-- default: AUTH=origin:ident
Like AUTH=proxy, specify using the value in "Authorization"
field in the HTTP header to authenticate the user, except
that accessibility to a DeleGate as a "HTTP origin server" is
checked in this case.
Example:
AUTH=origin:auth RELIABLE="*@localhost"
Any user who can login to the localhost of this DeleGate,
giving a correct pair of user name and password in
Authorization, will be authorized to access.
Put identification information of the source host in the Forwarded
field in a HTTP request header like:
Forwarded: by Me (Version) for Client
Currently, if this is specified, it is regarded as
AUTH="forward:*:" regardless of the second field.
This is useful for a DeleGate on a firewall which relays
internal HTTP servers toward outside .
Specify the identifier of the host of this DeleGate, which is put into
the Via field in forwarded HTTP message headers as follows:
Via: protocol-version hostIdentifier ( comment )
If no AUTH=viagen is specified, a default pseudonym is used for
hostIdentifier.
If empty hostIdentifier is specified, as AUTH="viagen",
the hostname of this DeleGate is used.
A special specification AUTH="viagen:-" disables the insertion
of the Via field.
If '%' character is used in a hostIdentifier, it is interpreted
as the format for authString below.
Generate "Authorization: Basic authString"
in a HTTP request header to be forwarded to a server,
if it does not have an original Authorization field from a client.
The authString should be "userName:passWord".
The following special string stand for attributes of clients.
%u
-- user name got using Ident protocol
%h
-- host name of the client got from the socket
%i
-- host name of the network interface to the client
%I
-- like %i but use the value of "Host:" if given in HTTP
-- generated string by "CMAP=string:authgen:mapSpec"
%U
-- username part of client's [Proxy-]Authorization: username:password
%P
-- password part of client's [Proxy-]Authorization: username:password
Example:
When the firewall have two network interfaces and internal
and external hosts access from different interface, then
they can be distinguished by the name of interface.
A generated password is formatted as "passWord/%i" and
a DeleGate rejects incoming requests with an Authorization
field of such pattern. Thus forged password cannot pass the
DeleGate on the host "%i".
Generate "Proxy-Authorization: Basic authString"
like AUTH=authgen.
Note: obsoleted by MYAUTH="user:pass:http-proxy".
Example:
Consume Proxy-Authorization in a request message from a client then
forward it to an upstream proxy as is (by authString == %U:%P) AUTH=proxy:pauth AUTH="pauthgen:basic:%U:%P" PROXY=...
If specified, "From: fromString" will be put in the HTTP
request if the original header does not have an original
From field. If fromString is omitted, the default value
is "%u@%h".
Specify contents of the client information part in common
logfile format of HTTP servers. The default value is
AUTH="log:%h:%u:%U".
%F
-- E-mail address in From field
%L
-- local part of From: local@domain field
%D
-- domain part of From: local@domain field
%U
-- username part of Authorization: username:password
%P
-- password part of Authorization: username:password
%Q
-- "for clientFQDN" part of Forwarded: field
Example:
To record information about an original client in an internal
DeleGate which is forwarded from a firewall DeleGate,
generate From field at the firewall DeleGate and record it
at the internal DeleGate.