mod_proxy auth from PHP?

Here is the situation:

I have a php login page at https://login.mydomain.com and an internal
server listening only on localhost http://localhost:12345

I want mod_proxy to send to the internal server only if auth was
successful from the php login page. The user/pass can be in the .php
file itself like if $_POST['password'] = 'abc' because it's just for a
single user and I don't require a database although I don't really
mind using SQLite if mod_proxy requires that I do.

Is this possible (I guess nothing is impossible)? If so, which
authentication module should I be looking into to achieve this?

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: mod_proxy auth from PHP?

On Mon, Dec 14, 2009 at 11:04 PM, Perl Whore wrote:
> Here is the situation:
>
> I have a php login page at https://login.mydomain.com and an internal
> server listening only on localhost http://localhost:12345
>
> I want mod_proxy to send to the internal server only if auth was
> successful from the php login page. The user/pass can be in the .php
> file itself like if $_POST['password'] = 'abc' because it's just for a
> single user and I don't require a database although I don't really
> mind using SQLite if mod_proxy requires that I do.
>

This is easier done using Basic authentication with the choice of many
backends, like RDBMS or LDAP, but I am assuming that you want to use
form based authentication for whatever reason.

> Is this possible (I guess nothing is impossible)? If so, which
> authentication module should I be looking into to achieve this?
>

I answered a similar question before, where the user was trying to get
mod_auth_form going for Apache 2.2

We implemented something similar using mod_auth_memcookie
(http://authmemcookie.sourceforge.net/) and you can use your own for
to do the authentication.

Let me know if you want me to share configurations etc.

--
"The secret impresses no-one, the trick you use it for is everything"
- Alfred Borden (The Prestiege)

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: mod_proxy auth from PHP?

Ah, thanks. This is a good idea. I didn't know about mod_auth_memcookie.

Yes, it'll be great if you share your configuration so I can have a
better understanding.

On Mon, Dec 21, 2009 at 6:21 AM, Devraj Mukherjee wrote:
> On Mon, Dec 14, 2009 at 11:04 PM, Perl Whore wrote:
>> Here is the situation:
>>
>> I have a php login page at https://login.mydomain.com and an internal
>> server listening only on localhost http://localhost:12345
>>
>> I want mod_proxy to send to the internal server only if auth was
>> successful from the php login page. The user/pass can be in the .php
>> file itself like if $_POST['password'] =3D 'abc' because it's just for a
>> single user and I don't require a database although I don't really
>> mind using SQLite if mod_proxy requires that I do.
>>
>
> This is easier done using Basic authentication with the choice of many
> backends, like RDBMS or LDAP, but I am assuming that you want to use
> form based authentication for whatever reason.
>
>> Is this possible (I guess nothing is impossible)? If so, which
>> authentication module should I be looking into to achieve this?
>>
>
> I answered a similar question before, where the user was trying to get
> mod_auth_form going for Apache 2.2
>
> We implemented something similar using mod_auth_memcookie
> (http://authmemcookie.sourceforge.net/) and you can use your own for
> to do the authentication.
>
> Let me know if you want me to share configurations etc.
>
> --
> "The secret impresses no-one, the trick you use it for is everything"
> - Alfred Borden (The Prestiege)
>
> ------------------------------------------------------------ ---------
> The official User-To-User support forum of the Apache HTTP Server Project=
..
> See for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> =A0 " =A0 from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: mod_proxy auth from PHP?

On Mon, Dec 21, 2009 at 1:24 PM, Perl Whore wrote:
> Ah, thanks. This is a good idea. I didn't know about mod_auth_memcookie.
>
> Yes, it'll be great if you share your configuration so I can have a
> better understanding.
>

The following is what my configuration sort of looks like (very
similar to the example that ships with the module). Ensure that you
put login.php in a directory that is accessible outside your protected
area.

In case of reverse proxies you can do this by

ProxyPass /url !

Needless to say you will need memcached and memcache support in PHP.



Auth_memCookie_CookieName myauthcookie
Auth_memCookie_Memcached_AddrPort 127.0.0.1:11000

# to redirect unauthorized user to the login page
ErrorDocument 401 "/gestionuser/login.php"

# to specify if the module are autoritative in this directory
Auth_memCookie_Authoritative on
# must be set without that the refuse authentification
AuthType Cookie
# must be set (apache mandatory) but not used by the module
AuthName "My Login"




--
"The secret impresses no-one, the trick you use it for is everything"
- Alfred Borden (The Prestiege)

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org