I'm trying to set up a reverse proxy in Apache. The user will be required to log in, and will then be sent a cookie. I want Apache to check the cookie. Is there a way to do this?
EG, right now my config looks like this:
<VirtualHost *:82>
# username:password sent on to endpoint
RequestHeader set Authorization "Basic cm9vdjfjDJaGRvYa=="
ProxyPass /monitors/2/ http://192.168.1.6/foo.cgi
ProxyPassReverse /monitors/2/ http://192.168.1.6/foo.cgi
</VirtualHost>
Can I add something in the VirtualHost to restrict access based on a cookie?
Best Answer
Sure. I do the same thing.
When a user logs in, I give them a cookie and create a token in
/t/
tokenid, and put it in a cookie:S=
tokenid;PATH=/
Then, I can use
RewriteCond
to check for the file's existence:Finally, a garbage collector runs periodically and deletes old tokens:
To make the atime automatically update, I have
/t
mounted withoutnoatime
, and I have it web-accessible (but not indexed) and part of the stylesheet references/loggedin.txt
which is rewritten as: