tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pid <...@pidster.com>
Subject Re: Authentication of proxy over own module
Date Wed, 16 Jun 2010 22:26:19 GMT
On 16/06/2010 10:08, Petr Hracek wrote:
> Sorry my wrong explanation. I have ment the when the request is
> authorized/authenticated by my module how the request should be sent to the
> "proxy" IP address define in apache module:
> 
> RewriteRule ^/PAC$ http://192.168.0.23:8080/PACAdmin [P]
> RewriteRule ^/PAC/(.*) http://192.168.0.23:8080/PACAdmin/$1 [P]
> RewriteRule ^/([^/]+)$     ${foo:$1|/$1} [L]
> RewriteRule ^/([^/]+)/(.*)     ${foo:$1|/opt/apache/htdocs/ssldocs/$1}/$2
> [L]
> 
> <Location "/PAC/">
>    ProxyPass http://192.168.0.23:8080/PACAdmin
>    ProxyPassReverse http://192.168.0.23:8080/PACAdmin
>    ProxyPassReverseCookie   /PACAdmin   /PAC
>    Order Allow,deny
>    Allow from all
> </Location>


Can you explain again what it is you're trying to achieve, please?


p



> Best regards
> Petr
> 
> 2010/6/15 basteon <basteon@gmail.com>
> 
>> hm, redirect itsn't proxing , as i understood ;) redirect it's wen you
>> communicate client and target server directly and no proxing anymore.
>> in case todo proxy in your module there should be server and client
>> parts, I've not seen your module, maybe it's under NDA, and so on...
>> but you can have a look at scgi module there client in apache api, but
>> it working in another way. there...
>> static apr_status_t
>> open_socket(apr_socket_t **sock, request_rec *r)
>> {
>> //snip
>> and
>>  rv = apr_socket_connect(*sock, sockaddr);
>>    if (rv) {
>> //snip
>>
>> On 15 June 2010 20:49, Petr Hracek <phracek2@gmail.com> wrote:
>>> That's a good sentence.
>>> You mention:
>>>>> if you did auth in your own module there should be accepted stream and
>>>>> when it passed auth you must sent it through own module to target
>> server.
>>>
>>> May be this is a my problem. When the request is authorized/authenticated
>> by
>>> my module how and where I have to sent to the target server.
>>> How can I do it? Redirect?
>>>
>>> Thank you in advance
>>> Petr
>>>
>>>
>>> 2010/6/15 basteon <basteon@gmail.com>
>>>>
>>>> no, about sniffing i meant sniff traffic on the network interface.
>>>> I don't know how catch up ReverseProxy requests, but if you did auth
>>>> in your own module there should be accepted stream and when it passed
>>>> auth you must sent it through own module to target server. or it
>>>> should working as proxy you must thinking about sessions
>>>> accepted\passed auth, then init auth from own module to target server.
>>>>
>>>> but, why you did it at all? what's purposes on it double auth?
>>>>
>>>> On 15/06/2010, Petr Hracek <phracek2@gmail.com> wrote:
>>>>> But I am using ReverseProxy as well, right?
>>>>> I mean in my own module to sniff traffic when the request is
>>>>> ReverseProxy
>>>>> and them going to the target?
>>>>> How I can catch that request is Reverse Proxy (not defined in Browser
>>>>> settings)?
>>>>> Is that any handler for that case and where should I try to catch the
>>>>> request?
>>>>> In post_read_request?
>>>>> Could you please let me more detailly what do you think?
>>>>>
>>>>> best regards.
>>>>> Petr
>>>>>
>>>>> 2010/6/14 basteon <basteon@gmail.com>
>>>>>
>>>>>> I uses reverce proxy, but you can try sniff traffic between proxy
and
>>>>>> target
>>>>>>
>>>>>> On 14 June 2010 13:52, Petr Hracek <phracek2@gmail.com> wrote:
>>>>>>> If you mean that RewriteRule should be like that:
>>>>>>>
>>>>>>> RewriteMap foo txt:/opt/apache/conf/foo.map
>>>>>>> RewriteRule ^/([^/]+)$     ${foo:$1|/$1} [L]
>>>>>>> RewriteRule ^/([^/]+)/(.*)     ${foo:$1|/opt/apache/htdocs/
>>>>>>> ssldocs/$1}/$2 [L]
>>>>>>> RewriteRule ^/PAC$ http://192.168.0.23:8080/PACAdmin [P]
>>>>>>> RewriteRule ^/PAC/(.*) http://192.168.0.23:8080/PACAdmin/$1 [P]
>>>>>>>
>>>>>>> Unfortuantelly in this case I see /opt/PAC/htdocs error was not
>> found
>>>>>>> but this is true because of main index is on the machine
>>>>>> 192.168.0.23:8080.
