为什么将Auth Radius模块和Login Form模块和Reverse Proxy使用到另一个App时,Apache Web Server两次提交请求

编程问答 2022-08-12

问题描述

我有3层架构:

  • A)身份验证提供程序-Radius服务器(主机名:radius-server.auth,端口:812)
  • B)同时验证客户端+反向代理服务器( Apache Web服务器)??
  • C)申请

这是流程:

  • 用户访问/login.html的(B),输入其凭据并提交表格
  • 表单提交重定向到/authcheck端点,在该端点使用模块半径根据身份验证提供程序(A)检查凭据。
  • 如果可以,(B)允许访问ProxyPass网站。

这是其中的httpd.conf 

Listen 8998
<VirtualHost *:8998>
  # AddRadiusAuth server:port shared_secret timeout[:retries]
  # Example server (change to fit your needs):
  AddRadiusAuth radius-server.auth:1812 bigsecret 60:2

  # AddRadiusCookieValid time_in_minutes
  AddRadiusCookieValid 60

  ProxyPass /login.html !
  ProxyPassReverse /login.html !
  ProxyPass /authcheck !
  ProxyPassReverse /authcheck !
  ProxyPass / http://sample-secure-app/
  ProxyPassReverse / http://sample-secure-app/
  ProxyPreserveHost On
  ProxyRequests On
  <Location />
      AuthType Form
      AuthName "Radius Authentication"
      AuthFormProvider radius
      # AuthFormLoginRequiredLocation "/login.html"
      AuthFormLoginRequiredLocation /login.html?req=%{REQUEST_URI}
      AuthFormLoginSuccessLocation "/"
      AuthBasicAuthoritative Off
      AuthRadiusAuthoritative on
      #  <minutes-for-which-cookie-is-valid>
      AuthRadiusCookieValid 3
      AuthRadiusActive On
      require valid-user

      Session On
      # <maximum age in seconds for a session>
      SessionMaxAge 120
      # On https://httpd.apache.org/docs/trunk/mod/mod_session_cookie.html
      # SessionCookieMaxAge Off
      SessionCookieName session path=/
      # SessionCookieName2 session path=/;domain=localhost;httponly;secure;version=1;

      SessionCryptoPassphrase any-secret-passphrase
  </Location>
  <Location /authcheck>
      SetEnvIf Referer ^.*req=(.*)&?$ req=$1
      SetHandler form-login-handler
      AuthType Form
      AuthName "Radius Authentication"
      AuthFormProvider radius
      AuthFormLoginRequiredLocation "/login.html"
      AuthFormLoginSuccessLocation  %{ENV:req}
      AuthBasicAuthoritative Off
      AuthRadiusAuthoritative on
      AuthRadiusCookieValid 3
      AuthRadiusActive On
      require valid-user

      Session On
      # <maximum age in seconds for a session>
      SessionMaxAge 120
      # SessionCookieMaxAge Off
      SessionCookieName session path=/
      # SessionCookieName2 session path=/;domain=localhost:8998;httponly;secure;version=1;
      SessionCryptoPassphrase any-secret-passphrase
  </Location>
  <Location /login.html>
      Require all granted
  </Location>

RADIUS服务器(身份验证提供程序)有一些限制,由于它是由RSA服务器烤制的,因此两次都不接受密码。因此,密码为 RSA令牌密码(基于设备的身份验证)

因此,如果两次提交“登录”表单,则两次提交RSA密码(“密码”),从而使Auth提供者(A)拒绝访问。

这是我的事情,我意识到请求(表单提交)已经完成了两次。

为什么要重新提交?

我怀疑位置的冗余性,因为/authcheck被两个位置覆盖:

  • <Location />:涵盖所有链接,包括/authcheck
  • <Location /authcheck>:封面/authcheck

我尝试将/authcheck从一般的<Location />中排除,我尝试了:

 <Location ~ "^((?!/authcheck).)*$">

但同样的问题?

解决方法

暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!

如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。

小编邮箱:dio#foxmail.com (将#修改为@)

apachehttpd.confradiusreverse-proxytotp

相关问答

matplotlib报错:AttributeError: module 'backend_interagg' has no attribute 'FigureCanvas'. Did you mean: 'FigureCanvasAgg'?
使用本地python环境可以成功执行 import pandas as pd impor...
gitlab登录失败,报错:This challenge page was accidentally cached by an intermediary and is no longer available.
设置时间 控制面板
后端开发常见错误
错误1:Request method ‘DELETE‘ not supported 错误还原:...
docker常见错误
错误1:启动docker镜像时报错:Error response from daemon:...
idea常见错误
错误1:private field ‘xxx‘ is never assigned 按Alt...
pip安装依赖失败
报错如下,通过源不能下载,最后警告pip需升级版本 Requirem...