[Bug 69886] New: module to create random token

Sun, 30 Nov 2025 02:32:56 -0800 

https://bz.apache.org/bugzilla/show_bug.cgi?id=69886

            Bug ID: 69886
           Summary: module to create random token
           Product: Apache httpd-2
           Version: 2.4.65
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Other Modules
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ---

Created attachment 40128
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=40128&action=edit
the full module in patch format

In response of https://lists.apache.org/thread/ym4gwrf3sq55hm5l96zgh0fgg0vptw3s

I put the code in:
https://github.com/PilouGit/httpd/tree/mod_random

And the standalone module (with tests ) lives in:
https://github.com/PilouGit/mod_random

I hope this could be useful.


This module generates cryptographically secure random base64-encoded strings
and injects them as environment variables for use by applications and other
modules.

Features
  * Core Features
  * Generates cryptographically secure random bytes using Apache's
apr_generate_random_bytes() (CSPRNG)
  * Automatically sets RANDOM_STRING environment variable on every request
  * Configurable random data length (1-1024 bytes, default: 16)
  * Multiple output formats: base64, hex, base64url, custom alphabet

Advanced Features
  * Multiple Tokens per Request: Generate different tokens with individual
configurations using RandomAddToken
  * Custom Alphabets: Define custom character sets for human-readable codes
(e.g., ABCD-1234-EFGH)
  * Metadata Encoding: Encode expiration timestamps into tokens with optional
HMAC-SHA256 signatures for validation
  * TTL Caching: Cache tokens for configurable time periods to reduce
generation overhead
  * URL Pattern Matching: Conditionally generate tokens based on URL regex
patterns
  * Timestamp Prefixes: Include sortable Unix timestamps in tokens
  * Custom Prefixes/Suffixes: Add custom text before/after tokens
  * HTTP Header Injection: Automatically inject tokens into response headers

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to