AuthTrans

auth-type

Specifies the type of authorization to be used. This should always be basic.

userdb

(Optional) Specifies the full path and file name of the user database to be used for user verification. This parameter will be passed to the user function. 

userfn

Name of the user custom function to verify authorization. This function must have been previously loaded with load-modules. It has the same interface as all of the SAFs, but it is called with the user name (user), password (pw), user database (userdb), and group database (groupdb) if supplied, in the pb parameter. The user function should check the name and password using the database and return REQ_NOACTION if they are not valid. It should return REQ_PROCEED if the name and password are valid. The basic-auth function will then add auth-type, auth-user (user), auth-db (userdb), and auth-password (pw, Windows only) to the rq->vars pblock.

groupdb

(Optional) Specifies the full path and file name of the user database. This parameter will be passed to the group function. 

groupfn

(Optional) Name of the group custom function that must have been previously loaded with load-modules. It has the same interface as all of the SAFs, but it is called with the user name (user), password (pw), user database (userdb), and group database (groupdb) in the pb parameter. It also has access to the auth-type, auth-user (user), auth-db (userdb), and auth-password (pw, Windows only) parameters in the rq->vars pblock. The group function should determine the user’s group using the group database, add it to rq->vars as auth-group, and return REQ_PROCEED if found. It should return REQ_NOACTION if the user’s group is not found.

bucket

(Optional) Common to all obj.conffunctions.

Init fn=load-modules shlib=/path/to/mycustomauth.so funcs=hardcoded_auth

         

AuthTrans fn=basic-auth auth-type=basic userfn=hardcoded_authPathCheck 
	fn=require-auth auth-type=basic realm="Marketing Plans"

auth-type

Specifies the type of authorization to be used. This should always be basic.

dbm

(Optional) Specifies the full path and base file name of the user database in the server’s native format. The native format is a system DBM file, which is a hashed file format allowing instantaneous access to billions of users. If you use this parameter, don’t use the userfile parameter as well.

userfile

(Optional) Specifies the full path name of the user database in the NCSA-style HTTPD user file format. This format consists of lines using the format name:password, where password is encrypted. If you use this parameter, don’t use dbm.

grpfile

(Optional) Specifies the NCSA-style HTTPD group file to be used. Each line of a group file consists of group:user1 user2. userN where each user is separated by spaces.

bucket

(Optional) Common to all obj.conf functions.

AuthTrans fn=basic-ncsa auth-type=basic dbm=/sun/server61/userdb/rsPathCheck 
	fn=require-auth auth-type=basic realm="Marketing Plans"AuthTrans 
	fn=basic-ncsa auth-type=basic userfile=/sun/server61/.htpasswd 
	grpfile=/sun/server61/.grpfilePathCheck fn=require-auth auth-type=basic 
	realm="Marketing Plans"

bucket

(Optional) Common to all obj.conf functions.

stage

Stage directive used in obj.conf processing (NameTrans, PathCheck, and so on). The match-browser function is applicable in all stage directives.

string

Wildcard pattern to compare against the User-Agent header (for example, "*Mozilla*").

name

Variable to be changed. The match-browser SAF indirectly invokes the set-variable SAF. For a list of valid variables, see set-variable.

value

New value for the specified variable. 

AuthTrans fn="match-browser" browser="*[Bb]roken*" ssl-unclean-shutdown="true" 
keep-alive="disabled" http-downgrade="1.0"

auth-type

Specifies the type of authorization to be used. The type should be “basic” unless you are running a UNIX proxy and are going to use your own function to perform authentication. 

dbm

Specifies the full path and base filename of the user database in the server’s native format. The native format is a system DBM file, which is a hashed file format allowing instantaneous access to billions of users. If you use this parameter, don’t use the userfile parameter. 

userfile

Specifies the full pathname of the user database in the NCSA-style httpd user file format. This format consists of name:password lines where password is encrypted. If you use this parameter, don’t use dbm. 

grpfile

(optional)Specifies the NCSA-style httpd group file to be used. Each line of a group file consists of group:user1 user2...userN, where each user is separated by spaces.

