Authorization is based on username/password stored in database. First of all I authenticate user and afterwards redirection is done.
I have following RewriteRule but it does not work at all. RewriteRule ^/([^/]+)$ ${unity:$1|/$1} [L] RewriteRule ^/([^/]+)/(.*) ${unity:$1|/opt/apache/htdocs/ssldocs/$1}/$2 [L] which is used for my module and in location is: <Location "/PAC/"> ProxyPass http://192.168.187.150:8080/PACCBAdmin ProxyPassReverse http://192.168.187.150:8080/PACCBAdmin/ ProxyPassReverseCookiePath /PACCBAdmin /PAC Order Allow,Deny Allow from all </Location> I hope that it is correct. BR Petr 2010/4/23 Jeffrey E Burgoyne <burgo...@keenuh.com> > I think that would require two modules as the authorization and redirect > hooks happen at different phases. I've actually written modules for both > of these phases, it is pretty easy as far as modules go. And remember, the > authorization module will ALWAYS be called before the redirection modules, > so you already know if you hit your redirection module that authorization > was correct. > > You may not, however, have to write a module. You may be able to use one > of the already provided auth modules plus mod_rewrite to do this. > > Now your authorization, is it based on a username/password, or some other > restriction (i.e. connecting IP)? > > If username/password, is it basic authentication controlled? If not, I've > no experience in that area. If it is, then what is the DB used? > > > > Thanks but I forgott to mentioned that my module makes an authorization > > against database and I would like to catch that if user access some proxy > > than first of all he has to be authorized by my module and afterwards it > > will be redirect to the proxy. Is it possible to do that somehow? > > > > Thanks > > > > 2010/4/23 Jeffrey E Burgoyne <burgo...@keenuh.com> > > > >> I'm not using it in a specific module, although you easily could. > >> > >> I'm not at work today, but it goes something like this : > >> > >> I want to force all hits to go through our front end web server which > >> acts > >> as a reverse proxy to the back end apache server. The logic is if there > >> is > >> no X_FORWARDED_FOR (meaning it was not proxied), then redirect the hit > >> to > >> the front end reverse proxy server. I used the logic that if the > >> X_FORWARDED_FOR did not start with 1-9 then it was not a valid proxied > >> request : > >> > >> RewriteCond %{X_FORWARDED_FOR} !^[1-9] > >> RewriteRule /(.*) http://proxiedhost.ca/$1 [R,L] > >> > >> > >> For your module you can access the headers from the request pool and > >> look > >> for X_FORWARDED_FOR. > >> > >> Note it may be more complicated depending on your setup. Some load > >> balancers put that value into the HTTP stream, so you may have to > >> account > >> for that. If it runs through multiple proxies (perhaps including a load > >> balancer), the IP's will be list form comma seperated. > >> > >> Note too I have DNS lookups off, so if you have them on I suspect you > >> would get the DNS name, not the IP, but I cannot say with 100% > >> certainty. > >> > >> > >> for example, > >> > >> if a client from 192.168.2.10 access 10.10.10.10, the web server sees : > >> > >> connecting IP - 192.168.2.10 > >> X_FORWARDED_HEADER - blank > >> > >> If the server at 10.10.10.10 proxies to 10.20.20.20 the web server at > >> the > >> .20 address sees : > >> > >> connecting IP - 10.10.10.01 > >> X_FORWARDED_HEADER - 192.168.2.10 > >> > >> > >> > >> > >> > >> > >> > How do you have configured RewriteRule together with your own module? > >> > Could you please send me more details or example? > >> > > >> > Thanks > >> > Petr > >> > > >> > 2010/4/23 Jeffrey E Burgoyne <burgo...@keenuh.com> > >> > > >> >> I use the environment variable X_FORWARDED_FOR > >> >> > >> >> > >> >> http://en.wikipedia.org/wiki/X-Forwarded-For > >> >> > >> >> > >> >> with mod_rewrite to determine if it came via a proxy or not. > >> >> > >> >> It may be of use to you. > >> >> > >> >> > >> >> > >> >> > 2010/4/22 Petr Hracek <phrac...@gmail.com> > >> >> > > >> >> >> Hello *, > >> >> >> > >> >> >> I hope that I am sending those question to the correct discussion > >> >> list. > >> >> >> > >> >> >> In my Apache2 (2.2.3) configuration file I have: > >> >> >> <VirtualHost _default_:443> > >> >> >> SSLEngine on > >> >> >> DocumentRoot "/opt/apache/htdocs/ssldocs" > >> >> >> ProxyPass /PAC/ http://192.168.187.101:8080/PACCBAdmin > >> >> >> ProxyPassReverse /PAC/ > >> >> http://192.168.187.150:8080/PACCBAdmin/ > >> >> >> RewriteEngine on > >> >> >> RewriteCond %{REQUEST_METHOD} ^TRACE > >> >> >> RewriteRule .* - [F] > >> >> >> RewriteMap unity txt:/opt/apache/conf/unity.map > >> >> >> RewriteRule ^/([^/]+)$ ${unity:$1|/$1} [L] > >> >> >> RewriteRule ^/([^/]+)/(.*) > >> >> ${unity:$1|/opt/apache/htdocs/ssldocs/$1}/$2 > >> >> >> [L] > >> >> >> RewriteLog "/var/log/apache2/rewrite_log" > >> >> >> RewriteLogLevel 3 > >> >> >> > >> >> >> <Location "/PAC/"> > >> >> >> ProxyPassReverseCookiePath /PACCBAdmin /PAC > >> >> >> Order Allow,Deny > >> >> >> Allow from all > >> >> >> </Location> > >> >> >> > >> >> >> </VirtualHost> > >> >> >> > >> >> >> In the my modules which takes care about AAA, Security issues, > >> etc. > >> >> >> I would like to catch in my module when URL contains /PAC/ (which > >> >> means > >> >> >> that this is proxy) than it tell to module that this request is > >> not a > >> >> >> bussiness for them. > >> >> >> Is it possible to do that somehow? > >> >> >> I have found that r->proxyreq contains if the Request is Proxy or > >> >> not. > >> >> >> > >> >> >> Thank you in advance > >> >> >> -- > >> >> >> Best Regards / S pozdravem > >> >> >> Petr Hracek > >> >> >> > >> >> > > >> >> > Hello *, > >> >> > > >> >> > May be I have asked wrongly. > >> >> > > >> >> > How can I detect if the request from browser if Proxy or not? > >> >> > How should I configure apache for that case? > >> >> > > >> >> > -- > >> >> > Best Regards / S pozdravem > >> >> > Petr Hracek > >> >> > > >> >> > >> >> > >> >> -- > >> >> Jeffrey Burgoyne > >> >> Chief Technology Officer > >> >> KCSI Keenuh Consulting Services Inc > >> >> www.keenuh.com > >> >> burgo...@keenuh.com > >> >> > >> >> > >> >> > >> > > >> > > >> > -- > >> > Best Regards / S pozdravem > >> > Petr Hracek > >> > > >> > >> > >> -- > >> Jeffrey Burgoyne > >> Chief Technology Officer > >> KCSI Keenuh Consulting Services Inc > >> www.keenuh.com > >> burgo...@keenuh.com > >> > >> > >> > > > > > > -- > > Best Regards / S pozdravem > > Petr Hracek > > > > > -- > Jeffrey Burgoyne > Chief Technology Officer > KCSI Keenuh Consulting Services Inc > www.keenuh.com > burgo...@keenuh.com > > > -- Best Regards / S pozdravem Petr Hracek -- Best Regards / S pozdravem Petr Hracek