tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Petr Hracek <phrac...@gmail.com>
Subject Re: Authentication of proxy over own module
Date Wed, 16 Jun 2010 09:08:04 GMT
Sorry my wrong explanation. I have ment the when the request is
authorized/authenticated by my module how the request should be sent to the
"proxy" IP address define in apache module:

RewriteRule ^/PAC$ http://192.168.0.23:8080/PACAdmin [P]
RewriteRule ^/PAC/(.*) http://192.168.0.23:8080/PACAdmin/$1 [P]
RewriteRule ^/([^/]+)$     ${foo:$1|/$1} [L]
RewriteRule ^/([^/]+)/(.*)     ${foo:$1|/opt/apache/htdocs/ssldocs/$1}/$2
[L]

<Location "/PAC/">
   ProxyPass http://192.168.0.23:8080/PACAdmin
   ProxyPassReverse http://192.168.0.23:8080/PACAdmin
   ProxyPassReverseCookie   /PACAdmin   /PAC
   Order Allow,deny
   Allow from all
</Location>

Best regards
Petr

2010/6/15 basteon <basteon@gmail.com>

> hm, redirect itsn't proxing , as i understood ;) redirect it's wen you
> communicate client and target server directly and no proxing anymore.
> in case todo proxy in your module there should be server and client
> parts, I've not seen your module, maybe it's under NDA, and so on...
> but you can have a look at scgi module there client in apache api, but
> it working in another way. there...
> static apr_status_t
> open_socket(apr_socket_t **sock, request_rec *r)
> {
> //snip
> and
>  rv = apr_socket_connect(*sock, sockaddr);
>    if (rv) {
> //snip
>
> On 15 June 2010 20:49, Petr Hracek <phracek2@gmail.com> wrote:
> > That's a good sentence.
> > You mention:
> >>> if you did auth in your own module there should be accepted stream and
> >>> when it passed auth you must sent it through own module to target
> server.
> >
> > May be this is a my problem. When the request is authorized/authenticated
> by
> > my module how and where I have to sent to the target server.
> > How can I do it? Redirect?
> >
> > Thank you in advance
> > Petr
> >
> >
> > 2010/6/15 basteon <basteon@gmail.com>
> >>
> >> no, about sniffing i meant sniff traffic on the network interface.
> >> I don't know how catch up ReverseProxy requests, but if you did auth
> >> in your own module there should be accepted stream and when it passed
> >> auth you must sent it through own module to target server. or it
> >> should working as proxy you must thinking about sessions
> >> accepted\passed auth, then init auth from own module to target server.
> >>
> >> but, why you did it at all? what's purposes on it double auth?
> >>
> >> On 15/06/2010, Petr Hracek <phracek2@gmail.com> wrote:
> >> > But I am using ReverseProxy as well, right?
> >> > I mean in my own module to sniff traffic when the request is
> >> > ReverseProxy
> >> > and them going to the target?
> >> > How I can catch that request is Reverse Proxy (not defined in Browser
> >> > settings)?
> >> > Is that any handler for that case and where should I try to catch the
> >> > request?
> >> > In post_read_request?
> >> > Could you please let me more detailly what do you think?
> >> >
> >> > best regards.
> >> > Petr
> >> >
> >> > 2010/6/14 basteon <basteon@gmail.com>
> >> >
> >> >> I uses reverce proxy, but you can try sniff traffic between proxy and
> >> >> target
> >> >>
> >> >> On 14 June 2010 13:52, Petr Hracek <phracek2@gmail.com> wrote:
> >> >> > If you mean that RewriteRule should be like that:
> >> >> >
> >> >> > RewriteMap foo txt:/opt/apache/conf/foo.map