AuthTrans fn=proxy-auth auth-type=basic  
	dbm=/usr/ns-home/proxy-EXAMPLE/userdb/rs
A Windows NT example:
AuthTrans fn=proxy-auth auth-type=basic userfile=\\netscape\\server
	\\proxy-EXAMPLE\\.htpasswd grpfile=\\netscape\\server
	\\proxy-EXAMPLE\\.grpfile

user-fn

Specifies the name of the user-provided function that will be used to perform authentication in place of the built-in authentication. If authentication succeeds, the function should return REQ-PROCEED and if authentication fails, it should return REQ-NOACTION. 

userdb 

Specifies the full path and base filename of the user database in the server’s native format. The native format is a system DBM file, which is a hashed file format allowing instantaneous access to billions of users. 

pblock

One of the following Session/Request parameter block names: 

• client: Contains the IP address of the client machine and the DNS name of the remote machine. For more information, see the description of the Session->client function in the “Data Structure Reference” chapter of the Sun Java System Web Proxy Server 4.0.2 NSAPI Developer’s Guide.

• vars: Contains the server’s working variables, which includes anything not specifically found in the reqpb, headers, or srvhdrs pblocks. The contents of this pblock differ, depending upon the specific request and the type of SAF.

• reqpb: Contains elements of the HTTP request, which includes the HTTP method (GET, POST, and so on), the URI, the protocol (generally HTTP/1.0), and the query string. This pblock doesn’t usually change during the request-response process.headers: Contains all the request headers (such as User-Agent, If-Modified-Since, and so on) received from the client in the HTTP request. This pblock doesn’t usually change during the request-response process.

• srvhdrs: Contains the response headers (such as Server, Date, Content-type, Content-length, and so on) that are to be sent to the client in the HTTP response.

  Note: For more information about parameter blocks, see the Sun Java System Web Proxy Server 4.0.2 NSAPI Developer’s Guide.

name

The variable to set. 

value

The string assigned to the variable specified by name.

abort

A value of true indicates the result code should be set to REQ_ABORTED. Setting the result code to REQ_ABORTED will abort the current request and send an error to the browser.

error

Sets the error code to be returned in the event of an aborted browser request. 

escape

A boolean value signifying whether a URL should be escaped using util_uri_escape. For information about util_uri_escape, see the “NSAPI Function Reference” chapter of the Sun Java System Web Proxy Server 4.0.2 NSAPI Developer’s Guide.

find-pathinfo-forward

Path information after the file name in a URI. See find-pathinfo.

http-downgrade

HTTP version number (for example, 1.0). 

http-upgrade

HTTP version number (for example, 1.0). 

keep-alive

A boolean value that establishes whether a keep-alive request from a browser will be honored. 

name

Specifies an additional named object in the obj.conf file whose directives will be applied to this request. See also assign-name.

noaction

A value of true indicates the result code should be set to REQ_NOACTION. For AuthTrans, NameTrans, Service, and Error stage SAFs, setting the result code to REQ_NOACTION indicates that subsequent SAFs in that stage should be allowed to execute.

nostat

Causes the server not to perform the stat() function for a URL when possible. See also assign-name.

senthdrs

A boolean value that indicates whether HTTP response headers have been sent to the client. 

ssl-unclean-shutdown

A boolean value that can be used to alter the way SSL3 connections are closed. As this violates the SSL3 RFCs, you should only use this with great caution if you know that you are experiencing problems with SSL3 shutdowns. 

stop

A value of true indicates the result code should be set to REQ_PROCEED. For AuthTrans, NameTrans, Service, and Error stage SAFs, setting the result code to REQ_PROCEED indicates that no further SAFs in that stage should be allowed to execute.

url

Redirect requests to a specified URL.