PageViews: 16,032 hits / 333 nets
home updates download manual documents feedback search

Reference Manual of DeleGate

DeleGate reference manual version 9.9 / Authorization generation
[CTX] [ALL] Authorization generation

Generate "Authorization: Basic authString" in a HTTP request header to be forwarded to a server, if it does not have an original Authorization field from a client. The authString should be "userName:passWord". The following special string stand for attributes of clients.

    %u -- user name got using Ident protocol
    %h -- host name of the client got from the socket
    %i -- host name of the network interface to the client
    %I -- like %i but use the value of "Host:" if given in HTTP
    %a -- host address of the client
    %n -- network address of the client
    %H -- hostname of the DeleGate
    %M -- the ADMIN of the DeleGate
    %A -- generated string by "CMAP=string:authgen:mapSpec"
    %U -- username part of client's [Proxy-]Authorization: username:password
    %P -- password part of client's [Proxy-]Authorization: username:password


    When the firewall have two network interfaces and internal and external hosts access from different interface, then they can be distinguished by the name of interface.
    Otherwise, internal network should be explicitly defined using CMAP as follows.

A generated password is formatted as "passWord/%i" and a DeleGate rejects incoming requests with an Authorization field of such pattern. Thus forged password cannot pass the DeleGate on the host "%i".