4

I'm trying to set up a reverse proxy in Apache. The user will be required to log in, and will then be sent a cookie. I want Apache to check the cookie. Is there a way to do this?

EG, right now my config looks like this: 

<VirtualHost *:82>
  # username:password sent on to endpoint
  RequestHeader set Authorization "Basic cm9vdjfjDJaGRvYa=="

  ProxyPass /monitors/2/ http://192.168.1.6/foo.cgi
  ProxyPassReverse /monitors/2/ http://192.168.1.6/foo.cgi
</VirtualHost>

Can I add something in the VirtualHost to restrict access based on a cookie?

user19084
  • 143
  • 1
  • 4

1 Answers1

4

Sure. I do the same thing.

When a user logs in, I give them a cookie and create a token in /t/tokenid, and put it in a cookie: S=tokenid;PATH=/

Then, I can use RewriteCond to check for the file's existence:

RewriteEngine on
# check for no cookie being set
RewriteCond %{HTTP:Cookie} !S=([a-zA-Z0-9]+)
RewriteRule ^/*protected/ /login.html [L,R]
# check for an invalid cookie being set
RewriteCond %{HTTP:Cookie} S=([a-zA-Z0-9]+)
RewriteCond /t/%1 !-f
RewriteRule ^/*protected/ /login.html [L,R]

Finally, a garbage collector runs periodically and deletes old tokens:

find /t -type f \! -atime +1 -delete

To make the atime automatically update, I have /t mounted without noatime, and I have it web-accessible (but not indexed) and part of the stylesheet references /loggedin.txt which is rewritten as:

RewriteCond %{HTTP:Cookie} S=([a-zA-Z0-9]+)
RewriteRule ^/*loggedin\.txt$ /t/%1 [L]
Cheetah
  • 438
  • 3
  • 6
geocar
  • 2,307
  • 14
  • 10
  • I'm not sure if this is universal, but the Ruby CGI library encodes "=" as "%3D", so my RewriteCond looks like this: RewriteCond %{HTTP:Cookie} S%3D([a-zA-Z0-9]+) – user19084 Oct 05 '09 at 21:15