tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Petr Hracek <phrac...@gmail.com>
Subject Re: Authentication of proxy over own module
Date Thu, 17 Jun 2010 09:32:17 GMT
Sorry I have posted to the wrong conference.
Add the end of this mail youc can find where I have a problem?

2010/6/17 Pid <pid@pidster.com>

> On 16/06/2010 10:08, Petr Hracek wrote:
> > Sorry my wrong explanation. I have ment the when the request is
> > authorized/authenticated by my module how the request should be sent to
> the
> > "proxy" IP address define in apache module:
> >
> > RewriteRule ^/PAC$ http://192.168.0.23:8080/PACAdmin [P]
> > RewriteRule ^/PAC/(.*) http://192.168.0.23:8080/PACAdmin/$1 [P]
> > RewriteRule ^/([^/]+)$     ${foo:$1|/$1} [L]
> > RewriteRule ^/([^/]+)/(.*)     ${foo:$1|/opt/apache/htdocs/ssldocs/$1}/$2
> > [L]
> >
> > <Location "/PAC/">
> >    ProxyPass http://192.168.0.23:8080/PACAdmin
> >    ProxyPassReverse http://192.168.0.23:8080/PACAdmin
> >    ProxyPassReverseCookie   /PACAdmin   /PAC
> >    Order Allow,deny
> >    Allow from all
> > </Location>
>
>
> Can you explain again what it is you're trying to achieve, please?
>
>
> p
>
>
>
> > Best regards
> > Petr
> >
> > 2010/6/15 basteon <basteon@gmail.com>
> >
> >> hm, redirect itsn't proxing , as i understood ;) redirect it's wen you
> >> communicate client and target server directly and no proxing anymore.
> >> in case todo proxy in your module there should be server and client
> >> parts, I've not seen your module, maybe it's under NDA, and so on...
> >> but you can have a look at scgi module there client in apache api, but
> >> it working in another way. there...
> >> static apr_status_t
> >> open_socket(apr_socket_t **sock, request_rec *r)
> >> {
> >> //snip
> >> and
> >>  rv = apr_socket_connect(*sock, sockaddr);
> >>    if (rv) {
> >> //snip
> >>
> >> On 15 June 2010 20:49, Petr Hracek <phracek2@gmail.com> wrote:
> >>> That's a good sentence.
> >>> You mention:
> >>>>> if you did auth in your own module there should be accepted stream
> and
> >>>>> when it passed auth you must sent it through own module to target
> >> server.
> >>>
> >>> May be this is a my problem. When the request is
> authorized/authenticated
> >> by
> >>> my module how and where I have to sent to the target server.
> >>> How can I do it? Redirect?
> >>>
> >>> Thank you in advance
> >>> Petr
> >>>
> >>>
> >>> 2010/6/15 basteon <basteon@gmail.com>
> >>>>
> >>>> no, about sniffing i meant sniff traffic on the network interface.
> >>>> I don't know how catch up ReverseProxy requests, but if you did auth
> >>>> in your own module there should be accepted stream and when it passed
> >>>> auth you must sent it through own module to target server. or it
> >>>> should working as proxy you must thinking about sessions
> >>>> accepted\passed auth, then init auth from own module to target server.
> >>>>
> >>>> but, why you did it at all? what's purposes on it double auth?
> >>>>
> >>>> On 15/06/2010, Petr Hracek <phracek2@gmail.com> wrote:
> >>>>> But I am using ReverseProxy as well, right?
> >>>>> I mean in my own module to sniff traffic when the request is
> >>>>> ReverseProxy
> >>>>> and them going to the target?
> >>>>> How I can catch that request is Reverse Proxy (not defined in Browser
> >>>>> settings)?
> >>>>> Is that any handler for that case and where should I try to catch
the
> >>>>> request?
> >>>>> In post_read_request?
> >>>>> Could you please let me more detailly what do you think?
> >>>>>
> >>>>> best regards.
