Hope this helps.

Liz

I'm assuming url credentials like http://username:password@some.host/ aren't relevant.

LWP's GET -eSUd is a good debugging aid here. It'll show you the basic headers to compare to your own.

Another idea: put up your own server and watch the requests (or proxy your proxy to see what it's trying to do)

---
(1) I tried to write a module that would fallback to using the basic credentials as a pseudo-cookie if a client had cookies switched off. Many 401's and 30x's later I discovered that it wasn't practically possible if you want to support Mozilla and changing user(IE works though). "wasn't practically possible" is a big call, let's say I couldn't do it.

The username/password combo is base64 encoded and sent as a line of the request header.

I'm looking to intercept the request to add this authentication header. I just had the remove header in while playing around with it.

I guess I just want to see a non trivial example of this module in action.

.02

cLive ;-)

What you want to do is to add auto-authentication to a particular web site. I'll talk about how you could do this with the next version of HTTP::Proxy, which will be out someday, when I have more time to work on the remaining details.

I must admit I haven't read your code that much, and that the old API is a little behind me now, but:

• You simply have to add a filter that adds the correct WWW-Authenticate: header (you can sniff the connection, for example). You shouldn't receive any 401, since you are authenticated.
• You should only push this filter for request that you need to authenticate:

  proxy->push_headers_filter(
      host    => 'www\\.example\\.com',    # it's a regexp
      request => sub {
          my ( $headers, $message ) = @_;
          $headers->header( Authorization => "Basic cm9verMSZXZhadDpRHRq
  +" );
      }
  );
  [download]

• There is no need for a response filter, if the answer you get is a 200. If you are correctly authenticated by the server, it won't send back a WWW-Authenticate: header.
• If you send the wrong password, you'll get a 401.
• Did you try Basic instead of BASIC?
• A possible application would be a filter that catches WWW-Authenticate: and Authorization: to store/cache authentication information and reuse it for all users.

In your post you say:

the docs for the module are quite basic

I resent that... ;-) In version 0.09, the HTTP/Proxy.pm file is 974 lines long, and there are 303 lines of pod documentation. Please tell me what's missing, so I can improve that in the next version (where 12 new modules will appear).

Warning: The HTTP::Proxy API will change a lot in version 0.10. It should be much easier to write simple filters, and a lot of helper filters and examples will be included. The latest CVS snapshot is always available from http://http-proxy.mongueurs.net/.

For those interested, an example proxy is running most of the time on home.bruhat.net:8080. (It's a proxy: you need to configure your browser to use it.)

"Please tell me what's missing"

Just some more slightly complicated examples :) I get the general idea, but it would be good to include an example that does quite a bit more based on the request - eg, cookie retrieval and testing and then proceeding based on cookie value etc...

But thanks for the reply. Much appreciated :)

cLive ;-)