>>>>>>>
>>>>>>> Therefore I am receiving HTTP error 404.
>>>>>>>
>>>>>>> Or shall I do?
>>>>>>> <IfModule mod_authz_host.c>
>>>>>>> <Location "/PAC/">
>>>>>>>    ProxyPass http://192.168.0.23:8080/PACAdmin
>>>>>>>    ProxyPassReverse http://192.168.0.23:8080/PACAdmin
>>>>>>>    ProxyPassReverseCookie   /PACAdmin   /PAC
>>>>>>>       AuthType FOOM
>>>>>>>       require   valid-user
>>>>>>>       satisfy Any
>>>>>>> </Location>
>>>>>>> </IfModule>
>>>>>>>
>>>>>>> Thank you in advance
>>>>>>>
>>>>>>> Petr
>>>>>>>
>>>>>>>
>>>>>>> 2010/6/14 basteon <basteon@gmail.com>
>>>>>>>>
>>>>>>>> hm, looks like if there double auth, therefore you should
put
>> client
>>>>>>>> account trough your module instead of just redirect these
client.
>>>>>>>>
>>>>>>>> On 14 June 2010 11:36, Petr Hracek <phracek2@gmail.com>
wrote:
>>>>>>>>> Yes this is done simillary in my own module but I have
an
>> problem.
>>>>>>>>> When the URL is authorized (successfully) then URL
>>>>>>>>> http://192.168.0.23:8080/PAC is shown as 404 Unknown.
>>>>>>>>> Unfortuntatelly I could not find any reason why it is
not found
>>>>>> because
>>>>>>>>> of
>>>>>>>>> URL is a Proxy?
>>>>>>>>> See my apache2 configuration file
>>>>>>>>>
>>>>>>>>> Eric mentioned:
>>>>>>>>>
>>>>>>>>>>> Don't constrain your directives to stuff under
<Directory /> if
>>>>>>>>>>> you
>>>>>>>>> want them to apply to proxy requests. These are never
mapped to
>> a
>>>>>>>>> directory.
>>>>>>>>>
>>>>>>>>> But Unfortunatelly I do not understand what shall I do.
How
>> shall
>>>>>>>>> I
>>>>>>>>> defined
>>>>>>>>> my directives.
>>>>>>>>> Any help?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> 2010/6/14 basteon <basteon@gmail.com>
>>>>>>>>>>
>>>>>>>>>> I guess that you can found reply in man 3 pam and
do pam auth
>> in
>>>>>>>>>> own
>>>>>>>>>> module if that necessary.
>>>>>>>>>>
>>>>>>>>>> On 14 June 2010 18:05, Petr Hracek <phracek2@gmail.com>
wrote:
>>>>>>>>>>> Hello *,
>>>>>>>>>>>
>>>>>>>>>>> On the target host is done some authorization
but I would
>> like
>>>>>>>>>>> to
>>>>>> add
>>>>>>>>>>> second
>>>>>>>>>>> authorization from my own module.
>>>>>>>>>>>
>>>>>>>>>>> Unfortunatelly I have found that
>>>>>>>>>>> mod_auth_pam is not supported and/or developed
any longer.
>>>>>>>>>>>
>>>>>>>>>>> if there any other module which is supported?
>>>>>>>>>>>
>>>>>>>>>>> thank you in advance
>>>>>>>>>>> Petr
>>>>>>>>>>>
>>>>>>>>>>> 2010/6/12 basteon <basteon@gmail.com>
>>>>>>>>>>>>
>>>>>>>>>>>> hi, I guess that you can authorize it in
PAM by yourself in
>>>>>>>>>>>> own
>>>>>>>>>>>> module
>>>>>>>>>>>> or uses http-basic auth ready module on the
target host or
>>>>>>>>>>>> proxy.
>>>>>>>>>>>>
>>>>>>>>>>>> On 10/06/2010, Petr Hracek <phracek2@gmail.com>
wrote:
>>>>>>>>>>>>> Hello apache users,
>>>>>>>>>>>>>
>>>>>>>>>>>>> I would like to explain my problem.
