Basic Authorization Plugin

The sample basic authorization plugin,, checks for basic HTTP proxy authorization. In HTTP basic proxy authorization, client user names and passwords are contained in the Proxy-Authorization header. The password is encoded using base64 encoding. The plugin checks all incoming requests for the authorization header, user name, and password. If the plugin does not find all of the these, then it reenables with an error (effectively stopping the transaction) and adds a transaction hook to the send response header event.

Creating the Plugin’s Parent Continuation and Global Hook

The parent continuation and global hook are created as follows:

TSHttpHookAdd (TS_HTTP_OS_DNS_HOOK, TSContCreate (auth_plugin, nullptr));


Authorization plugins which attach to TS_HTTP_OS_DNS_HOOK (as shown in the example above) will not operate as expected unless proxy.config.http.doc_in_cache_skip_dns is set to 0. Disabling this feature ensures that DNS hooks will still be executed even when a matching document has been located in the cache. The downside is that the performance gain by skipping otherwise unnecessary DNS lookups is lost.