Project

General

Profile

[Solved] Authentication based redirection

Added by junksmi almost 9 years ago

Damn, who wants to test the links in preview by clicking, is doomed to type the message twice :( :( :(

Well, I started the discussion here http://redmine.lighttpd.net/issues/show/1498 :

Anyways, this is my use case of user- or authentication- based redirection:

  • I give all my users a single adress myserver.com (the webserver 'root')
  • when they go there, they are asked to login
  • upon login, they are respectively redirected to their dirs (user1 to user1.myserver.com [or myserver.com/user1, doesn't matter])
  • If user1 finds out an adress of user2, and enters user2.myserver.com/... [or myserver.com/user2/...], given user1 credentials are given, user1 is again redirected to webserver root (and from there to home user1.myserver.com [or myserver.com/user1])
  • admin should have access to webserver root and all directories below

I somewhat achieved this using php, but the solution is based on expiration of one-second cookies, and so it gets easy to say click on the webserver-root link as user1, and manage to send a request while the cookie hasn't expired yet, thereby gaining access.. Which is why I think solving this on the level of the server (lighttpd.conf) would be best :)

Here are the two files:

lighttpd.conf
http://pastebin.com/f7687751b

redirect.php
http://pastebin.com/f230ea369

Ideally, I'd like to have all users actually taken to webserver root upon login, and having shown only directories they have access to (so admin would see /admin, /user1, /user2, /guest; user1 would see /user1, /guest; user2 would see /user2, /guest; guest would only see /guest) - this could ideally be achieved (from admin perspective) by some sort of a chain in the .conf file, which also relates to dirlister properties...

Well, hope to hear back some comments - or suggestions on how to achieve what I want :) Thanks...


Replies (1)

RE: [Solved] Authentication based redirection - Added by gstrauss 9 months ago

As noted in #1498, use mod_magnet with some custom lua code to get REMOTE_USER from the environment. REMOTE_USER will be the authenticated user, if authentication has occurred. If your router does not have mod_magnet, then you can build the package yourself with a cross-compilation environment. Alternatively, see if mod_magnet is part of a separate package for your router, or ask the maintainer to build mod_magnet with the lighttpd package. If none of this is possible, then it is also unlikely that you would be able to get the maintainer to release a package with an upgraded version of lighttpd.

    (1-1/1)