Re: Authentication of proxy over own module
Sorry I have posted to the wrong conference. Add the end of this mail youc can find where I have a problem? 2010/6/17 Pid p...@pidster.com On 16/06/2010 10:08, Petr Hracek wrote: Sorry my wrong explanation. I have ment the when the request is authorized/authenticated by my module how the request should be sent to the proxy IP address define in apache module: RewriteRule ^/PAC$ http://192.168.0.23:8080/PACAdmin [P] RewriteRule ^/PAC/(.*) http://192.168.0.23:8080/PACAdmin/$1 [P] RewriteRule ^/([^/]+)$ ${foo:$1|/$1} [L] RewriteRule ^/([^/]+)/(.*) ${foo:$1|/opt/apache/htdocs/ssldocs/$1}/$2 [L] Location /PAC/ ProxyPass http://192.168.0.23:8080/PACAdmin ProxyPassReverse http://192.168.0.23:8080/PACAdmin ProxyPassReverseCookie /PACAdmin /PAC Order Allow,deny Allow from all /Location Can you explain again what it is you're trying to achieve, please? p Best regards Petr 2010/6/15 basteon bast...@gmail.com hm, redirect itsn't proxing , as i understood ;) redirect it's wen you communicate client and target server directly and no proxing anymore. in case todo proxy in your module there should be server and client parts, I've not seen your module, maybe it's under NDA, and so on... but you can have a look at scgi module there client in apache api, but it working in another way. there... static apr_status_t open_socket(apr_socket_t **sock, request_rec *r) { //snip and rv = apr_socket_connect(*sock, sockaddr); if (rv) { //snip On 15 June 2010 20:49, Petr Hracek phrac...@gmail.com wrote: That's a good sentence. You mention: if you did auth in your own module there should be accepted stream and when it passed auth you must sent it through own module to target server. May be this is a my problem. When the request is authorized/authenticated by my module how and where I have to sent to the target server. How can I do it? Redirect? Thank you in advance Petr 2010/6/15 basteon bast...@gmail.com no, about sniffing i meant sniff traffic on the network interface. I don't know how catch up ReverseProxy requests, but if you did auth in your own module there should be accepted stream and when it passed auth you must sent it through own module to target server. or it should working as proxy you must thinking about sessions accepted\passed auth, then init auth from own module to target server. but, why you did it at all? what's purposes on it double auth? On 15/06/2010, Petr Hracek phrac...@gmail.com wrote: But I am using ReverseProxy as well, right? I mean in my own module to sniff traffic when the request is ReverseProxy and them going to the target? How I can catch that request is Reverse Proxy (not defined in Browser settings)? Is that any handler for that case and where should I try to catch the request? In post_read_request? Could you please let me more detailly what do you think? best regards. Petr 2010/6/14 basteon bast...@gmail.com I uses reverce proxy, but you can try sniff traffic between proxy and target On 14 June 2010 13:52, Petr Hracek phrac...@gmail.com wrote: If you mean that RewriteRule should be like that: RewriteMap foo txt:/opt/apache/conf/foo.map RewriteRule ^/([^/]+)$ ${foo:$1|/$1} [L] RewriteRule ^/([^/]+)/(.*) ${foo:$1|/opt/apache/htdocs/ ssldocs/$1}/$2 [L] RewriteRule ^/PAC$ http://192.168.0.23:8080/PACAdmin [P] RewriteRule ^/PAC/(.*) http://192.168.0.23:8080/PACAdmin/$1 [P] Unfortuantelly in this case I see /opt/PAC/htdocs error was not found but this is true because of main index is on the machine 192.168.0.23:8080. Therefore I am receiving HTTP error 404. Or shall I do? IfModule mod_authz_host.c Location /PAC/ ProxyPass http://192.168.0.23:8080/PACAdmin ProxyPassReverse http://192.168.0.23:8080/PACAdmin ProxyPassReverseCookie /PACAdmin /PAC AuthType FOOM require valid-user satisfy Any /Location /IfModule Thank you in advance Petr 2010/6/14 basteon bast...@gmail.com hm, looks like if there double auth, therefore you should put client account trough your module instead of just redirect these client. On 14 June 2010 11:36, Petr Hracek phrac...@gmail.com wrote: Yes this is done simillary in my own module but I have an problem. When the URL is authorized (successfully) then URL http://192.168.0.23:8080/PAC is shown as 404 Unknown. Unfortuntatelly I could not find any reason why it is not found because of URL is a Proxy? See my apache2 configuration file Eric mentioned: Don't constrain your directives to stuff under Directory / if you want them to apply to proxy requests. These are never mapped to a directory. But Unfortunatelly I do not understand what shall I do. How shall I defined my directives. Any help? 2010/6/14
