DeleGate reference manual version 9.9 / Authorization generation

[CTX] [ALL] Authorization generation

AUTH=authgen:basic:authString

Generate "Authorization: Basic authString" in a HTTP request header to be forwarded to a server, if it does not have an original Authorization field from a client. The authString should be "userName:passWord". The following special string stand for attributes of clients.

`%u`	-- user name got using Ident protocol
`%h`	-- host name of the client got from the socket
`%i`	-- host name of the network interface to the client
`%I`	-- like %i but use the value of "Host:" if given in HTTP
`%a`	-- host address of the client
`%n`	-- network address of the client
`%H`	-- hostname of the DeleGate
`%M`	-- the ADMIN of the DeleGate
`%A`	-- generated string by "CMAP=string:authgen:mapSpec"
`%U`	-- username part of client's [Proxy-]Authorization: username:password
`%P`	-- password part of client's [Proxy-]Authorization: username:password

Example:

AUTH="authgen:basic:%i:%h"

CMAP

AUTH="authgen:basic:%A" CMAP="{internal:passWord}:authgen:*:*:{InternalNetList}" CMAP="{external:passWord}:authgen:*:*:*"

A generated password is formatted as "passWord/%i" and a DeleGate rejects incoming requests with an Authorization field of such pattern. Thus forged password cannot pass the DeleGate on the host "%i".