">
   ProxyPass http://192.168.0.23:8080/PACAdmin
   ProxyPassReverse http://192.168.0.23:8080/PACAdmin
   ProxyPassReverseCookie   /PACAdmin   /PAC
   Order Allow,deny
   Allow from all
</Location>

Best regards

hm, redirect itsn't proxing , as i understood ;) redirect it's wen you
>> communicate client and target server directly and no proxing anymore.
>> in case todo proxy in your module there should be server and client
>> parts, I've not seen your module, maybe it's under NDA, and so on...
>> but you can have a look at scgi module there client in apache api, but
>> it working in another way. there...
>> static apr_status_t
>> open_socket(apr_socket_t **sock, request_rec *r)
>> {
>> //snip
>> and
>>  rv = apr_socket_connect(*sock, sockaddr);
>>    if (rv) {
>> //snip
>>
>> On 15 June 2010 20:49, Petr Hracek <phracek2@gmail.com> wrote:
>> > That's a good sentence.
>> > You mention:
>> >>> if you did auth in your own module there should be accepted stream and
>> >>> when it passed auth you must sent it through own module to target
>> server.
>> >
>> > May be this is a my problem. When the request is
>> authorized/authenticated by
>> > my module how and where I have to sent to the target server.
>> > How can I do it? Redirect?
>> >
>> > Thank you in advance
>> > Petr
>> >
>> >
>> > 2010/6/15 basteon <basteon@gmail.com>
>> >>
>> >> no, about sniffing i meant sniff traffic on the network interface.
>> >> I don't know how catch up ReverseProxy requests, but if you did auth
>> >> in your own module there should be accepted stream and when it passed
>> >> auth you must sent it through own module to target server. or it
>> >> should working as proxy you must thinking about sessions
>> >> accepted\passed auth, then init auth from own module to target server.
>> >>
>> >> but, why you did it at all? what's purposes on it double auth?
>> >>
>> >> On 15/06/2010, Petr Hracek <phracek2@gmail.com> wrote:
>> >> > But I am using ReverseProxy as well, right?
>> >> > I mean in my own module to sniff traffic when the request is
>> >> > ReverseProxy
>> >> > and them going to the target?
>> >> > How I can catch that request is Reverse Proxy (not defined in Browser
>> >> > settings)?
>> >> > Is that any handler for that case and where should I try to catch the
>> >> > request?
>> >> > In post_read_request?
>> >> > Could you please let me more detailly what do you think?
>> >> >
>> >> > best regards.
>> >> > Petr
>> >> >
>> >> > 2010/6/14 basteon <basteon@gmail.com>
>> >> >
>> >> >> I uses reverce proxy, but you can try sniff traffic between proxy
>> and
>> >> >> target
>> >> >>
>> >> >> On 14 June 2010 13:52, Petr Hracek <phracek2@gmail.com> wrote:
>> >> >> > If you mean that RewriteRule should be like that:
>> >> >> >
>> >> >> > RewriteMap foo txt:/opt/apache/conf/foo.map
>> >> >> > RewriteRule ^/([^/]+)$     ${foo:$1|/$1} [L]
>> >> >> > RewriteRule ^/([^/]+)/(.*)     ${foo:$1|/opt/apache/htdocs/
>> >> >> > ssldocs/$1}/$2 [L]
>> >> >> > RewriteRule ^/PAC$ http://192.168.0.23:8080/PACAdmin [P]
>> >> >> > RewriteRule ^/PAC/(.*) http://192.168.0.23:8080/PACAdmin/$1
[P]
>> >> >> >
>> >> >> > Unfortuantelly in this case I see /opt/PAC/htdocs error was
not
>> found
>> >> >> > but this is true because of main index is on the machine
>> >> >> 192.168.0.23:8080.
>> >> >> >
>> >> >> > Therefore I am receiving HTTP error 404.
>> >> >> >
>> >> >> > Or shall I do?
