[Solved] Authentication based redirection

Added by junksmi over 9 years ago

Damn, who wants to test the links in preview by clicking, is doomed to type the message twice :( :( :(

Well, I started the discussion here :

Anyways, this is my use case of user- or authentication- based redirection:

  • I give all my users a single adress (the webserver 'root')
  • when they go there, they are asked to login
  • upon login, they are respectively redirected to their dirs (user1 to [or, doesn't matter])
  • If user1 finds out an adress of user2, and enters [or], given user1 credentials are given, user1 is again redirected to webserver root (and from there to home [or])
  • admin should have access to webserver root and all directories below

I somewhat achieved this using php, but the solution is based on expiration of one-second cookies, and so it gets easy to say click on the webserver-root link as user1, and manage to send a request while the cookie hasn't expired yet, thereby gaining access.. Which is why I think solving this on the level of the server (lighttpd.conf) would be best :)

Here are the two files:



Ideally, I'd like to have all users actually taken to webserver root upon login, and having shown only directories they have access to (so admin would see /admin, /user1, /user2, /guest; user1 would see /user1, /guest; user2 would see /user2, /guest; guest would only see /guest) - this could ideally be achieved (from admin perspective) by some sort of a chain in the .conf file, which also relates to dirlister properties...

Well, hope to hear back some comments - or suggestions on how to achieve what I want :) Thanks...

Replies (1)

RE: [Solved] Authentication based redirection - Added by gstrauss about 1 year ago

As noted in #1498, use mod_magnet with some custom lua code to get REMOTE_USER from the environment. REMOTE_USER will be the authenticated user, if authentication has occurred. If your router does not have mod_magnet, then you can build the package yourself with a cross-compilation environment. Alternatively, see if mod_magnet is part of a separate package for your router, or ask the maintainer to build mod_magnet with the lighttpd package. If none of this is possible, then it is also unlikely that you would be able to get the maintainer to release a package with an upgraded version of lighttpd.