URL authentication

Phil Mayers p.mayers at imperial.ac.uk
Thu Aug 3 12:50:41 CEST 2006 

Joe Warren-Meeks wrote:
> 
> Anyone got any ideas on this? I'm a little stuck as to where to start..

I don't know how you'd do it with a database, but with the users file, 
it'd be something like:

username incoming-req-uri != "http://foo.com/bar", Auth-Type :=  Reject
	Reply-Message = "You can't access this URL"
	Fall-Through = No

username User-Password := "pass"

Basically, there are lots of ways of doing what you want to do. From 
what I remember about the SQL backend, it should just be a case of putting:

insert into radchech (username,attribute,op,value) values (
	'username',
	'incoming-req-uri',
	'==',
	'http://foo.com/bar'
	);

...and it should work.

> 
>  -- joe.
> 
> On 1 Aug 2006, at 13:42, Joe Warren-Meeks wrote:
> 
>>
>> Oops, should point out that I'm currently using the following line to 
>> get the URL into the access-request:
>>
>> echo "User-Name = joe, Password = testing, incoming-req-uri = 
>> http://www.blibble.net/path_to" | ./radclient 127.0.0.1 auth testing123
>>
>> This puts it into the access-request and the radius server sees it
>> rad_recv: Access-Request packet from host 127.0.0.1:32770, id=106, 
>> length=79
>>         User-Name = "joe"
>>         User-Password = "testing"
>>         incoming-req-uri = "http://www.blibble.net/path_to"
>>   Processing the authorize section of radiusd.conf
>>
>>
>> Thanks.
>>
>>  -- joe.
>>
>> On 1 Aug 2006, at 13:39, Joe Warren-Meeks wrote:
>>
>>>
>>> Hey guys,
>>>
>>> (Using freeradius-1.1.2 on Ubuntu Linux, with MySQL backend)
>>>
>>> I'm setting up an HTTP based download service and we are looking to 
>>> authenticate users to download a specific object only. So, I'm 
>>> looking for a way to authenticate based on username, password and url.
>>>
>>> Now, I can extend the radcheck table to include the URL and add that 
>>> into the sql query as defined in mysql.conf, but how do I get 
>>> freeradius to authenticate on the triple?
>>>
>>> Any ideas? My search in the mailing list for URL and authenticate 
>>> strangely turned up a lot of results ;-)
>>>
>>> Thanks.
>>>
>>>  -- joe.
>>>
>>> Joe Warren-Meeks                       T: +44 (0) 208 962 0007
>>> Aggregator Ltd.                        M: +44 (0) 7789 176 078
>>> Unit 62/63 Pall Mall Deposit           F: +44 (0) 208 962 0008
>>> 124-128 Barlby Road, London W10 6BL
>>> PGP:        361F 78D0 56F5 8D7F 2639  947D 71E2 8811 F825 64CC
>>>
>>>
>>>
>>
>> Joe Warren-Meeks                       T: +44 (0) 208 962 0007
>> Aggregator Ltd.                        M: +44 (0) 7789 176 078
>> Unit 62/63 Pall Mall Deposit           F: +44 (0) 208 962 0008
>> 124-128 Barlby Road, London W10 6BL
>> PGP:        361F 78D0 56F5 8D7F 2639  947D 71E2 8811 F825 64CC
>>
>>
>>
>> -List info/subscribe/unsubscribe? See 
>> http://www.freeradius.org/list/users.html
> 
> Joe Warren-Meeks                       T: +44 (0) 208 962 0007
> Aggregator Ltd.                        M: +44 (0) 7789 176 078
> Unit 62/63 Pall Mall Deposit           F: +44 (0) 208 962 0008
> 124-128 Barlby Road, London W10 6BL
> PGP:        361F 78D0 56F5 8D7F 2639  947D 71E2 8811 F825 64CC
> 
> 
> 
> -List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list