>> >> >> > <IfModule mod_authz_host.c>
>> >> >> > <Location "/PAC/">
>> >> >> >    ProxyPass http://192.168.0.23:8080/PACAdmin
>> >> >> >    ProxyPassReverse http://192.168.0.23:8080/PACAdmin
>> >> >> >    ProxyPassReverseCookie   /PACAdmin   /PAC
>> >> >> >       AuthType FOOM
>> >> >> >       require   valid-user
>> >> >> >       satisfy Any
>> >> >> > </Location>
>> >> >> > </IfModule>
>> >> >> >
>> >> >> > Thank you in advance
>> >> >> >
>> >> >> > Petr
>> >> >> >
>> >> >> >
>> >> >> > 2010/6/14 basteon <basteon@gmail.com>
>> >> >> >>
>> >> >> >> hm, looks like if there double auth, therefore you should
put
>> client
>> >> >> >> account trough your module instead of just redirect these
client.
>> >> >> >>
>> >> >> >> On 14 June 2010 11:36, Petr Hracek <phracek2@gmail.com>
wrote:
>> >> >> >> > Yes this is done simillary in my own module but I
have an
>> problem.
>> >> >> >> > When the URL is authorized (successfully) then URL
>> >> >> >> > http://192.168.0.23:8080/PAC is shown as 404 Unknown.
>> >> >> >> > Unfortuntatelly I could not find any reason why it
is not found
>> >> >> because
>> >> >> >> > of
>> >> >> >> > URL is a Proxy?
>> >> >> >> > See my apache2 configuration file
>> >> >> >> >
>> >> >> >> > Eric mentioned:
>> >> >> >> >
>> >> >> >> >>>Don't constrain your directives to stuff under
<Directory />
>> if
>> >> >> >> >>> you
>> >> >> >> > want them to apply to proxy requests. These are never
mapped to
>> a
>> >> >> >> > directory.
>> >> >> >> >
>> >> >> >> > But Unfortunatelly I do not understand what shall
I do. How
>> shall
>> >> >> >> > I
>> >> >> >> > defined
>> >> >> >> > my directives.
>> >> >> >> > Any help?
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > 2010/6/14 basteon <basteon@gmail.com>
>> >> >> >> >>
>> >> >> >> >> I guess that you can found reply in man 3 pam
and do pam auth
>> in
>> >> >> >> >> own
>> >> >> >> >> module if that necessary.
>> >> >> >> >>
>> >> >> >> >> On 14 June 2010 18:05, Petr Hracek <phracek2@gmail.com>
>> wrote:
>> >> >> >> >> > Hello *,
>> >> >> >> >> >
>> >> >> >> >> > On the target host is done some authorization
but I would
>> like
>> >> >> >> >> > to
>> >> >> add
>> >> >> >> >> > second
>> >> >> >> >> > authorization from my own module.
>> >> >> >> >> >
>> >> >> >> >> > Unfortunatelly I have found that
>> >> >> >> >> > mod_auth_pam is not supported and/or developed
any longer.
>> >> >> >> >> >
>> >> >> >> >> > if there any other module which is supported?
>> >> >> >> >> >
>> >> >> >> >> > thank you in advance
>> >> >> >> >> > Petr
>> >> >> >> >> >
>> >> >> >> >> > 2010/6/12 basteon <basteon@gmail.com>
>> >> >> >> >> >>
>> >> >> >> >> >> hi, I guess that you can authorize it
in PAM by yourself in
>> >> >> >> >> >> own
>> >> >> >> >> >> module
>> >> >> >> >> >> or uses http-basic auth ready module
on the target host or
>> >> >> >> >> >> proxy.
>> >> >> >> >> >>
>> >> >> >> >> >> On 10/06/2010, Petr Hracek <phracek2@gmail.com>
wrote:
>> >> >> >> >> >> > Hello apache users,
>> >> >> >> >> >> >
>> >> >> >> >> >> > I would like to explain my problem.
>> >> >> >> >> >> > I have developed the module which
is used for
>> authorization
>> >> >> >> >> >> > to
>> >> >> web
>> >> >> >> >> >> > pages.
>> >> >> >> >> >> > It works fine without problem but
I would like to use
>> that
>> >> >> module
>> >> >> >> >> >> > for
>> >> >> >> >> >> > authorization
>> >> >> >> >> >> > of "proxy" requests as well.
>> >> >> >> >> >> > Proxy requests are not defined
in settings of browser (in
>> >> >> Firefox
>> >> >> >> >> >> > Tools->Options->LAN settings
-> Manual configuration of
>> >> >> >> >> >> > proxy).
