Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling
 
PerlMonks  

(OT) Query String Validation in Apache

by prasee (Initiate)
on Aug 13, 2014 at 15:03 UTC ( [id://1097297]=perlquestion: print w/replies, xml ) Need Help??

prasee has asked for the wisdom of the Perl Monks concerning the following question:

Hello There,

I am a beginner in Apache and trying to figure out a way to validate a query string in the request handled by Apache and proxy the request to backend application only upon validation of the query string value.

For Example My current Virtual Host directive in httpd.conf is like this. Please excuse me if this is lengthy. 

==================================================
<Location /fed/idp>
 # Standalone weblogic that contains the custom code
 WebLogicHost <hostname>.<domain>.com
 WebLogicPort 7499
 # If Client Certificate Authentication successful in Apache,
 # redirect to AD Authentication for 2nd Factor
 RewriteEngine On
 RewriteCond %{SSL:SSL_CLIENT_VERIFY} ^SUCCESS$
 # If referenceid is not found in the query string, it means the user 
+is first time user.
 # Send him to custom code for 2nd factor AD AuthN
 RewriteCond %{QUERY_STRING} !referenceid
 # Application deployed in Weblogic for AD AuthN
 RewriteRule .* /authenticator/internal/Processor [L]
==================================================

[download]

In the above piece, I am passing the request to a custom AD Authentication module deployed in my Weblogic if Certificate AuthN succeeds to perform a 2-factor AuthN.

1) For a first time user, upon certificate AuthN success in Apache, his request will not contain a query string named "referenceid" (which is set by my custom AuthN module that gets invoked in #2 below ) and so the user will be directed to AD Authentication module for 2nd factor Authentication.

2) Upon successful AD Authentication, I will set a random "referenceid:value" in the original request URL as query string and redirect back to Apache.

3) Now when Apache receives this access request from #2 above, Cert AuthN will not be invoked as there will be a SSL session maintained. But to identify whether this user access has to be sent to AD AuthN, i currently validate the existence of referenceid in query string.

However, I want to actually validate whether the value of referenceid in the query string matches with what i have set in #2. If successful, I do not want the second factor AuthN to be invoked. The user must be proxied to the backend application directly.

Please help !

Replies are listed 'Best First'.
Re: (OT) Query String Validation in Apache
by frozenwithjoy (Priest) on Aug 13, 2014 at 18:52 UTC
    Hi. You might want to ask this in an Apache-related forum or IRC channel. Since your question doesn't involve Perl, you may not get the best answers here.
[reply]
      Hello frozenwithjoy, Thanks for the reply. I wanted to know if this is by any chance achievable with apache's mod_perl module. So have posted this question here.
[reply]

Back to Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: perlquestion [id://1097297]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others contemplating the Monastery: (5)
As of 2024-04-23 18:23 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found