Apache-AppSamurai
view release on metacpan or search on metacpan
examples/conf/appsamurai-owa.conf view on Meta::CPAN
# Allow from all
#</Directory>
# Turn off client proxy requests (All requests mapped by Rewrite)
ProxyRequests Off
# Protect ALL proxied areas (by default) The actual proxy mapping is
# done with rewrite rules. (Be careful if you decide to make this
# a more specific path: You do not want to expose internal servers!)
# !!! MAKE SURE TO CONFIGURE THE IfDefine SECTION FOR YOUR VERSION !!!
# !!! OF MOD_PERL !!!
<IfDefine !MODPERL2>
<Directory proxy:*>
AuthType Apache::AppSamurai
# IMPORTANT - The auth name MUST match a configured AppSamurai auth name
AuthName "Owa"
# Map authentication checks to this method
PerlAuthenHandler Apache::AppSamurai->authenticate
# Map authorization checks to this method
PerlAuthzHandler Apache::AppSamurai->authorize
# Allow all IPs, but require a logged in user
Order deny,allow
Allow from all
Require valid-user
</Directory>
</IfDefine>
<IfDefine MODPERL2>
# (See !MODPERL2 section directly above for comments)
<Proxy *>
AuthType Apache::AppSamurai
AuthName "Owa"
PerlAuthenHandler Apache::AppSamurai->authenticate
PerlAuthzHandler Apache::AppSamurai->authorize
Order deny,allow
Allow from all
Require valid-user
</Proxy>
</IfDefine>
# Special ActiveSync configuration: Protects /Microsoft-Server-ActiveSync
# path with Basic Authentication login instead of form based. This is
# to support Windows Mobile devices. Other special parameters are used
# to support the non-cookie aware ActiveSync
# !!! MAKE SURE TO CONFIGURE THE IfDefine SECTION FOR YOUR VERSION !!!
# !!! OF MOD_PERL !!!
<IfDefine !MODPERL2>
<Directory proxy:https://__OWA_SERVER_FQDN__/Microsoft-Server-ActiveSync*>
# Set hard expiration (no matter what, the session is killed after this
# many seconds)
PerlSetVar OwaSessionExpire 86400
# Override the previously configured inactivity timer (only applies to this
# directory) 0 disables the timer
PerlSetVar OwaSessionTimeout 0
# ActiveSync does not maintain session cookies. This sets up a "custom
# keysource" to compute the session authentication key based on a set of
# headers and arguments. (Sort of a pseudo-cookie). This avoids losing
# sessions with ActiveSync. It is MUCH less secure, though! Only
# use this in conjuction with at least one token or OTP based authentication
# module. (SecurID, SafeWord, etc....) This custom keysource uses:
# 1) The "Authorization" header value
# 2) The "User-agent" header value
# 3) The "User" argument (ActiveSync devices add this to each request)
# 4) The "DeviceId" argument (ActiveSync adds this, and it should be unique
# per-device... not that it couldn't be spoofed)
PerlAddVar OwaKeysource header:Authorization
PerlAddVar OwaKeysource header:User-agent
PerlAddVar OwaKeysource arg:User
PerlAddVar OwaKeysource arg:DeviceId
# Note that "Basic" is used instead of "Apache::AppSamurai". This causes
# Apache to handle the basic authentication grunt work for us
AuthType Basic
# IMPORTANT - The auth name MUST match a configured AppSamurai auth name
AuthName "Owa"
# Map authentication checks to this method
PerlAuthenHandler Apache::AppSamurai->authenticate
# Map authorization checks to this method
PerlAuthzHandler Apache::AppSamurai->authorize
# Allow all IPs, but require a logged in user
Order deny,allow
Allow from all
require valid-user
</Directory>
</IfDefine>
<IfDefine MODPERL2>
# (See !MODPERL2 section directly above for comments)
<Proxy https://__OWA_SERVER_FQDN__/Microsoft-Server-ActiveSync*>
PerlSetVar OwaSessionExpire 86400
PerlSetVar OwaSessionTimeout 0
PerlAddVar OwaKeysource header:Authorization
PerlAddVar OwaKeysource header:User-agent
PerlAddVar OwaKeysource arg:User
PerlAddVar OwaKeysource arg:DeviceId
AuthType Basic
AuthName "Owa"
PerlAuthenHandler Apache::AppSamurai->authenticate
PerlAuthzHandler Apache::AppSamurai->authorize
Order deny,allow
Allow from all
require valid-user
</Proxy>
</IfDefine>
#### Rewrite/Proxy Rules ####
# !!! IMPORTANT NOTE !!!
( run in 0.557 second using v1.01-cache-2.11-cpan-39bf76dae61 )