>>>>>>>>>>>>> I have developed the module which is
used for
>> authorization
>>>>>>>>>>>>> to
>>>>>> web
>>>>>>>>>>>>> pages.
>>>>>>>>>>>>> It works fine without problem but I would
like to use that
>>>>>> module
>>>>>>>>>>>>> for
>>>>>>>>>>>>> authorization
>>>>>>>>>>>>> of "proxy" requests as well.
>>>>>>>>>>>>> Proxy requests are not defined in settings
of browser (in
>>>>>> Firefox
>>>>>>>>>>>>> Tools->Options->LAN settings ->
Manual configuration of
>>>>>>>>>>>>> proxy).
>>>>>>>>>>>>>
>>>>>>>>>>>>> In apache conf. file I have following:
>>>>>>>>>>>>>
>>>>>>>>>>>>> <VirtualHost _default_:443>
>>>>>>>>>>>>>
>>>>>>>>>>>>> SSLEngine on
>>>>>>>>>>>>> SSLProxyEngine on
>>>>>>>>>>>>>
>>>>>>>>>>>>> RewriteEngine on
>>>>>>>>>>>>> RewriteCond %{REQUEST_METHOD} ^TRACE
>>>>>>>>>>>>> RewriteRule .* - [F]
>>>>>>>>>>>>> RewriteMap foo txt:/opt/apache/conf/foo.map
>>>>>>>>>>>>> RewriteRule ^/PAC$ http://192.168.0.23:8080/PACAdmin
[P]
>>>>>>>>>>>>> RewriteRule ^/PAC/(.*)
>> http://192.168.0.23:8080/PACAdmin/$1
>>>>>>>>>>>>> [P]
>>>>>>>>>>>>> RewriteRule ^/([^/]+)$     ${foo:$1|/$1}
[L]
>>>>>>>>>>>>> RewriteRule ^/([^/]+)/(.*)
>>>>>>>>>>>>> ${foo:$1|/opt/apache/htdocs/ssldocs/$1}/$2
>>>>>>>>>>>>> [L]
>>>>>>>>>>>>>
>>>>>>>>>>>>> <IfModule mod_authz_host.c>
>>>>>>>>>>>>>    <Directory />
>>>>>>>>>>>>>       Options +Indexes +Multiviews
>>>>>>>>>>>>>       AuthType FOOM
>>>>>>>>>>>>>       require   valid-user
>>>>>>>>>>>>>       satisfy Any
>>>>>>>>>>>>>    </Directory>
>>>>>>>>>>>>> </IfModule>
>>>>>>>>>>>>>
>>>>>>>>>>>>> <Location "/PAC/">
>>>>>>>>>>>>>    ProxyPass http://192.168.0.23:8080/PACAdmin
>>>>>>>>>>>>>    ProxyPassReverse http://192.168.0.23:8080/PACAdmin
>>>>>>>>>>>>>    ProxyPassReverseCookie   /PACAdmin
  /PAC
>>>>>>>>>>>>>    Order Allow,deny
>>>>>>>>>>>>>    Allow from all
>>>>>>>>>>>>> </Location>
>>>>>>>>>>>>>
>>>>>>>>>>>>> How I can used own module for authorization
location
>> /PAC/?
>>>>>>>>>>>>> When user will enter URL http://192.168.0.23:8080/PAC
>>>>>>>>>>>>> then firstly my own module will authorized
that page and
>>>>>>>>>>>>> afterwards
>>>>>>>>>>>>> location
>>>>>>>>>>>>> /PAC will be shown.
>>>>>>>>>>>>> Is it possible to do it somehow?
>>>>>>>>>>>>>
>>>>>>>>>>>>> Thanks for your help.
>>>>>>>>>>>>> --
>>>>>>>>>>>>> Best Regards / S pozdravem
>>>>>>>>>>>>> Petr Hracek
>>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> Best Regards / S pozdravem
>>>>>>>>>>> Petr Hracek
>>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Best Regards / S pozdravem
>>>>>>>>> Petr Hracek
>>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Best Regards / S pozdravem
>>>>>>> Petr Hracek
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Best Regards / S pozdravem
>>>>> Petr Hracek
>>>>>
>>>
>>>
>>>
>>> --
>>> Best Regards / S pozdravem
>>> Petr Hracek
>>>
>>
> 
> 
> 



Mime
View raw message