Basic Authorization Plugin¶
The sample basic authorization plugin, basic_auth.cc
, checks for
basic HTTP proxy authorization. In HTTP basic proxy authorization,
client user names and passwords are contained in the
Proxy-Authorization
header. The password is encoded using base64
encoding. The plugin checks all incoming requests for the authorization
header, user name, and password. If the plugin does not find all of the
these, then it reenables with an error (effectively stopping the
transaction) and adds a transaction hook to the send response header
event.
Creating the Plugin’s Parent Continuation and Global Hook¶
The parent continuation and global hook are created as follows:
TSHttpHookAdd (TS_HTTP_OS_DNS_HOOK, TSContCreate (auth_plugin, nullptr));
Important
Authorization plugins which attach to TS_HTTP_OS_DNS_HOOK
(as shown in
the example above) will not operate as expected unless
proxy.config.http.doc_in_cache_skip_dns
is set to 0
. Disabling
this feature ensures that DNS hooks will still be executed even when a
matching document has been located in the cache. The downside is that the
performance gain by skipping otherwise unnecessary DNS lookups is lost.