Re: Authentication of proxy over own module
Sorry my wrong explanation. I have ment the when the request is authorized/authenticated by my module how the request should be sent to the proxy IP address define in apache module: RewriteRule ^/PAC$ http://192.168.0.23:8080/PACAdmin [P] RewriteRule ^/PAC/(.*) http://192.168.0.23:8080/PACAdmin/$1 [P] RewriteRule ^/([^/]+)$ ${foo:$1|/$1} [L] RewriteRule ^/([^/]+)/(.*) ${foo:$1|/opt/apache/htdocs/ssldocs/$1}/$2 [L] Location /PAC/ ProxyPass http://192.168.0.23:8080/PACAdmin ProxyPassReverse http://192.168.0.23:8080/PACAdmin ProxyPassReverseCookie /PACAdmin /PAC Order Allow,deny Allow from all /Location Best regards Petr 2010/6/15 basteon bast...@gmail.com hm, redirect itsn't proxing , as i understood ;) redirect it's wen you communicate client and target server directly and no proxing anymore. in case todo proxy in your module there should be server and client parts, I've not seen your module, maybe it's under NDA, and so on... but you can have a look at scgi module there client in apache api, but it working in another way. there... static apr_status_t open_socket(apr_socket_t **sock, request_rec *r) { //snip and rv = apr_socket_connect(*sock, sockaddr); if (rv) { //snip On 15 June 2010 20:49, Petr Hracek phrac...@gmail.com wrote: That's a good sentence. You mention: if you did auth in your own module there should be accepted stream and when it passed auth you must sent it through own module to target server. May be this is a my problem. When the request is authorized/authenticated by my module how and where I have to sent to the target server. How can I do it? Redirect? Thank you in advance Petr 2010/6/15 basteon bast...@gmail.com no, about sniffing i meant sniff traffic on the network interface. I don't know how catch up ReverseProxy requests, but if you did auth in your own module there should be accepted stream and when it passed auth you must sent it through own module to target server. or it should working as proxy you must thinking about sessions accepted\passed auth, then init auth from own module to target server. but, why you did it at all? what's purposes on it double auth? On 15/06/2010, Petr Hracek phrac...@gmail.com wrote: But I am using ReverseProxy as well, right? I mean in my own module to sniff traffic when the request is ReverseProxy and them going to the target? How I can catch that request is Reverse Proxy (not defined in Browser settings)? Is that any handler for that case and where should I try to catch the request? In post_read_request? Could you please let me more detailly what do you think? best regards. Petr 2010/6/14 basteon bast...@gmail.com I uses reverce proxy, but you can try sniff traffic between proxy and target On 14 June 2010 13:52, Petr Hracek phrac...@gmail.com wrote: If you mean that RewriteRule should be like that: RewriteMap foo txt:/opt/apache/conf/foo.map RewriteRule ^/([^/]+)$ ${foo:$1|/$1} [L] RewriteRule ^/([^/]+)/(.*) ${foo:$1|/opt/apache/htdocs/ ssldocs/$1}/$2 [L] RewriteRule ^/PAC$ http://192.168.0.23:8080/PACAdmin [P] RewriteRule ^/PAC/(.*) http://192.168.0.23:8080/PACAdmin/$1 [P] Unfortuantelly in this case I see /opt/PAC/htdocs error was not found but this is true because of main index is on the machine 192.168.0.23:8080. Therefore I am receiving HTTP error 404. Or shall I do? IfModule mod_authz_host.c Location /PAC/ ProxyPass http://192.168.0.23:8080/PACAdmin ProxyPassReverse http://192.168.0.23:8080/PACAdmin ProxyPassReverseCookie /PACAdmin /PAC AuthType FOOM require valid-user satisfy Any /Location /IfModule Thank you in advance Petr 2010/6/14 basteon bast...@gmail.com hm, looks like if there double auth, therefore you should put client account trough your module instead of just redirect these client. On 14 June 2010 11:36, Petr Hracek phrac...@gmail.com wrote: Yes this is done simillary in my own module but I have an problem. When the URL is authorized (successfully) then URL http://192.168.0.23:8080/PAC is shown as 404 Unknown. Unfortuntatelly I could not find any reason why it is not found because of URL is a Proxy? See my apache2 configuration file Eric mentioned: Don't constrain your directives to stuff under Directory / if you want them to apply to proxy requests. These are never mapped to a directory. But Unfortunatelly I do not understand what shall I do. How shall I defined my directives. Any help? 2010/6/14 basteon bast...@gmail.com I guess that you can found reply in man 3 pam and do pam auth in own module if that necessary. On 14 June
Re: Authentication of proxy over own module
