NYCPHP Meetup

NYPHP.org

[nycphp-talk] Apache Mod-Proxy Access Control

Joe Leo joeleo724 at gmail.com
Fri May 30 12:54:18 EDT 2008 

Chris,

Wanted to see if you can help me implement the mod-rewrite and/or the
pre-pend script you mentioned below. I'm starting to read up on using
mod-rewrite and it seems it could take a bit of time to master it. I am
hoping to get a sample setup that would work for me. Thanks!

Joe

On Thu, May 29, 2008 at 2:24 PM, Joe Leo <joeleo724 at gmail.com> wrote:

> Chis, thanks for your reply/comments...
>
>> But wait, you said www was acting as a reverse proxy, so why would
>> someone go directly to server1?
>>
>
> To answer your question above, typically, users will visit main site which
> has webpage links that would take user to inside server via the proxy.
> However, that URL is shown/known when user mouse over the links. So, it can
> easily be used for future visits to server-x.mainsite.com.... And, I
> suspect, web engines will pick those links up as well.
>
> And, even if users that access site via main site they may not have
> authenticated before clicking on the link that would take them to the
> backend server.
>
> So, you are right, it seems that I would need something like mod_rewrite
> and/or the prepend script you mentioned. I've struggled to get my proxy
> working and have not yet played around with mod_rewrite. Also, the pre-pend
> script you refered to - Can you give me more info on this?
>
> Is there a sample of this script you can share and how it would work? Would
> really appreciate any help on this!
>
> Joe
>
>
> On Thu, May 29, 2008 at 4:08 PM, csnyder <chsnyder at gmail.com> wrote:
>
>> On Thu, May 29, 2008 at 2:03 PM, Joe Leo <joeleo724 at gmail.com> wrote:
>>
>> > The www.mainsite.com has my drupal users where they can sign-up and
>> > authenticate. What I want is: If users enter url server1.mainsite.comthen
>> > the proxy would somehow prompt users to first login. But, I'm not sure
>> how
>> > this can be done/achieved. I would appreciate any comments/suggestions
>> to
>> > accomplish this.
>> >
>>
>> It sounds tough, because the browser isn't going to send the
>> www.mainsite.com cookie to server1.mainsite.com.
>>
>> But wait, you said www was acting as a reverse proxy, so why would
>> someone go directly to server1?
>>
>> If all the connections go through www, you can use mod_rewrite to
>> check for existence of drupal's session cookie, and redirect to login
>> if not found.
>>
>> If someone knew the setup, they could fake the drupal cookie, so if
>> you're trying to protect something valuable using this scheme you may
>> need to consider a different mechanism, such as an auto-prepend script
>> that checks if the session is valid.
>>
>>
>> --
>> Chris Snyder
>> http://chxo.com/
>> _______________________________________________
>> New York PHP Community Talk Mailing List
>> http://lists.nyphp.org/mailman/listinfo/talk
>>
>> NYPHPCon 2006 Presentations Online
>> http://www.nyphpcon.com
>>
>> Show Your Participation in New York PHP
>> http://www.nyphp.org/show_participation.php
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20080530/d3d6cf95/attachment.html>

More information about the talk mailing list