>> >> >> >> >> >> >
>> >> >> >> >> >> > In apache conf. file I have following:
>> >> >> >> >> >> >
>> >> >> >> >> >> > <VirtualHost _default_:443>
>> >> >> >> >> >> >
>> >> >> >> >> >> > SSLEngine on
>> >> >> >> >> >> > SSLProxyEngine on
>> >> >> >> >> >> >
>> >> >> >> >> >> > RewriteEngine on
>> >> >> >> >> >> > RewriteCond %{REQUEST_METHOD} ^TRACE
>> >> >> >> >> >> > RewriteRule .* - [F]
>> >> >> >> >> >> > RewriteMap foo txt:/opt/apache/conf/foo.map
>> >> >> >> >> >> > RewriteRule ^/PAC$ http://192.168.0.23:8080/PACAdmin
[P]
>> >> >> >> >> >> > RewriteRule ^/PAC/(.*)
>> http://192.168.0.23:8080/PACAdmin/$1
>> >> >> >> >> >> > [P]
>> >> >> >> >> >> > RewriteRule ^/([^/]+)$     ${foo:$1|/$1}
[L]
>> >> >> >> >> >> > RewriteRule ^/([^/]+)/(.*)
>> >> >> >> >> >> > ${foo:$1|/opt/apache/htdocs/ssldocs/$1}/$2
>> >> >> >> >> >> > [L]
>> >> >> >> >> >> >
>> >> >> >> >> >> > <IfModule mod_authz_host.c>
>> >> >> >> >> >> >    <Directory />
>> >> >> >> >> >> >       Options +Indexes +Multiviews
>> >> >> >> >> >> >       AuthType FOOM
>> >> >> >> >> >> >       require   valid-user
>> >> >> >> >> >> >       satisfy Any
>> >> >> >> >> >> >    </Directory>
>> >> >> >> >> >> > </IfModule>
>> >> >> >> >> >> >
>> >> >> >> >> >> > <Location "/PAC/">
>> >> >> >> >> >> >    ProxyPass http://192.168.0.23:8080/PACAdmin
>> >> >> >> >> >> >    ProxyPassReverse http://192.168.0.23:8080/PACAdmin
>> >> >> >> >> >> >    ProxyPassReverseCookie   /PACAdmin
  /PAC
>> >> >> >> >> >> >    Order Allow,deny
>> >> >> >> >> >> >    Allow from all
>> >> >> >> >> >> > </Location>
>> >> >> >> >> >> >
>> >> >> >> >> >> > How I can used own module for authorization
location
>> /PAC/?
>> >> >> >> >> >> > When user will enter URL http://192.168.0.23:8080/PAC
>> >> >> >> >> >> > then firstly my own module will
authorized that page and
>> >> >> >> >> >> > afterwards
>> >> >> >> >> >> > location
>> >> >> >> >> >> > /PAC will be shown.
>> >> >> >> >> >> > Is it possible to do it somehow?
>> >> >> >> >> >> >
>> >> >> >> >> >> > Thanks for your help.
>> >> >> >> >> >> > --
>> >> >> >> >> >> > Best Regards / S pozdravem
>> >> >> >> >> >> > Petr Hracek
>> >> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > --
>> >> >> >> >> > Best Regards / S pozdravem
>> >> >> >> >> > Petr Hracek
>> >> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > --
>> >> >> >> > Best Regards / S pozdravem
>> >> >> >> > Petr Hracek
>> >> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > --
>> >> >> > Best Regards / S pozdravem
>> >> >> > Petr Hracek
>> >> >> >
>> >> >>
>> >> >
>> >> >
>> >> >
>> >> > --
>> >> > Best Regards / S pozdravem
>> >> > Petr Hracek
>> >> >
>> >
>> >
>> >
>> > --
>> > Best Regards / S pozdravem
>> > Petr Hracek
>> >
>>
>
>
>
> --
> Best Regards / S pozdravem
> Petr Hracek
>
2010/6/15 basteon <basteon@gmail.com>



-- 
Best Regards / S pozdravem
Petr Hracek

Mime
View raw message