[Zope-dev] ProxyPass and SiteAccess getting REMOTE_ADDR
Oliver Bleutgen
Oliver Bleutgen <myzope@gmx.net>
Tue, 13 Feb 2001 19:22:10 +0100
> From: Oliver Bleutgen <myzope@gmx.net>
>> Btw. with a small module it's even possible to log the usernames with
> apache,
>> something medusa isn't capabable of afaik (as of zope version < 2.3).
> Cool! What module is this, and how do you use it?
Heh, it's a apache-module written in perl called AuthAny that I leeched
somewhere and it's sole purpose is to make apache think there's
authentication going on so that he logs the names and to _require_
a username and password, but I think that is easily fixable if you want to
allow anonymous logins.
I would describe that as a hack, but I wouldn't be able to
modify apaches itself for a more "correct" solution even when
my life depended on it.
I use this in http.conf
<Directory proxy:*>
PerlAuthenHandler Apache::AuthAny
AuthType Basic
AuthName "Your Login..."
AuthUserFile "/web/site/bogus_userfile.txt"
require valid-user
</Directory>
Don't rember whether AuthUserFile is necessary, it may be
just an artifact of some other experiments.
AuthAny.pm is an amazingly complex (;-)) perl-module which
has to be put into the right location, which is in Suse (7.0):
/usr/lib/perl5/site_perl/5.005/i586-linux/Apache/AuthAny.pm
package Apache::AuthAny;
# file: Apache/AuthAny.pm
use strict;
use Apache::Constants qw(:common);
sub handler {
my $r = shift;
my($res, $sent_pw) = $r->get_basic_auth_pw;
return $res if $res != OK;
my $user = $r->connection->user;
unless($user and $sent_pw) {
$r->note_basic_auth_failure;
$r->log_reason("Both a username and password must be provided", $r->filename);
return AUTH_REQUIRED;
}
return OK;
}
1;
__END__
One note: Does anybody feel inspired to write a python module for
apache which hooks into zope's security mechanism and gives
a possibility for simple authentication which is shared between
zope and apache? For instance authenticate a user iff he is
allowed to access a certain "dummy" object.
That way one could easily manage access within zope
to files/scripts which are not inside the ZODB.
cheers,
oliver