> >>>>> Petr
> >>>>>
> >>>>> 2010/6/14 basteon <basteon@gmail.com>
> >>>>>
> >>>>>> I uses reverce proxy, but you can try sniff traffic between
proxy
> and
> >>>>>> target
> >>>>>>
> >>>>>> On 14 June 2010 13:52, Petr Hracek <phracek2@gmail.com>
wrote:
> >>>>>>> If you mean that RewriteRule should be like that:
> >>>>>>>
> >>>>>>> RewriteMap foo txt:/opt/apache/conf/foo.map
> >>>>>>> RewriteRule ^/([^/]+)$     ${foo:$1|/$1} [L]
> >>>>>>> RewriteRule ^/([^/]+)/(.*)     ${foo:$1|/opt/apache/htdocs/
> >>>>>>> ssldocs/$1}/$2 [L]
> >>>>>>> RewriteRule ^/PAC$ http://192.168.0.23:8080/PACAdmin [P]
> >>>>>>> RewriteRule ^/PAC/(.*) http://192.168.0.23:8080/PACAdmin/$1
[P]
> >>>>>>>
> >>>>>>> Unfortuantelly in this case I see /opt/PAC/htdocs error
was not
> >> found
> >>>>>>> but this is true because of main index is on the machine
> >>>>>> 192.168.0.23:8080.
> >>>>>>>
> >>>>>>> Therefore I am receiving HTTP error 404.
> >>>>>>>
> >>>>>>> Or shall I do?
> >>>>>>> <IfModule mod_authz_host.c>
> >>>>>>> <Location "/PAC/">
> >>>>>>>    ProxyPass http://192.168.0.23:8080/PACAdmin
> >>>>>>>    ProxyPassReverse http://192.168.0.23:8080/PACAdmin
> >>>>>>>    ProxyPassReverseCookie   /PACAdmin   /PAC
> >>>>>>>       AuthType FOOM
> >>>>>>>       require   valid-user
> >>>>>>>       satisfy Any
> >>>>>>> </Location>
> >>>>>>> </IfModule>
> >>>>>>>
> >>>>>>> Thank you in advance
> >>>>>>>
> >>>>>>> Petr
> >>>>>>>
> >>>>>>>
> >>>>>>> 2010/6/14 basteon <basteon@gmail.com>
> >>>>>>>>
> >>>>>>>> hm, looks like if there double auth, therefore you should
put
> >> client
> >>>>>>>> account trough your module instead of just redirect
these client.
> >>>>>>>>
> >>>>>>>> On 14 June 2010 11:36, Petr Hracek <phracek2@gmail.com>
wrote:
> >>>>>>>>> Yes this is done simillary in my own module but
I have an
> >> problem.
> >>>>>>>>> When the URL is authorized (successfully) then URL
> >>>>>>>>> http://192.168.0.23:8080/PAC is shown as 404 Unknown.
> >>>>>>>>> Unfortuntatelly I could not find any reason why
it is not found
> >>>>>> because
> >>>>>>>>> of
> >>>>>>>>> URL is a Proxy?
> >>>>>>>>> See my apache2 configuration file
> >>>>>>>>>
> >>>>>>>>> Eric mentioned:
> >>>>>>>>>
> >>>>>>>>>>> Don't constrain your directives to stuff
under <Directory /> if
> >>>>>>>>>>> you
> >>>>>>>>> want them to apply to proxy requests. These are
never mapped to
> >> a
> >>>>>>>>> directory.
> >>>>>>>>>
> >>>>>>>>> But Unfortunatelly I do not understand what shall
I do. How
> >> shall
> >>>>>>>>> I
> >>>>>>>>> defined
> >>>>>>>>> my directives.
> >>>>>>>>> Any help?
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> 2010/6/14 basteon <basteon@gmail.com>
> >>>>>>>>>>
> >>>>>>>>>> I guess that you can found reply in man 3 pam
and do pam auth
> >> in
> >>>>>>>>>> own
> >>>>>>>>>> module if that necessary.
> >>>>>>>>>>
> >>>>>>>>>> On 14 June 2010 18:05, Petr Hracek <phracek2@gmail.com>
wrote:
> >>>>>>>>>>> Hello *,
> >>>>>>>>>>>
> >>>>>>>>>>> On the target host is done some authorization
but I would
> >> like
> >>>>>>>>>>> to
> >>>>>> add
> >>>>>>>>>>> second
> >>>>>>>>>>> authorization from my own module.
> >>>>>>>>>>>
> >>>>>>>>>>> Unfortunatelly I have found that
> >>>>>>>>>>> mod_auth_pam is not supported and/or developed
any longer.
> >>>>>>>>>>>
> >>>>>>>>>>> if there any other module which is supported?
> >>>>>>>>>>>
> >>>>>>>>>>> thank you in advance
> >>>>>>>>>>> Petr
> >>>>>>>>>>>
> >>>>>>>>>>> 2010/6/12 basteon <basteon@gmail.com>
> >>>>>>>>>>>>
> >>>>>>>>>>>> hi, I guess that you can authorize it
in PAM by yourself in
> >>>>>>>>>>>> own
> >>>>>>>>>>>> module
> >>>>>>>>>>>> or uses http-basic auth ready module
on the target host or
> >>>>>>>>>>>> proxy.
