I have tested the below nginx config:
server {
location /foo/ {
auth_basic "This part of website is restricted";
auth_basic_user_file /etc/apache2/.htpasswd;
}
}
but it is not prompting authentications popup.
Is there something else to be changed for authentication to pop up on every reload?
Related
I have recently installed Opensips 3.1. I am able to add SIP phones and place local LAN calls. I am trying to setup a inbound gateway connection with SIP provider Skyetel using IP Authentication. Everything is setup on the Skyetel side. From Opensips Control Panel, routing has been setup with all of the Skyetel gateways. Skyetel sends OPTIONS request, but Opensips seems not be able to process the request. Opensips is sending a 403 Relay Forbidden response. I am using the default config file, and I see that the 403 response is processing at the below step -
if ( !(is_method("REGISTER") || is_from_gw() ) ) {
if (is_from_local()) {
# authenticate if from local subscriber
# authenticate all initial non-REGISTER request that pretend to be
# generated by local subscriber (domain from FROM URI is local)
if (!proxy_authorize("", "subscriber")) {
proxy_challenge("", "auth");
exit;
}
if ($au!=$fU) {
send_reply(403,"Forbidden auth ID");
exit;
}
consume_credentials();
# caller authenticated
} else {
# if caller is not local, then called number must be local
if (!is_uri_host_local()) {
send_reply(403,"Relay Forbidden");
exit;
Also, I have added the SKyetel gateways as aliases in the config file and no change.
alias="52.41.52.34"
alias="35.85.225.96"
alias="52.60.138.31"
alias= 3.99.65.224
alias="52.8.201.128"
Any help on this would be appreciated.
I'm trying to set up nginx to reference a docker container. Ultimately, I'd like to configure nginx to direct traffic to multiple docker containers, but I'm stuggling to get the location working.
This works:
http {
server {
location / {
proxy_pass http://172.20.0.10:8000/;
}
}
}
When using the above configuration, I can go to http://<server-ip-address>/, and see the website.
However, when I try to modify the location, like so
http {
server {
location /path/ {
proxy_pass http://172.20.0.10:8000/;
}
}
}
I'm able to still able to load the page, but it doesn't appear to be executing the JavaScript. I get a white background, and can see the page HTML, but none of the info that would be populated by JavaScript shows up.
(I do have JavaScript enabled in my browser. I have tried both Chromium and Firefox, and both have the same issue.)
I am using Nginx server with a RoR webapplication (version 6.1.4).
I have several audio files around the site and I want to restrict direct access to them.
The page have publicly accessible part and another for registered members. Here they can upload and share mp3's through the platform.
I added the following lines to nginx configuration:
location ~* \.mp3 {
valid_referers server_names;
if ($invalid_referer) {
return 403;
}
}
This one is working fine for the hardcoded audios and prevents direct access.
But if someone logs in and traces the html for the sourcefiles of uploaded audios, it is still accessible for them. I am using ActiveStorage for managing file uploads and it is on a s3 storage.
Appreciate any ideas!
Did not check, but customize this and try:
location ~* \.mp3 { # location for .mp3 files
if (-f $request_filename) { # if file actually exists
return 301 $scheme://$server_name/RoR_APP_URI_with_auth_check/$request_uri;
}
}
This could be a good opportunity to use the Proxy design pattern. You could create a controller/action that handles user authentication and then either redirects to the appropriate url or directly serves the file using send_file. There are pro's and con's to this approach but it would be a way to authenticate requests and restrict access to paywalled content.
Here's an example from a production app I'm working on:
def avatar_proxy
if Rails.env.development?
tmp_file = open(current_user.avatar.path)
else
url = current_user.avatar.url
tmp_file = open(url)
end
send_file tmp_file, :type => current_user.avatar.content_type, disposition: 'inline'
end
I have two HTML pages. a.html is a mobile version of my site, b.html is the desktop version. How can I set these two pages to use the same URL?
It is very easy and I have already implemented this. You can check out wittyfeed.com, it serves different files for mobile and desktop.
