Bio-Das-ProServer
33 results

 view release on metacpan or  search on metacpan

lib/Bio/Das/ProServer/Authenticator/ip.pm  view on Meta::CPAN 

The IP addresses that are checked against the whitelist are:
  1) that of the socket connection
  2) those listed in the X-Forwarded-For HTTP header

The latter is necessary for clients and servers operating behind proxies.

IMPORTANT NOTE:
Because IP addresses can be spoofed by clients, this is NOT a robust method of
securing data.

=head1 CONFIGURATION AND ENVIRONMENT

The whitelist for IP addresses is configured in the source INI section, using
any combination of specific, additive, range or CIDR format IPs. Valid
separators are comma and semicolon.

  [mysource]
  authenticator = ip
  authallow     = 1.2.3.4,193.62.196.0 + 255 , 123.123.123.1 - 123.123.123.10 ; 192.168/16

=head1 SUBROUTINES/METHODS

=head2 authenticate : Applies authentication to a request.

  Requires: a hash reference containing details of the DAS request
  Returns:  either nothing (allow) or a HTTP::Response (deny)

  my $allow = $oAuth->authenticate({
    'peer_addr' => $, # packed (socket IP address)
    'request'   => $, # HTTP::Request object (for X-Forwarded-For header)
    ...
  });

=head2 ip : Gets the authenticated IP address

  my $sIp = $oAuth->ip();

=head2 init : Initialises the IP whitelist

=head1 DIAGNOSTICS

  my $auth = Bio::Das::ProServer::Authenticator::ip->new({
    ...
    'debug'  => 1,
  });

=head1 DEPENDENCIES

=over

=item L<Carp|Carp>

=item L<Net::IP|Net::IP>

=item L<Socket|Socket>

=item L<Bio::Das::ProServer::Authenticator|Bio::Das::ProServer::Authenticator>

=back

=head1 BUGS AND LIMITATIONS

Clients that are separated from the server by an anonymising HTTP proxy (i.e.
one that does not reveal the client's IP address in the X-Forwarded-For HTTP
header) will always fail this method of authentication.

Note that clients may spoof an IP address in the X-Forwarded-For header.
Therefore this method of authentication is not a robust security precaution.

=head1 INCOMPATIBILITIES

None reported.

=head1 AUTHOR

Andy Jenkinson <andy.jenkinson@ebi.ac.uk>

=head1 LICENSE AND COPYRIGHT

Copyright (c) 2008 EMBL-EBI

=cut



( run in 2.019 seconds using v1.01-cache-2.11-cpan-39bf76dae61 )