> >>>>>>>>>>>>
> >>>>>>>>>>>> On 10/06/2010, Petr Hracek <phracek2@gmail.com>
wrote:
> >>>>>>>>>>>>> Hello apache users,
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> I would like to explain my problem.
> >>>>>>>>>>>>> I have developed the module which
is used for
> >> authorization
> >>>>>>>>>>>>> to
> >>>>>> web
> >>>>>>>>>>>>> pages.
> >>>>>>>>>>>>> It works fine without problem but
I would like to use that
> >>>>>> module
> >>>>>>>>>>>>> for
> >>>>>>>>>>>>> authorization
> >>>>>>>>>>>>> of "proxy" requests as well.
> >>>>>>>>>>>>> Proxy requests are not defined in
settings of browser (in
> >>>>>> Firefox
> >>>>>>>>>>>>> Tools->Options->LAN settings
-> Manual configuration of
> >>>>>>>>>>>>> proxy).
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> In apache conf. file I have following:
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> <VirtualHost _default_:443>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> SSLEngine on
> >>>>>>>>>>>>> SSLProxyEngine on
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> RewriteEngine on
> >>>>>>>>>>>>> RewriteCond %{REQUEST_METHOD} ^TRACE
> >>>>>>>>>>>>> RewriteRule .* - [F]
> >>>>>>>>>>>>> RewriteMap foo txt:/opt/apache/conf/foo.map
> >>>>>>>>>>>>> RewriteRule ^/PAC$ http://192.168.0.23:8080/PACAdmin
[P]
> >>>>>>>>>>>>> RewriteRule ^/PAC/(.*)
> >> http://192.168.0.23:8080/PACAdmin/$1
> >>>>>>>>>>>>> [P]
> >>>>>>>>>>>>> RewriteRule ^/([^/]+)$     ${foo:$1|/$1}
[L]
> >>>>>>>>>>>>> RewriteRule ^/([^/]+)/(.*)
> >>>>>>>>>>>>> ${foo:$1|/opt/apache/htdocs/ssldocs/$1}/$2
> >>>>>>>>>>>>> [L]
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> <IfModule mod_authz_host.c>
> >>>>>>>>>>>>>    <Directory />
> >>>>>>>>>>>>>       Options +Indexes +Multiviews
> >>>>>>>>>>>>>       AuthType FOOM
> >>>>>>>>>>>>>       require   valid-user
> >>>>>>>>>>>>>       satisfy Any
> >>>>>>>>>>>>>    </Directory>
> >>>>>>>>>>>>> </IfModule>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> <Location "/PAC/">
> >>>>>>>>>>>>>    ProxyPass http://192.168.0.23:8080/PACAdmin
> >>>>>>>>>>>>>    ProxyPassReverse http://192.168.0.23:8080/PACAdmin
> >>>>>>>>>>>>>    ProxyPassReverseCookie   /PACAdmin
  /PAC
> >>>>>>>>>>>>>    Order Allow,deny
> >>>>>>>>>>>>>    Allow from all
> >>>>>>>>>>>>> </Location>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> How I can used own module for authorization
location
> >> /PAC/?
> >>>>>>>>>>>>> When user will enter URL http://192.168.0.23:8080/PAC
> >>>>>>>>>>>>> then firstly my own module will
authorized that page and
> >>>>>>>>>>>>> afterwards
> >>>>>>>>>>>>> location
> >>>>>>>>>>>>> /PAC will be shown.
> >>>>>>>>>>>>> Is it possible to do it somehow?
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Thanks for your help.
> >>>>>>>>>>>>> --
> >>>>>>>>>>>>> Best Regards / S pozdravem
> >>>>>>>>>>>>> Petr Hracek
> >>>>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>> --
> >>>>>>>>>>> Best Regards / S pozdravem
> >>>>>>>>>>> Petr Hracek
> >>>>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> --
> >>>>>>>>> Best Regards / S pozdravem
> >>>>>>>>> Petr Hracek
> >>>>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> --
> >>>>>>> Best Regards / S pozdravem
> >>>>>>> Petr Hracek
> >>>>>>>
> >>>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> --
> >>>>> Best Regards / S pozdravem
> >>>>> Petr Hracek
> >>>>>
> >>>
> >>>
> >>>
> >>> --
> >>> Best Regards / S pozdravem
> >>> Petr Hracek
> >>>
> >>
> >
> >
> >
>
>
>


-- 
Best Regards / S pozdravem
Petr Hracek

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message