Using ZXTM with htaccess authentication

You have a fully operational authoriser system in place for validating URL access. This forces all client IPs to provide their username/password details before the webserver will authorize their connection.

You wish to let certain, trusted, users access your website without providing login credentials.

Solution

Preparation

Within $ZEUSHOME/zxtm/conf/extra you will need to create a text file called trusted_ips.txt.

touch $ZEUSHOME/zxtm/conf/extra/trusted_ips.txt

Make sure the file permissions are correct for ZXTM to read it:

chmod 755 $ZEUSHOME/zxtm/conf/extra/trusted_ips.txt
root:/zxtm/conf/extra ls -l
total 4
-rw-r--r-- 1 root root 14 2006-06-15 14:24 trusted_ips.txt

Edit this file, using your favourite text editor. Within this file enter your list of space separated trusted IP addresses. Our file reads like this:

 10.100.1.98 10.100.2.53 10.100.1.74 10.100.1.189

Let's add the below trafficscript to a response rule:

$trusted_user_file = "trusted_ips.txt";
 
# get client ip address
$ip = request.getRemoteIP();
 
# test if the trusted IP file list exists
# if no list then exit, forcing user to authenticate manually
if( !resource.exists( $trusted_user_file ) ) {
       log.info( "Missing: " . $trusted_user_file);
       break;
}
 
# read in the trusted IPs from file
$trusted_ips = resource.get( "trusted_ips.txt" );
 
# test if user IP is in trusted IP list
# exit if not in list, forcing user to authenticate manually
if( string.regexmatch( $trusted_ips, $ip ) ) {
	# We only get this far if we have a trusted user
	# let's authenticate for them
	# uncomment the line below to create a log entry for each trusted user
	log.info( "Authenticating for Trusted User: " . $ip );
 
	$username = "admin";
	$password = "admin";
	$encoded = string.base64encode( $username . ":" . $password );
	http.addheader( "Authorization", "Basic " . $encoded );
}
break;

The above TrafficScript rule uses the resource.get function to read the contents of the above file containing a list of permitted IP addresses.

If the client IP address is contained within the file, the user is automatically authenticated. If not, user is requested to input their authentication details.

Graham Moore [Zeus Systems Engineering] 15 June 2006 Bookmark with del.icio.us Post this article to Digg Post this article to reddit Post this article to Facebook Tweet this article  
Leave a comment ...
Your email address will not be displayed.
Your URL will be displayed.
This public messageboard is not a forum for technical support. To report technical support problems, please contact our dedicated Support team using the instructions at the bottom of this page.
Options:
 
(Line breaks become <br />)
(Set cookies for name, email & url)

Recently...

Other Resources