> >> >> > RewriteRule ^/([^/]+)$     ${foo:$1|/$1} [L]
> >> >> > RewriteRule ^/([^/]+)/(.*)     ${foo:$1|/opt/apache/htdocs/
> >> >> > ssldocs/$1}/$2 [L]
> >> >> > RewriteRule ^/PAC$ http://192.168.0.23:8080/PACAdmin [P]
> >> >> > RewriteRule ^/PAC/(.*) http://192.168.0.23:8080/PACAdmin/$1 [P]
> >> >> >
> >> >> > Unfortuantelly in this case I see /opt/PAC/htdocs error was not
> found
> >> >> > but this is true because of main index is on the machine
> >> >> 192.168.0.23:8080.
> >> >> >
> >> >> > Therefore I am receiving HTTP error 404.
> >> >> >
> >> >> > Or shall I do?
> >> >> > <IfModule mod_authz_host.c>
> >> >> > <Location "/PAC/">
> >> >> >    ProxyPass http://192.168.0.23:8080/PACAdmin
> >> >> >    ProxyPassReverse http://192.168.0.23:8080/PACAdmin
> >> >> >    ProxyPassReverseCookie   /PACAdmin   /PAC
> >> >> >       AuthType FOOM
> >> >> >       require   valid-user
> >> >> >       satisfy Any
> >> >> > </Location>
> >> >> > </IfModule>
> >> >> >
> >> >> > Thank you in advance
> >> >> >
> >> >> > Petr
> >> >> >
> >> >> >
> >> >> > 2010/6/14 basteon <basteon@gmail.com>
> >> >> >>
> >> >> >> hm, looks like if there double auth, therefore you should
put
> client
> >> >> >> account trough your module instead of just redirect these
client.
> >> >> >>
> >> >> >> On 14 June 2010 11:36, Petr Hracek <phracek2@gmail.com>
wrote:
> >> >> >> > Yes this is done simillary in my own module but I have
an
> problem.
> >> >> >> > When the URL is authorized (successfully) then URL
> >> >> >> > http://192.168.0.23:8080/PAC is shown as 404 Unknown.
> >> >> >> > Unfortuntatelly I could not find any reason why it is
not found
> >> >> because
> >> >> >> > of
> >> >> >> > URL is a Proxy?
> >> >> >> > See my apache2 configuration file
> >> >> >> >
> >> >> >> > Eric mentioned:
> >> >> >> >
> >> >> >> >>>Don't constrain your directives to stuff under
<Directory /> if
> >> >> >> >>> you
> >> >> >> > want them to apply to proxy requests. These are never
mapped to
> a
> >> >> >> > directory.
> >> >> >> >
> >> >> >> > But Unfortunatelly I do not understand what shall I do.
How
> shall
> >> >> >> > I
> >> >> >> > defined
> >> >> >> > my directives.
> >> >> >> > Any help?
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > 2010/6/14 basteon <basteon@gmail.com>
> >> >> >> >>
> >> >> >> >> I guess that you can found reply in man 3 pam and
do pam auth
> in
> >> >> >> >> own
> >> >> >> >> module if that necessary.
> >> >> >> >>
> >> >> >> >> On 14 June 2010 18:05, Petr Hracek <phracek2@gmail.com>
wrote:
> >> >> >> >> > Hello *,
> >> >> >> >> >
> >> >> >> >> > On the target host is done some authorization
but I would
> like
> >> >> >> >> > to
> >> >> add
> >> >> >> >> > second
> >> >> >> >> > authorization from my own module.
> >> >> >> >> >
> >> >> >> >> > Unfortunatelly I have found that
> >> >> >> >> > mod_auth_pam is not supported and/or developed
any longer.
> >> >> >> >> >
> >> >> >> >> > if there any other module which is supported?
> >> >> >> >> >
> >> >> >> >> > thank you in advance
> >> >> >> >> > Petr
> >> >> >> >> >
> >> >> >> >> > 2010/6/12 basteon <basteon@gmail.com>
> >> >> >> >> >>
> >> >> >> >> >> hi, I guess that you can authorize it in
PAM by yourself in
> >> >> >> >> >> own
> >> >> >> >> >> module
> >> >> >> >> >> or uses http-basic auth ready module on
the target host or
> >> >> >> >> >> proxy.
> >> >> >> >> >>
> >> >> >> >> >> On 10/06/2010, Petr Hracek <phracek2@gmail.com>
