phpapachesessionubuntuproxy

Apache2 Reverse Proxy with PHP Login Page (Check for session var before forwarding to server)

I have an apache2 reverse proxy setup fine for an ssl backend server.

(WWW --> Apache2 --> Server) Works fine.

I have a nice method of doing 2FA using TOTP and looking to get this working for this particular web application.

How can I get apache2 to check for a sessionid / var (check if a user is authenticated using my php script) before forwarding them on to the server behind the proxy?

IE: Im looking for this..

  1. User connects to proxy and is presented with a login form.
  2. User gets authenticated a session ($_SESSION['loggedin'] = "1")
  3. Apache checks if that = 1, if so, forward to proxied host. If not, present login.php (as an example)

Essentially what i am trying to achieve is a 2factor mech as the app being proxied allowed one type and my php script using totp does another.

I just need apache top be able to check if they are logged in in php before forwarding to the proxied host.

Reverse proxy works fine currently, just need this extra "login" before being proxied to work..

Current config is essentially this..

<VirtualHost *:80>
ProxyPreserveHost On

ProxyPass / http://10.0.0.1:80/
ProxyPassReverse / http://10.0.0.1:80/

Would be nice to have something in the virtualhost to say something like, IF USER SESSION VAR X = Y then Proxy.

Any ideas?

I cant find anything whatsoever online.

Solution

  • Hey Mr self called "Smart" Graham xD

    First. In the IT there is no impossible.

    I would like to implement exactly what you want. So far I have used BasicAuth for this problem.

    To solve your Apache Authentication problem u have to use the Location directive.

    For BasicAuth this looks like

    <VirtualHost *:80>
    ServerName myproxyservice.mydomain.de

    ServerAdmin webmaster@mydomain.de

    <Location />
        AuthType Basic
        AuthName "Restricted area"
        AuthUserFile /var/www/html/myproxyservice/.htpasswd
        Require valid-user
    </Location>

    <Proxy *>
    Order deny,allow
    Allow from all
    </Proxy>

    ProxyRequests Off
    ProxyPreserveHost On
    ProxyPass / http://127.0.0.1:32400/
    ProxyPassReverse / http://127.0.0.1:32400/
</VirtualHost>

    But now. I wanna have a nicer login form. This is possible with a Apache Module.

    mod_session

    mod_auth_form "Here are easy Examples, so there is no need for me to make one"

    Dear Linux Users. U have to activate the following modules:

    a2enmod session_cookie

    a2enmod request

    a2enmod auth_form

    MfG R0b1ns - 'Ich hab auch Discord :)