perlquestion
cLive ;-)
<p>I'm trying to write a proxy server that will automatically add basic authentication to a request to a particular host. I've been having a play with [BooK]'s HTTP::Proxy, but can't seem to get it to work as expected. Here's the server:</p>
<code>
#!/usr/bin/perl
use HTTP::Proxy qw();
use strict;
use warnings;
my $proxy = HTTP::Proxy->new( port => 3128 );
$proxy->push_headers_filter(
request => sub {
my $headers = shift;
# grabbed from http request header of logged in browser
$headers->header( Authorization => "BASIC cm9verMSZXZhadDpRHRq");
},
response => sub {
$_[0]->remove_header(qw(WWW-Authenticate));
},
);
$proxy->start;
</code>
So far, the proxy server works OK as far as other domains go. But, when I try to connect to the authentication server, I still get the enter password box.</p>
<p>Any suggestions on how to proceed?</p>
<p>I'm not 100% sure I'm doing this the right way either - the docs for the module are quite basic, and I haven't found any tutorials yet on writing proxies.</p>
<p>The above example is for just one password. In reality, there may be a few, and I need to add the correct encrypted password to the request header as appropriate.</p>
<p>Or maybe there's a better way to achieve this? What I need to be able to do is:</p>
<ul>
<li>authenticate users via proxy (probably set a session cookie)</li>
<li>when authenticated by the proxy, if a user calls a password protected server in my list, I automatically add Authorization headers to requests, so they get a seamless login and don't have to know passwords (and I can lock them out as needed)</li>
<li>only call the push_headers_filter() method if user's sessioncookie is valid and site is on list.</li>
</ul>
<p>I do not have access to the machine sending the username/password challenges.</p>
<p>Any thoughts or suggestions?</p>
<p>cLive ;-)</p>