wrote:
> >> >> >> >> >> > Hello apache users,
> >> >> >> >> >> >
> >> >> >> >> >> > I would like to explain my problem.
> >> >> >> >> >> > I have developed the module which is
used for
> authorization
> >> >> >> >> >> > to
> >> >> web
> >> >> >> >> >> > pages.
> >> >> >> >> >> > It works fine without problem but I
would like to use that
> >> >> module
> >> >> >> >> >> > for
> >> >> >> >> >> > authorization
> >> >> >> >> >> > of "proxy" requests as well.
> >> >> >> >> >> > Proxy requests are not defined in settings
of browser (in
> >> >> Firefox
> >> >> >> >> >> > Tools->Options->LAN settings
-> Manual configuration of
> >> >> >> >> >> > proxy).
> >> >> >> >> >> >
> >> >> >> >> >> > In apache conf. file I have following:
> >> >> >> >> >> >
> >> >> >> >> >> > <VirtualHost _default_:443>
> >> >> >> >> >> >
> >> >> >> >> >> > SSLEngine on
> >> >> >> >> >> > SSLProxyEngine on
> >> >> >> >> >> >
> >> >> >> >> >> > RewriteEngine on
> >> >> >> >> >> > RewriteCond %{REQUEST_METHOD} ^TRACE
> >> >> >> >> >> > RewriteRule .* - [F]
> >> >> >> >> >> > RewriteMap foo txt:/opt/apache/conf/foo.map
> >> >> >> >> >> > RewriteRule ^/PAC$ http://192.168.0.23:8080/PACAdmin
[P]
> >> >> >> >> >> > RewriteRule ^/PAC/(.*)
> http://192.168.0.23:8080/PACAdmin/$1
> >> >> >> >> >> > [P]
> >> >> >> >> >> > RewriteRule ^/([^/]+)$     ${foo:$1|/$1}
[L]
> >> >> >> >> >> > RewriteRule ^/([^/]+)/(.*)
> >> >> >> >> >> > ${foo:$1|/opt/apache/htdocs/ssldocs/$1}/$2
> >> >> >> >> >> > [L]
> >> >> >> >> >> >
> >> >> >> >> >> > <IfModule mod_authz_host.c>
> >> >> >> >> >> >    <Directory />
> >> >> >> >> >> >       Options +Indexes +Multiviews
> >> >> >> >> >> >       AuthType FOOM
> >> >> >> >> >> >       require   valid-user
> >> >> >> >> >> >       satisfy Any
> >> >> >> >> >> >    </Directory>
> >> >> >> >> >> > </IfModule>
> >> >> >> >> >> >
> >> >> >> >> >> > <Location "/PAC/">
> >> >> >> >> >> >    ProxyPass http://192.168.0.23:8080/PACAdmin
> >> >> >> >> >> >    ProxyPassReverse http://192.168.0.23:8080/PACAdmin
> >> >> >> >> >> >    ProxyPassReverseCookie   /PACAdmin
  /PAC
> >> >> >> >> >> >    Order Allow,deny
> >> >> >> >> >> >    Allow from all
> >> >> >> >> >> > </Location>
> >> >> >> >> >> >
> >> >> >> >> >> > How I can used own module for authorization
location
> /PAC/?
> >> >> >> >> >> > When user will enter URL http://192.168.0.23:8080/PAC
> >> >> >> >> >> > then firstly my own module will authorized
that page and
> >> >> >> >> >> > afterwards
> >> >> >> >> >> > location
> >> >> >> >> >> > /PAC will be shown.
> >> >> >> >> >> > Is it possible to do it somehow?
> >> >> >> >> >> >
> >> >> >> >> >> > Thanks for your help.
> >> >> >> >> >> > --
> >> >> >> >> >> > Best Regards / S pozdravem
> >> >> >> >> >> > Petr Hracek
> >> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > --
> >> >> >> >> > Best Regards / S pozdravem
> >> >> >> >> > Petr Hracek
> >> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > --
> >> >> >> > Best Regards / S pozdravem
> >> >> >> > Petr Hracek
> >> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> > --
> >> >> > Best Regards / S pozdravem
> >> >> > Petr Hracek
> >> >> >
> >> >>
> >> >
> >> >
> >> >
> >> > --
> >> > Best Regards / S pozdravem
> >> > Petr Hracek
> >> >
> >
> >
> >
> > --
> > Best Regards / S pozdravem
> > Petr Hracek
> >
>



-- 
Best Regards / S pozdravem
Petr Hracek

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message