It can be done as follow,
http {
....
map $http_user_agent $ind {
"~*mobile" a.html;
default b.html;
}
server {
...
index $ind;
...
location / {
try_files $uri $uri/ $ind;
}
}
}
The above code runs as, it sets value for variable $ind, as a.html if the request comes from mobile or b.html otherwise. Then, accordingly it tries to fetch the file. :)
Edited w.r.t. comment below, *not tested,
http {
...
map $http_user_agent $proxy_addr {
"~*mobile" test-qa.firebaseapp.com/mobile;
default localhost:8080/test/jsp/index.jsp;
}
server {
...
location /test {
proxy_pass $proxy_addr;
}
}
}
I am just learning grails and have a problem with an app that works fine when I run it in Netbeans but shows strange behavior when deployed to Tomcat 7.0.22 on a Centos 5.4 server. I am using the proxy_ajp to make the app available with apache.
The problem seems to be with the session not being maintained after a redirect so that I lose the login information causing the app to try to login again.
My proxy_ajp settings are
<Location /PreyerBooks >
ProxyPass ajp://localhost:8011/PreyerBooks
ProxyPassReverse ajp://localhost:8011/PreyerBooks
</Location>
the app is deploying without errors and the connectivity to the database and LDAP is working. I tested this by logging in the authenticate method as follows
UserController - authentication function
def authenticate = {
def password=passhash(params.password)
log.info " login attempt ${params.login} - ${params.password} - ${password}"
def match = User.findAll(
directory: "user",
filter: "(&(uid=${params.login})(userpassword=${password}))"
)
log.info " match ${match}"
if (match) {
def user = Employee.findByLogin(params.login)
log.info " user ${user} - ${user?.role}"
if(user){
session.user = user
log.info "success"
flash.message = "Hello ${user.firstname}!"
redirect(controller:"Book", action:"index")
}else{
log.error "failed login attempt mismatch to ldap ${params.login}"
flash.message = "Sorry, ${params.login}. Please try again."
redirect(action:"login")
}
}else{
log.error "failed login attempt ${params.login} - ${params.password}"
flash.message = "Sorry, ${params.login}. Please try again."
redirect(action:"login")
}
}
BookController - auth function (checks if logged in)
def beforeInterceptor = [action:this.&auth, except:[]]
def auth() {
log.info "BookController:auth() ${session}"
if(!session.user) {
redirect(controller:"User", action:"login")
return false
}
log.info "BookController:auth() working"
return true
}
The log shows
INFO books.UserController - login attempt username - password - passwordhash
INFO books.UserController - match [de.preyer.books.User#d4a1cc]
INFO books.UserController - user username - admin
INFO books.UserController - success
INFO books.BookController - BookController:auth() Session Content:
The session.user variable has vanished. I checked the passwordhash and it correctly matches against the LDAP server (hence the object reference in match). This user is correctly found in the database where it gains its role.
I cannot access the app directly avoiding the apache ajp as the port is blocked in the firewall and I cannot open it. Thus I cannot test if the problem is in the ajp or tomcat in general
I have tried searching for the criteria specified as the title but find nothing relevant.
a) browser cookies are enabled and working, I tried Safari, Firefox and Chrome without success. I do not think this is a browser issue as the same browsers work with the app in NetBeans (using jetty I think)
b) I have set grails.serverURL = "http://servername/PreyerBooks" to the fully qualified domain
If I turn of the auth the app works.
I must be doing something wrong or have missed a step in the deployment.
Now I know I can include a plugin using Spring Core but this is overkill for my application and adds a further level of complexity to the debugging. I wish to get the current implementation working before moving on. The logic is copied from the Grails 2.1.0 documentation so it should work.
I read in httpSession that things must be serializable but if the example in the documentation does not work why does the app work when I run it in NetBeans?
I am at a loss. Any help would be much appreciated.
Use the spring-security-core plugin (or Shiro, or any established, proven security implementation). It's not complex, and rolling your own security is a quick path to getting hacked.