Apache-AppSamurai
view release on metacpan or search on metacpan
* Test!
* DOCUMENT!!! (at least in the module POD)
* Share! (optional... but please share)
OWA Proxy Example
-----------------
Q: Why do I get "Access Denied" instead of the login page when I first connect?
A: Make sure your rewrite rules are used inside a VirtualHost section. If you would rather leave them global, add the following lines to your SSL VirtualHost section:
RewriteEngine on
RewriteOptions inherit
Q: Under Apache 2, in error_log or ssl_error_log, why do I see errors like: "SSL Proxy requested for FQDN:443 but not enabled [Hint: SSLProxyEngine]"
A: Put the following line into your SSL VirtualHost section(s):
SSLProxyEngine on
Q: Why do you have near-duplicate proxy directory sections, with the only difference being <Directory proxy:*> vs. <Proxy *> ?
A: IfDefine can not be used to just wrap the Directory or Proxy tag. This breakage appears to be completely undocumented, and yes, there is a dent in the wall by my desk that I blame directly for it.
examples/conf/appsamurai-owa.conf view on Meta::CPAN
# 5) You should be able to use ActiveSync with a device attached to your
# internal network. (Microsoft's Windows Mobile emulator is helpful
# for testing.)
#
# For your AppSamurai server:
# 1) You must have a SSL certificate signed by a trusted CA.
# 2) You must have an EXTERNAL DNS entry pointing the FQDN of your OWA
# server to the external IP (or NAT IP) your AppSamurai proxy will be
# available from.
# 3) You must configure (at least one) SSL enabled VirtualHost section
# 4) You must enable Rewrite and pull in global Rewrite rules inside your
# VirtualHost section (See last section of this file for sample)
#
# On your firewall:
# 1) Open up access to port 443 on your AppSamurai proxy
# 2) Open access from your AppSamurai server's real IP to port 443 of your
# OWA server
# 3) Open access from your AppSamurai server's real IP to any authentication
# services it will be using.
#
# Reference:
examples/conf/appsamurai-owa.conf view on Meta::CPAN
PerlAuthzHandler Apache::AppSamurai->authorize
Order deny,allow
Allow from all
require valid-user
</Proxy>
</IfDefine>
#### Rewrite/Proxy Rules ####
# !!! IMPORTANT NOTE !!!
# Rewrite options are not global by default! Make sure to read the
# extra section at the bottom of this file.
# Enable rewrites for default (non-virtual) hosts
RewriteEngine On
# Block access to common IIS hackable areas
RewriteRule ^(.*)?/iisadmin/? - [F,L]
RewriteRule ^(.*)?/samples/? - [F,L]
RewriteRule ^(.*)?/scripts/? - [F,L]
RewriteRule ^(.*).ida$ - [F,L]
examples/conf/appsamurai-owa.conf view on Meta::CPAN
<VirtualHost _default_:80>
DocumentRoot __DOCUMENT_ROOT__
ServerName __OWA_SERVER_FQDN__
# This redirects and strips any GET arguments
RedirectMatch (.*) https://__OWA_SERVER_FQDN__
</VirtualHost>
<IfDefine Comment>
#### Per-VirtualHost Configuration ####
# Rewrite rules are not (by default) global. In addition, Apache 2 introduced
# the SSLProxyEngine option. The following lines (till the #### END ... line)
# should be inserted into the VirtualHost section(s) serving your AppSamurai
# protected resources.
# Enable rewrite engine inside virtualhost
RewriteEngine on
# Inherit rewrite settings from parent (global)
RewriteOptions inherit
# Enable proxy connections to SSL (Why is this off by default?)
SSLProxyEngine on
#### END Per-VirtualHost Configuration ####
</IfDefine>
lib/Apache/AppSamurai.pm view on Meta::CPAN
Each configuration option must be prefixed by the I<AuthName> for the
Apache::AppSamurai instance you wish to apply the option to. This
I<AuthName> is then referenced within the protected area(s). Most of setups
only require one I<AuthName>. You can call it "BOB" or "MegaAuthProtection".
You can even call it "authname".
B<IMPORTANT NOTE> - The I<AuthName> is omitted in the configuration
descriptions below for brevity. "Example" is used as the I<AuthName> in the
L</EXAMPLES> section.
Most setups will include a set of global configuration values to setup the
Apache::AppSamurai instance. Each protected area then points to a specific
AuthName and Apache::AppSamurai methods for authentication and
authorization.
=head2 GENERAL CONFIGURATION
=head3 I<Debug> C<0|1>
(Default: 0)
Set to 1 to send debugging output to the Apache logs. (Note - you must have
lib/Apache/AppSamurai.pm view on Meta::CPAN
# Block all other requests
RewriteRule .* - [F]
#*FOR MODPERL2 YOU MUST UNCOMMENT AND PUT THE FOLLOWING INSIDE
# RELEVANT VirtualHost SECTIONS (For most Apache2 setups, this would be
# the "<VirtualHost _default_:443>" section inside ssl.conf)
#
## Enable rewrite engine inside virtualhost
#RewriteEngine on
## Inherit rewrite settings from parent (global)
#RewriteOptions inherit
## Enable proxy connections to SSL
#SSLProxyEngine on
=head1 EXTENDING
Additional authentication modules, tracking features, and other options
can be added to Apache::AppSamurai. In the case of authentication modules,
all that is required is creating a new module that inherits from
lib/Apache/AppSamurai/Util.pm view on Meta::CPAN
file, remnant data on a hard drive, or from a hacked database.
=head2 CheckSidFormat()
Check input scalar for proper ID format. (Characters and length.) Returns
the untainted input, or undef on failure.
Apache::AppSamurai currently uses SHA256 for all digest and ID functions.
All are represented as hex strings with a length of 32 characters. (256 bits
divided by 4 characters per nibble.) This magic number is set in the C<$IDLEN>
global in the Util.pm file. Future versions may be more flexible and allow
alternate digest algorithms.
=head2 CheckUrlFormat()
Check the scalar for proper URL formatting. Returns the untainted URL or undef
on failure.
This is just a basic check, and allows through ftp:, gopher:, etc in addition
to http: and https:. It is just a sanity check. Apply more extensive
filtering using mod_rewrite or other means, as needed.
( run in 1.850 second using v1.01-cache-2.11-cpan-1d5ca39e368 )