On 16/06/2010 10:08, Petr Hracek wrote: Sorry my wrong explanation. I have ment the when the request is authorized/authenticated by my module how the request should be sent to the proxy IP address define in apache module: RewriteRule ^/PAC$ http://192.168.0.23:8080/PACAdmin [P] RewriteRule ^/PAC/(.*) http://192.168.0.23:8080/PACAdmin/$1 [P] RewriteRule ^/([^/]+)$ ${foo:$1|/$1} [L] RewriteRule ^/([^/]+)/(.*) ${foo:$1|/opt/apache/htdocs/ssldocs/$1}/$2 [L] Location /PAC/ ProxyPass http://192.168.0.23:8080/PACAdmin ProxyPassReverse http://192.168.0.23:8080/PACAdmin ProxyPassReverseCookie /PACAdmin /PAC Order Allow,deny Allow from all /Location Can you explain again what it is you're trying to achieve, please? p Best regards Petr 2010/6/15 basteon bast...@gmail.com hm, redirect itsn't proxing , as i understood ;) redirect it's wen you communicate client and target server directly and no proxing anymore. in case todo proxy in your module there should be server and client parts, I've not seen your module, maybe it's under NDA, and so on... but you can have a look at scgi module there client in apache api, but it working in another way. there... static apr_status_t open_socket(apr_socket_t **sock, request_rec *r) { //snip and rv = apr_socket_connect(*sock, sockaddr); if (rv) { //snip On 15 June 2010 20:49, Petr Hracek phrac...@gmail.com wrote: That's a good sentence. You mention: if you did auth in your own module there should be accepted stream and when it passed auth you must sent it through own module to target server. May be this is a my problem. When the request is authorized/authenticated by my module how and where I have to sent to the target server. How can I do it? Redirect? Thank you in advance Petr 2010/6/15 basteon bast...@gmail.com no, about sniffing i meant sniff traffic on the network interface. I don't know how catch up ReverseProxy requests, but if you did auth in your own module there should be accepted stream and when it passed auth you must sent it through own module to target server. or it should working as proxy you must thinking about sessions accepted\passed auth, then init auth from own module to target server. but, why you did it at all? what's purposes on it double auth? On 15/06/2010, Petr Hracek phrac...@gmail.com wrote: But I am using ReverseProxy as well, right? I mean in my own module to sniff traffic when the request is ReverseProxy and them going to the target? How I can catch that request is Reverse Proxy (not defined in Browser settings)? Is that any handler for that case and where should I try to catch the request? In post_read_request? Could you please let me more detailly what do you think? best regards. Petr 2010/6/14 basteon bast...@gmail.com I uses reverce proxy, but you can try sniff traffic between proxy and target On 14 June 2010 13:52, Petr Hracek phrac...@gmail.com wrote: If you mean that RewriteRule should be like that: RewriteMap foo txt:/opt/apache/conf/foo.map RewriteRule ^/([^/]+)$ ${foo:$1|/$1} [L] RewriteRule ^/([^/]+)/(.*) ${foo:$1|/opt/apache/htdocs/ ssldocs/$1}/$2 [L] RewriteRule ^/PAC$ http://192.168.0.23:8080/PACAdmin [P] RewriteRule ^/PAC/(.*) http://192.168.0.23:8080/PACAdmin/$1 [P] Unfortuantelly in this case I see /opt/PAC/htdocs error was not found but this is true because of main index is on the machine 192.168.0.23:8080. Therefore I am receiving HTTP error 404. Or shall I do? IfModule mod_authz_host.c Location /PAC/ ProxyPass http://192.168.0.23:8080/PACAdmin ProxyPassReverse http://192.168.0.23:8080/PACAdmin ProxyPassReverseCookie /PACAdmin /PAC AuthType FOOM require valid-user satisfy Any /Location /IfModule Thank you in advance Petr 2010/6/14 basteon bast...@gmail.com hm, looks like if there double auth, therefore you should put client account trough your module instead of just redirect these client. On 14 June 2010 11:36, Petr Hracek phrac...@gmail.com wrote: Yes this is done simillary in my own module but I have an problem. When the URL is authorized (successfully) then URL http://192.168.0.23:8080/PAC is shown as 404 Unknown. Unfortuntatelly I could not find any reason why it is not found because of URL is a Proxy? See my apache2 configuration file Eric mentioned: Don't constrain your directives to stuff under Directory / if you want them to apply to proxy requests. These are never mapped to a directory. But Unfortunatelly I do not understand what shall I do. How shall I defined my directives. Any help? 2010/6/14 basteon bast...@gmail.com I guess that you can found reply in man 3 pam and do pam auth in own module if that necessary. On 14 June 2010 18:05, Petr Hracek phrac...@gmail.com wrote: Hello *, On the target host is done some authorization but I would like to add second authorization from