Setting a Transaction Hook
If the request does not have the Proxy-Authorization
field set to
Basic authorization or a valid username/password, then the plugin sends
the 407 Proxy authorization required
status code back to the client.
The client will then prompt the user for a username and password, and
then resend the request.
In the handle_dns
routine, the following lines handle the
authorization error case:
done:
TSHttpTxnHookAdd (txnp, TS_HTTP_SEND_RESPONSE_HDR_HOOK, contp);
TSHttpTxnReenable (txnp, TS_EVENT_HTTP_ERROR);
If handle_dns
does not find the Proxy-Authorization
field set to
Basic authorization or a valid username/password, then it adds a
SEND_RESPONSE_HDR_HOOK
to the transaction being processed. This
means that Traffic Server will call the plugin back when sending the
client response. handle_dns
reenables the transaction with
TS_EVENT_HTTP_ERROR
, which means that the plugin wants Traffic
Server to terminate the transaction.
When Traffic Server terminates the transaction, it sends the client an
error message. Because of the SEND_RESPONSE_HDR_HOOK
, Traffic Server
calls the plugin back. The auth-plugin
routine calls
handle_response
to send the client a 407
status code. When the
client resends the request with the Proxy-Authorization
field, a new
transaction begins.
handle_dns
calls base64_decode
to decode the username and
password; handle_dns
also calls authorized
to validate the
username and password. In this plugin, sample NT code is provided for
password validation. UNIX programmers can supply their own validation
mechanism.