Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Browser Sniffing for mod_authn_otp |
|
| Author |
|
MisterIX
Joined: 20 Mar 2015
Posts: 1
Location: DE, Berlin
|
 Posted: Tue 24 Mar '15 11:42 Post subject: Browser Sniffing for mod_authn_otp |
 |
|
Hello,
I want to use mod_authn_otp(https://code.google.com/p/mod-authn-otp/) to equip my webmailer with a two factor authentication.
And actually it is working!  "So what the matter?" you might think.
It's working a little bit to well. I protect my webmailer directory like this:
| Code: |
<Location /webmail>
AuthType basic
AuthName "Provide your One Time Password!"
AuthBasicProvider OTP
Require valid-user
# other options...
OTPAuthUsersFile "/etc/otp-users/otp-users"
OTPAuthMaxLinger 3600
</Location>
|
As I said, that does the job. Problem is now, that we use CalDAV Calenders that use the webmailer interface via port 443. So Thunderbird asks for a one time password, when it comes to synchronize the calendars.
I need some kind of browser sniffing here, but I only found mod_rewrite. I'm not really a specialist on web-server configuration so any help is greatly appreciated.
Kind regards, MisterIX. |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7298
Location: Germany, Next to Hamburg
|
| Posted: Tue 24 Mar '15 17:37 Post subject: |
|
|
| You could change the permission depending on the url. You keep your current config and add another location for the CalDAV url. |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Tue 24 Mar '15 20:59 Post subject: |
|
|
BrowserMatch or SetEnvIf User-Agent to set a environment variable on requests from a certain agent. Then add Require env ENVVAR before the Require valid-user.
Any request from a matching user agent will be let in, anything else will have to log in.
BrowserMatch "Thunderbird/3([0-9]|.)+ (Lightning/3([0-9]|.)+)" CALDAV=$2
Would set envvar CALDAV on each request with any Thunderbird/3x with the Lightning/3x plugin and fill CALDAV with the lightning version
$ENV{'HTTP_USER_AGENT'} = Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/31.5.0 Lightning/3.3.3
$ENV{'CALDAV'} = Lightning/3.3.3
Note: This is bypassing otp and user-agent is pretty easy to spoof. |
|
| Back to top |
|
|
|
|
|
|
