Using ZXTM with htaccess authenticationYou have a fully operational authoriser system in place for validating URL access. This forces all client IPs to provide their username/password details before the webserver will authorize their connection. You wish to let certain, trusted, users access your website without providing login credentials. SolutionPreparationWithin $ZEUSHOME/zxtm/conf/extra you will need to create a text file called trusted_ips.txt. touch $ZEUSHOME/zxtm/conf/extra/trusted_ips.txt Make sure the file permissions are correct for ZXTM to read it: chmod 755 $ZEUSHOME/zxtm/conf/extra/trusted_ips.txt root:/zxtm/conf/extra ls -l total 4 -rw-r--r-- 1 root root 14 2006-06-15 14:24 trusted_ips.txt Edit this file, using your favourite text editor. Within this file enter your list of space separated trusted IP addresses. Our file reads like this: 10.100.1.98 10.100.2.53 10.100.1.74 10.100.1.189 Let's add the below trafficscript to a response rule:
$trusted_user_file = "trusted_ips.txt";
# get client ip address
$ip = request.getRemoteIP();
# test if the trusted IP file list exists
# if no list then exit, forcing user to authenticate manually
if( !resource.exists( $trusted_user_file ) ) {
log.info( "Missing: " . $trusted_user_file);
break;
}
# read in the trusted IPs from file
$trusted_ips = resource.get( "trusted_ips.txt" );
# test if user IP is in trusted IP list
# exit if not in list, forcing user to authenticate manually
if( string.regexmatch( $trusted_ips, $ip ) ) {
# We only get this far if we have a trusted user
# let's authenticate for them
# uncomment the line below to create a log entry for each trusted user
log.info( "Authenticating for Trusted User: " . $ip );
$username = "admin";
$password = "admin";
$encoded = string.base64encode( $username . ":" . $password );
http.addheader( "Authorization", "Basic " . $encoded );
}
break;
The above TrafficScript rule uses the resource.get function to read the contents of the above file containing a list of permitted IP addresses. If the client IP address is contained within the file, the user is automatically authenticated. If not, user is requested to input their authentication details.
Graham Moore
[Zeus Systems Engineering] 15 June 2006
|
Recent Articles
Other Resources
|



