Let's say I have the following configuration:
1. Front end proxy server (no mod_perl)
2. Back end application server (mod_perl)
3. Back end application server (php)
Now, *all* application requests are passed to the mod_perl server (yes,
including the php requests). Performing security checks for all the
applications on the mod_perl server is easy via a few simple handlers.
However, I also want to *transparently* handle high-level application access
security for the applications served from the php server using the same
perl/db modle I use in the mod perl server.
So, php application requests would bounce from the proxy server to the mod
perl server to the php server.
Is this workable? I currently use mod_rewrite to proxy the requests to the
mod_perl server, and I'm assuming I would have to do something similar for
the php server. However, I'm not all that sure how to do this, since I
don't think mod_rewite will work the way I expect - I need to configure a
<Location> but mod_rewrite doesn't work with <Location>. Or does it?
In case anyone is wondering, I'm working on constructing a dynamic front-end
portal that will gate through to various applications, some developed in
house, others obtained from third parties - the clients wants to perform a
global security check before getting to the application, hence the stuff
that I'm creating.
This is all related to a single sign-on environment - once the user has
signed on an encrypted cookie will contain the application security
information used to authorize the user int the various applications.
Many thanks!
-klm.
