diff options
Diffstat (limited to 'sca-cpp/trunk/modules')
-rwxr-xr-x | sca-cpp/trunk/modules/http/httpd-conf | 21 | ||||
-rwxr-xr-x | sca-cpp/trunk/modules/http/httpd-ssl-conf | 8 | ||||
-rwxr-xr-x | sca-cpp/trunk/modules/http/proxy-base-conf | 4 | ||||
-rwxr-xr-x | sca-cpp/trunk/modules/http/proxy-conf | 4 | ||||
-rwxr-xr-x | sca-cpp/trunk/modules/http/proxy-ssl-conf | 1 | ||||
-rwxr-xr-x | sca-cpp/trunk/modules/http/vhost-conf | 1 | ||||
-rwxr-xr-x | sca-cpp/trunk/modules/http/vhost-ssl-conf | 1 | ||||
-rw-r--r-- | sca-cpp/trunk/modules/oauth/mod-oauth1.cpp | 5 | ||||
-rw-r--r-- | sca-cpp/trunk/modules/oauth/mod-oauth2.cpp | 5 |
9 files changed, 37 insertions, 13 deletions
diff --git a/sca-cpp/trunk/modules/http/httpd-conf b/sca-cpp/trunk/modules/http/httpd-conf index f940073a91..74b3944cc1 100755 --- a/sca-cpp/trunk/modules/http/httpd-conf +++ b/sca-cpp/trunk/modules/http/httpd-conf @@ -121,6 +121,7 @@ SetOutputFilter RATE_LIMIT;DEFLATE BrowserMatch ^Mozilla/4 gzip-only-text/html BrowserMatch ^Mozilla/4\.0[678] no-gzip BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html +BrowserMatch ^check_http/ check_http SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary Header append Vary User-Agent env=!dont-vary @@ -141,12 +142,24 @@ RewriteCond %{HTTP:X-Forwarded-Server} ^$ [NC] RewriteRule .* http://$host$pportsuffix%{REQUEST_URI} [R] </Location> +# Enable server status +<Location /server-status> +SetHandler server-status +HostnameLookups on +</Location> + +<Location /server-info> +SetHandler server-info +HostnameLookups on +</Location> + Include conf/svhost.conf # Configure authentication Include conf/noauth.conf Include conf/locauth.conf Include conf/pubauth.conf +Include conf/adminauth.conf </VirtualHost> @@ -299,16 +312,16 @@ AuthType None Require all granted </Location> +EOF + +cat >$root/conf/adminauth.conf <<EOF + # Allow the server admin to view the server status and info <Location /server-status> -SetHandler server-status -HostnameLookups on Require user admin </Location> <Location /server-info> -SetHandler server-info -HostnameLookups on Require user admin </Location> diff --git a/sca-cpp/trunk/modules/http/httpd-ssl-conf b/sca-cpp/trunk/modules/http/httpd-ssl-conf index cb5ccfb8db..420d08ff87 100755 --- a/sca-cpp/trunk/modules/http/httpd-ssl-conf +++ b/sca-cpp/trunk/modules/http/httpd-ssl-conf @@ -78,6 +78,7 @@ Include conf/svhost-ssl.conf Include conf/noauth-ssl.conf Include conf/locauth-ssl.conf Include conf/pubauth-ssl.conf +Include conf/adminauth-ssl.conf </VirtualHost> @@ -98,6 +99,13 @@ Include conf/pubauth.conf EOF +cat >$root/conf/adminauth-ssl.conf <<EOF +# Generated by: httpd-ssl-conf $* +# Allow admin access +Include conf/adminauth.conf + +EOF + # Allow public access to server resources cat >$root/conf/noauth-ssl.conf <<EOF # Generated by: httpd-conf $* diff --git a/sca-cpp/trunk/modules/http/proxy-base-conf b/sca-cpp/trunk/modules/http/proxy-base-conf index e13ee0ef5d..c61c0e20d8 100755 --- a/sca-cpp/trunk/modules/http/proxy-base-conf +++ b/sca-cpp/trunk/modules/http/proxy-base-conf @@ -33,16 +33,14 @@ ProxyPass /server-info ! <Location /balancer-manager> SetHandler balancer-manager HostnameLookups on -Require user admin </Location> EOF -cat >>$root/conf/pubauth.conf <<EOF +cat >>$root/conf/adminauth.conf <<EOF # Generated by: proxy-conf $* # Allow the server admin to manage the load balancer <Location /balancer-manager> -HostnameLookups on Require user admin </Location> diff --git a/sca-cpp/trunk/modules/http/proxy-conf b/sca-cpp/trunk/modules/http/proxy-conf index 4c445db9fa..b2156e6f74 100755 --- a/sca-cpp/trunk/modules/http/proxy-conf +++ b/sca-cpp/trunk/modules/http/proxy-conf @@ -44,16 +44,14 @@ RequestHeader set X-Forwarded-Port %{SERVER_PORT}s <Location /balancer-manager> SetHandler balancer-manager HostnameLookups on -Require user admin </Location> EOF -cat >>$root/conf/pubauth.conf <<EOF +cat >>$root/conf/adminauth.conf <<EOF # Generated by: proxy-conf $* # Allow the server admin to manage the load balancer <Location /balancer-manager> -HostnameLookups on Require user admin </Location> diff --git a/sca-cpp/trunk/modules/http/proxy-ssl-conf b/sca-cpp/trunk/modules/http/proxy-ssl-conf index d87aea6670..94318d7db5 100755 --- a/sca-cpp/trunk/modules/http/proxy-ssl-conf +++ b/sca-cpp/trunk/modules/http/proxy-ssl-conf @@ -44,7 +44,6 @@ RequestHeader set X-Forwarded-Port %{SERVER_PORT}s <Location /balancer-manager> SetHandler balancer-manager HostnameLookups on -Require user admin </Location> EOF diff --git a/sca-cpp/trunk/modules/http/vhost-conf b/sca-cpp/trunk/modules/http/vhost-conf index 554a1638cd..6d977eb1d5 100755 --- a/sca-cpp/trunk/modules/http/vhost-conf +++ b/sca-cpp/trunk/modules/http/vhost-conf @@ -54,6 +54,7 @@ Include conf/dvhost.conf Include conf/noauth.conf Include conf/auth.conf Include conf/pubauth.conf +Include conf/adminauth.conf </VirtualHost> diff --git a/sca-cpp/trunk/modules/http/vhost-ssl-conf b/sca-cpp/trunk/modules/http/vhost-ssl-conf index 8445a20325..915137b51f 100755 --- a/sca-cpp/trunk/modules/http/vhost-ssl-conf +++ b/sca-cpp/trunk/modules/http/vhost-ssl-conf @@ -59,6 +59,7 @@ Include conf/dvhost-ssl.conf Include conf/noauth-ssl.conf Include conf/auth-ssl.conf Include conf/pubauth-ssl.conf +Include conf/adminauth-ssl.conf </VirtualHost> diff --git a/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp b/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp index 29fe756178..b927315393 100644 --- a/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp +++ b/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp @@ -435,7 +435,10 @@ static int checkAuthn(request_rec *r) { return httpd::reportStatus(accessToken(httpd::queryArgs(r), r, sc.appkeys, sc.mc)); } - // Redirect to the login page, unless we have a session id from another module + // Redirect to the login page, unless we have a session id or an authorization + // header from another module + if (apr_table_get(r->headers_in, (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authorization" : "Authorization") != NULL) + return DECLINED; if (hasContent(openauth::sessionID(r, "TuscanyOpenIDAuth")) || hasContent(openauth::sessionID(r, "TuscanyOpenAuth")) || hasContent(openauth::sessionID(r, "TuscanyOAuth2"))) diff --git a/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp b/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp index dbede7ed8b..05ad77d646 100644 --- a/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp +++ b/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp @@ -308,7 +308,10 @@ static int checkAuthn(request_rec *r) { return httpd::reportStatus(accessToken(httpd::queryArgs(r), r, sc.appkeys, sc.cs, sc.mc)); } - // Redirect to the login page, unless we have a session id from another module + // Redirect to the login page, unless we have a session id or an authorization + // header from another module + if (apr_table_get(r->headers_in, (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authorization" : "Authorization") != NULL) + return DECLINED; if (hasContent(openauth::sessionID(r, "TuscanyOpenIDAuth")) || hasContent(openauth::sessionID(r, "TuscanyOpenAuth")) || hasContent(openauth::sessionID(r, "TuscanyOAuth1"))) |