Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added scroll for code. New post apache externall authentication
- Loading branch information
Showing
2 changed files
with
69 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,65 @@ | ||
| --- | ||
| layout: post | ||
| title: Apache External Authentication | ||
| categories: Apache External Authentication | ||
| description: Apache external authentication for proxy requests. | ||
| --- | ||
|
|
||
| I have created a web application which is a middleware situated between the mobile app and the webservice provider. Some requests should be handled by the middleware and some other requests should be forwarded to the webservice provider. | ||
|
|
||
| We can add apache proxy to forward the requests to the webservice provider. But before forwarding the requests it should be validated. If we are validating from the application then we can’t use the apache proxy, so the validation has to be implemented within apache. | ||
|
|
||
| There is a custom module for apache to do this kind of external authentication called [mod-auth-external](https://code.google.com/p/mod-auth-external/). Where you can mention the path of an external authentication file. Whenever apache gets a request it will execute the validation file and based on the response (true/false) from validation file apache either continue with the request or return unauthorized. | ||
|
|
||
| Sample virtual_host.conf file: | ||
|
|
||
| LoadModule authnz_external_module modules/mod_authnz_external.so | ||
| <VirtualHost *:80> | ||
| DocumentRoot "/var/www/application_name" | ||
| ServerName application_name.com | ||
| AddExternalAuth auth /var/www/application_name/validate.php | ||
| SetExternalAuthMethod auth environment | ||
| <Directory "/var/www/application_name"> | ||
| Options Indexes +FollowSymLinks MultiViews +ExecCGI | ||
| AllowOverride None | ||
| Order allow,deny | ||
| Allow from all | ||
| </Directory> | ||
| <Location ~ "^/api/(.*)$"> | ||
| AuthName "AppName" | ||
| AuthType Basic | ||
| AuthBasicProvider external | ||
| AuthExternal auth | ||
| require valid-user | ||
| </Location> | ||
| ProxyRequests Off | ||
| ProxyPreserveHost On | ||
| ProxyPass /api/ https://192.168.1.200/Webserver/ | ||
| ProxyPassReverse /api/ https://192.168.1.200/Webserver/ | ||
| <Proxy *> | ||
| Order deny,allow | ||
| Allow from all | ||
| </Proxy> | ||
| </VirtualHost> | ||
|
|
||
| Sample external authentication file (validate.php): | ||
|
|
||
| #!/usr/bin/php | ||
| <?php | ||
| $host = "127.0.0.1"; | ||
| $user = "user"; | ||
| $password = "password"; | ||
| $database = "database"; | ||
| $link = mysql_connect($host, $user, $password); | ||
| $selected = mysql_select_db($database, $link); | ||
| $username = getenv('USER'); | ||
| $password = getenv("PASS"); | ||
| $sql = "SELECT * FROM table_name WHERE username= '$username' AND password = '$password' AND status = 1"; | ||
| $result = mysql_query($sql, $link); | ||
| $count = mysql_num_rows($result); | ||
| if ($count > 0) { | ||
| exit(0); | ||
| } else { | ||
| exit(1); | ||
| } | ||
| ?> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -89,3 +89,7 @@ div.title-desc { | |
| .social-networks span { | ||
| padding: 2%; | ||
| } | ||
|
|
||
| pre { | ||
| overflow-x: auto; | ||
| } | ||