Querying an external datasource

A TrafficScript rule can ask ZXTM to query an external datasource using HTTP. For example, ZXTM could validate a request's credentials by querying an external database via a web gateway.

In this sample rule, ZXTM extracts and decodes the username and password given in a Basic authentication header. ZXTM then sends the username and password to a script on a nearby websserver which contains all the logic to check the credentials. The webserver returns an 'OK' message if the credentials check out.

# This returns the header value 'Basic 3AD35sd5oPkS4nHha2'
$auth = http.getHeader( "Authorization" );

# Extract and decode the encoded username and password
$enc = string.skip( $h, 6 );
$userpasswd = string.base64decode( $enc );

# Parse the username:password string
string.regexmatch( $userpassword, "([^:]*):(.*)" );
$user = $1; $password = $2;

# Query the 'auth.cgi' script on http://192.168.1.4/
$body = http.request.get( "http://192.168.1.4/auth.cgi?username=".$user."&password=".$password );

if( string.contains( $body, "OK" ) ) {
   # the credentials check out OK
   ...
} else {
   # the credentials are bogus!
   ...
}

A more complete implementation of this would have to send the '401 Authenticate' response and 'WWW-Authenticate' header, and would probably use 'data.set()' and 'data.get' to cache the responses from the remote authentication server to improve performance.

Owen Garrett [Zeus Dev Team] 01 July 2005