logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Third-party Modules View previous topic :: View next topic
Reply to topic   Topic: Browser Sniffing for mod_authn_otp
Author
MisterIX



Joined: 20 Mar 2015
Posts: 1
Location: DE, Berlin

PostPosted: Tue 24 Mar '15 11:42    Post subject: Browser Sniffing for mod_authn_otp Reply with quote

Hello,

I want to use mod_authn_otp(https://code.google.com/p/mod-authn-otp/) to equip my webmailer with a two factor authentication.

And actually it is working! Razz "So what the matter?" you might think.

It's working a little bit to well. I protect my webmailer directory like this:

Code:
   

   <Location /webmail>
    AuthType basic
    AuthName "Provide your One Time Password!"
    AuthBasicProvider OTP
    Require valid-user
    # other options...
    OTPAuthUsersFile "/etc/otp-users/otp-users"
    OTPAuthMaxLinger        3600
   
   </Location>



As I said, that does the job. Problem is now, that we use CalDAV Calenders that use the webmailer interface via port 443. So Thunderbird asks for a one time password, when it comes to synchronize the calendars.

I need some kind of browser sniffing here, but I only found mod_rewrite. I'm not really a specialist on web-server configuration so any help is greatly appreciated.

Kind regards, MisterIX.
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg

PostPosted: Tue 24 Mar '15 17:37    Post subject: Reply with quote

You could change the permission depending on the url. You keep your current config and add another location for the CalDAV url.
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA

PostPosted: Tue 24 Mar '15 20:59    Post subject: Reply with quote

BrowserMatch or SetEnvIf User-Agent to set a environment variable on requests from a certain agent. Then add Require env ENVVAR before the Require valid-user.

Any request from a matching user agent will be let in, anything else will have to log in.

BrowserMatch "Thunderbird/3([0-9]|.)+ (Lightning/3([0-9]|.)+)" CALDAV=$2

Would set envvar CALDAV on each request with any Thunderbird/3x with the Lightning/3x plugin and fill CALDAV with the lightning version

$ENV{'HTTP_USER_AGENT'} = Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/31.5.0 Lightning/3.3.3
$ENV{'CALDAV'} = Lightning/3.3.3

Note: This is bypassing otp and user-agent is pretty easy to spoof.
Back to top


Reply to topic   Topic: Browser Sniffing for mod_authn_otp View previous topic :: View next topic
Post new topic   Forum Index -> Third-party Modules