I've written a module to do authentication for proxy requests. I wrote
it as an access handler since I couldn't see how to require authentication
only for proxy requests. Is there a better way to do it, or is this
way fairly decent? Basically, has someone else done this already and
better?
Potential application is protecting a search engine which does not
support authentication, yet requires its own http server to be used.
Since authentication would depend on the URL, I don't think squid
can be used.
package My::Auth;
use strict;
use vars qw($VERSION @ISA %cache);
use Apache::Constants qw(OK DECLINED AUTH_REQUIRED);
use MIME::Base64 qw(decode_base64);
use Net::PH;
$VERSION = '0.01';
@ISA = ( );
sub handler ($$) {
my $class = shift;
my $r = shift;
return DECLINED unless $r->proxyreq;
Apache->request($r); # set it to make sure it is set...
my $realm = $r->dir_config('ProxyAuthName');
$r->err_header_out('Proxy-Authenticate',qq{Basic realm="$realm"});
my $authinfo = $r->header_in('proxy-authorization');
return AUTH_REQUIRED if $authinfo !~ /^\s*Basic\s/i;
my($b64) = ($authinfo =~ m{Basic\s*([A-Za-z0-9+/=]*)});
$b64 = decode_base64($b64);
my($user,$pass) = split(/:/,$b64,2);
if($user && $pass) {
my $ph = Net::PH->new("ns.tamu.edu");
if($ph && $ph->login($user,$pass,1)) {
$ph->logout();
$r->connection->user($user);
return OK;
}
return AUTH_REQUIRED;
}
return AUTH_REQUIRED;
}
1;
--
James Smith <JGSmith@TAMU.Edu>, 409-862-3725
Texas A&M CIS Operating Systems Group, Unix
it as an access handler since I couldn't see how to require authentication
only for proxy requests. Is there a better way to do it, or is this
way fairly decent? Basically, has someone else done this already and
better?
Potential application is protecting a search engine which does not
support authentication, yet requires its own http server to be used.
Since authentication would depend on the URL, I don't think squid
can be used.
package My::Auth;
use strict;
use vars qw($VERSION @ISA %cache);
use Apache::Constants qw(OK DECLINED AUTH_REQUIRED);
use MIME::Base64 qw(decode_base64);
use Net::PH;
$VERSION = '0.01';
@ISA = ( );
sub handler ($$) {
my $class = shift;
my $r = shift;
return DECLINED unless $r->proxyreq;
Apache->request($r); # set it to make sure it is set...
my $realm = $r->dir_config('ProxyAuthName');
$r->err_header_out('Proxy-Authenticate',qq{Basic realm="$realm"});
my $authinfo = $r->header_in('proxy-authorization');
return AUTH_REQUIRED if $authinfo !~ /^\s*Basic\s/i;
my($b64) = ($authinfo =~ m{Basic\s*([A-Za-z0-9+/=]*)});
$b64 = decode_base64($b64);
my($user,$pass) = split(/:/,$b64,2);
if($user && $pass) {
my $ph = Net::PH->new("ns.tamu.edu");
if($ph && $ph->login($user,$pass,1)) {
$ph->logout();
$r->connection->user($user);
return OK;
}
return AUTH_REQUIRED;
}
return AUTH_REQUIRED;
}
1;
--
James Smith <JGSmith@TAMU.Edu>, 409-862-3725
Texas A&M CIS Operating Systems Group, Unix