Protecting access to an event with a reverse proxy

Events can be secured by accessing them through a reverse proxy that provides authorization information. This is a useful feature for organizations that wish to restrict access to an event but don't want all of their users to register on the StreamText.Net website.

The reverse proxy forwards an authorization header to StreamText.Net that has a username and password encoded in the header value. An example authorization header would be "Basic dXNlcjFAc29tZWNvbXBhbnkuY29tOnNvbWVwYXNzd29yZA==". The value after "Basic" is a base64 encoded ASCII string value in the form of [username]:[password]. An example of encoding the value "user1@somecompany.com:somepassword" (without the quotes) to a base64 string would be "dXNlcjFAc29tZWNvbXBhbnkuY29tOnNvbWVwYXNzd29yZA==".

Note: It is HIGHLY SUGGESTED that the reverse proxy connect using HTTPS so that this information is never sent to our servers unencrypted.

The following Stack Overflow article is a sample implementation of implementing a reverse proxy using Apache2.
http://stackoverflow.com/questions/567814/apache2-reverse-proxy-to-an-end-point-that-requires-basicauth-but-want-to-hide-t

If you follow the advice in the Stack Overflow article to provide the authorization header using the example above the result would be

ProxyPass https://www.streamtext.net/
ProxyPassReverse https://www.streamtext.net/
RequestHeader set Authorization "Basic dXNlcjFAc29tZWNvbXBhbnkuY29tOnNvbWVwYXNzd29yZA=="

The StreamText.Net servers will take the authorization header, decode the contents and compare the result against the access list for the event. If it matches, the user will be allowed access. If it does not, then the user will be prompted for credentials.

Please contact us with any questions and please suggest improvements to this article.

 

Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk