Hello all!
I need protect directory (/abonents) on server.
User database lies on Radius Server.
I have front-end (apache proxy) + back-end apache servers.
I've heard that authentication process must works on front-end server.
(Other protected directories via Apache core functions resides on front-end
server). I've had a problem when Authentication response from back-end not
passed through front-end Apache proxy server once and just replace
authentication to front-end.
Apache::AuthenRadius - requires mod_perl, therefore I cannot do it on
front-end. May be I fear for nothing and there is solution for
authentication on back-end?
I think, may be Apache::AuthCookie is right solution ?
Authentication process via Authen::Radius place into SI::AuthCookieHandler
for back-end server.
But I got
----------------------------------------------
[Tue Jan 25 16:18:46 2000] [crit] [client 195.209.67.7] configuration error:
couldn't check user. No
user file?: /abonents/prtctd/index.shtml
----------------------------------------------
httpd.conf for back-end
----------------------------------------------
LoadModule env_module libexec/mod_env.so
LoadModule config_log_module libexec/mod_log_config.so
LoadModule mime_module libexec/mod_mime.so
LoadModule negotiation_module libexec/mod_negotiation.so
LoadModule status_module libexec/mod_status.so
LoadModule asis_module libexec/mod_asis.so
LoadModule action_module libexec/mod_actions.so
LoadModule alias_module libexec/mod_alias.so
LoadModule access_module libexec/mod_access.so
LoadModule setenvif_module libexec/mod_setenvif.so
LoadModule perl_module libexec/libperl.so
LoadModule macro_module libexec/mod_macro.so
ClearModuleList
AddModule mod_charset.c
AddModule mod_env.c
AddModule mod_log_config.c
AddModule mod_mime.c
AddModule mod_negotiation.c
AddModule mod_status.c
AddModule mod_asis.c
AddModule mod_actions.c
AddModule mod_alias.c
AddModule mod_access.c
AddModule mod_so.c
AddModule mod_setenvif.c
AddModule mod_perl.c
AddModule mod_macro.c
PerlRequire /usr/local/apache/power/conf/startup.pl
....
<IfDefine power>
<Location /abonents/prtctd>
PerlAuthenHandler SI::AuthCookieHandler->authen
PerlAuthzHandler SI::AuthCookieHandler->authz
AuthType Sample
AuthName Abonents
PerlSetVar AbonentsPath /abonents
PerlSetVar AbonentsLoginScript /abonents/index.html
require valid-user
</Location>
</IfDefine>
----------------------------------------------
startup.pl
----------------------------------------------
use strict;
use lib qw(/usr/web/inc);
use Apache::Registry();
use Apache::Status();
use Apache::DBI();
use Apache::SSI();
use Apache::ASP();
use DBD::Oracle();
use SI::AuthCookieHandler;
$ENV{ORACLE_HOME} = "/usr/local/oracle8";
$ENV{NLS_LANG} = "AMERICAN_AMERICA.CL8MSWIN1251";
$ENV{ORA_NLS} = "$ENV{ORACLE_HOME}/ocommon/nls/admin/data";
use Apache::Constants qw(:common);
sub My::ProxyRemoteAddr ($)
{
my $r = shift;
# we'll only look at the X-Forwarded-For header if the requests
# comes from our proxy at localhost
return FORBIDDEN unless ($r->connection->remote_ip == "195.128.128.26");
if (my ($ip) = $r->header_in('X-Forwarded-For') =~ /([^,\s]+)$/)
{
$r->connection->remote_ip($ip);
}
return OK;
}
1;
----------------------------------------------
Sergey Polyakov (BeerBong)
Chief of Web Lab (http://www.mustdie.ru/~beerbong)