Apache cookie authentication

There’s a module that let’s you authenticate via any auth method (basic auth, ldap, etc…) to specific locations, you can also set an expiration time on the cookie, so when the time expire the user will be redirected to the login page.

In this post we’ll install it on a Centos 7 server.

Firs we need to install all the dependencies:

yum groupinstall "Development Tools" && \
yum install httpd http-devel autoconf libmemcached memcached \
            libevent-devel php-pecl-memcached

Now we have to download the project or clone it and compile it:

git clone https://github.com/ZenProjects/Apache-Authmemcookie-Module.git
cd Apache-Authmemcookie-Module
autoconf -f 
./configure --with-apxs=/usr/bin/apxs --with-libmemcached=/usr/ 
make
make install 

If everything went well now we just have to activate the module, by adding a configuration file.

We’ll create a file called “00-authCookie.conf” and put it in /etc/httpd/conf.modules.d/ with the next line:

LoadModule mod_auth_memcookie_module modules/mod_auth_memcookie.so

then we need to reload Apache so it can load the module:

httpd -k graceful

To verify it loaded the module:

httpd -M | grep mod_auth

If Apache loaded the module it should return this:

mod_auth_memcookie_module (shared)

Now we have to start memcached and add the configuration on httpd.conf

Example config:


  
   Auth_memCookie_CookieName myauthcookie
   Auth_memCookie_Memcached_Configuration --server=127.0.0.1:11211

   # to fix header for php buggy authentification mecanism
   Auth_memCookie_SilmulateAuthBasic on

   # to redirect unauthorized user to the login page
   ErrorDocument 401 "/login.php"

   Auth_memCookie_Authoritative on
   AuthType Cookie
   AuthName "Login Intranet"
   require mcac-public
  



<Location "/privateURL">
    require valid-user

<Location "/privateURL2">
    require user user1 user2 user3

<Location "/privateURLgroup1">
    require mcac-group group1 group2

You can create the cookie with any programming language, here I’ll place an example using PHP7

PHP7 snippet

         <?php ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // cookie parametters $my_cookie_name="myauthcookie"; // name of the cookie $my_domain=""; // cookie domain $my_expiretime=30; // expiration time off the cookie, must be zero or in seconds. $my_path="/"; // path of the cookie $my_secure=FALSE; // if cookie are secure (must be transmited only on ssl) // to use where behind reverse proxy //if (isset($_SERVER["HTTP_X_FORWARDED_FOR"]) //$my_remoteip=$_SERVER["HTTP_X_FORWARDED_FOR"]; if (isset($_SERVER["HTTP_VIA"])) $my_remoteip=$_SERVER["HTTP_VIA"]; // to use where directly connected to the client if (!isset($my_remoteip)) $my_remoteip=$_SERVER["REMOTE_ADDR"]; $msg = ''; $my_user=$_POST["username"]; $my_password=$_POST["password"]; $my_groups="test"; $my_mail="test@test.com"; $my_nom="test"; $my_prenom="test"; $my_send_pass_flag="FALSE"; // instantiate memcache api object $memcache = new Memcached; // connect to memcached on localhost port 11211 $memcache->addServer('localhost', 11211) or die ("Could not connect");
  // generate cookie uniq session id
  $key=md5(uniqid(rand(), true).$_SERVER["REMOTE_ADDR"].time());
  // contruct session value to be stored in memcached for the cookie session id.
  $value="UserName=".$my_user."\r\n";
  $value.="Groups=".$my_groups."\r\n";
  $value.="RemoteIP=".$my_remoteip."\r\n";
  $value.="Expiration=".$my_expiretime."\r\n";
  if ($my_send_pass_flag!=FALSE) $value.="Password=".$my_password."\r\n";
  $value.="Email=".$my_mail."\r\n";
  $value.="Name=".$my_nom."\r\n";
  $value.="GivenName=".$my_prenom."\r\n";
  // store value for the key in memcache deamon
  $memcache->set($key,$value,$my_expiretime);
  // set cookie session
  if ($my_expiretime!=0)
  setcookie($my_cookie_name,$key,time()+$my_expiretime,$my_path,$my_domain,$my_secure);

  else setcookie($my_cookie_name,$key,$my_expiretime,$my_path,$my_domain,$my_secure);
  // redirect to referer page....
  header("Location:");
  exit;;
This entry was posted in Apache, Linux, Misc, PHP, Security. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*