[nycphp-talk] Apache Mod-Proxy Access Control
csnyder
chsnyder at gmail.com
Thu May 29 16:08:56 EDT 2008
On Thu, May 29, 2008 at 2:03 PM, Joe Leo <joeleo724 at gmail.com> wrote:
> The www.mainsite.com has my drupal users where they can sign-up and
> authenticate. What I want is: If users enter url server1.mainsite.com then
> the proxy would somehow prompt users to first login. But, I'm not sure how
> this can be done/achieved. I would appreciate any comments/suggestions to
> accomplish this.
>
It sounds tough, because the browser isn't going to send the
www.mainsite.com cookie to server1.mainsite.com.
But wait, you said www was acting as a reverse proxy, so why would
someone go directly to server1?
If all the connections go through www, you can use mod_rewrite to
check for existence of drupal's session cookie, and redirect to login
if not found.
If someone knew the setup, they could fake the drupal cookie, so if
you're trying to protect something valuable using this scheme you may
need to consider a different mechanism, such as an auto-prepend script
that checks if the session is valid.
--
Chris Snyder
http://chxo.com/
More information about the talk
mailing list