原文链接:https://www.9mblog.com/121.html
这个插件可以将请求授权交给其他http服务。
说实话,我对于http授权这事还不是很明白,仅仅了解到没有授权会返回401。所以这个插件的用途也还没弄清楚。先放在这里,以后用到再做适当补充。
引用官方原文:
Plugin Options
--auth-transform=TYPE |
|
This option specifies how to route the incoming request to the authorization service. The transform type may be head or redirect. 这个选项可以设置两个值,head或redirect。 If the transform type is head, then the incoming request is transformed to a HEAD request and is sent to the same destination. If the response is 200 OK, the incoming request is allowed to proceed. 当使用head时,会把请求转成HEAD请求(只请求头信息),如果返回的是200 OK,再进行后续请求。 If the transform type is range, then the incoming request is transformed to a Range request asking for 0 bytes. Other than that, the behavior is identical to the head option above. This type of Range request is useful when the upstream destination is a cache, and it’s not able to cache HEAD requests. 当使用range时,将请求转换成“0-”这样的范围值。除此之外,其他的和head的效果完全一样。Range在目的是缓存是非常有用,它可以不缓存HEAD请求。 If the transform type is redirect then the incoming request is sent to the authorization service designated by the –auth-host and –auth-portparameters. If the response is 200 OK, the incoming request is allowed to proceed. 当使用redirect时当,会将请求重定向到由 –auth-host和–auth-portparameters指向的授权服务器。如果返回200 OK,再进行后续请求。 When the authorization service responds with a status other than 200 OK, that response is returned to the client as the response to the incoming request. This allows mechanisms such as HTTP basic authentication to work correctly. Note that the body of the authorization service response is not returned to the client. 当返回结果不是200 OK时,不影响正常HTTP认证机制。要注意,认证服务的应答包不会发送给客户端。 |
|
--auth-host=HOST |
|
The name or address of the authorization host. This is only used by the redirecttransform. 使用redirect时指定的目的主机。 |
|
--auth-port=PORT |
|
The TCP port of the authorization host. This is only used by the redirecttransform. 使用redirect时指定的目的端口 |
|
--force-cacheability |
|
If this options is set, the plugin will allow Traffic Server to cache the result of authorized requests. In the normal case, requests with authorization headers are nor cacheable, but this flag allows that by setting the proxy.config.http.cache.ignore_authentication option on the request. 这个选项可以让traffic server缓存授权请求。正常情况下正常不会缓存授权请求头,但是可以通过设置proxy.config.http.cache.ignore_authentication设置为允许。 |
|
Examples
http请求转换成HEAD请求的例子:
map http://cache.example.com http://origin.internal.com/ \
@plugin=authproxy.so @pparam=--auth-transform=head
map http://origin.internal.com http://origin.internal.com/
使用redirect的例子:
map http://cache.example.com http://origin.internal.com/ \
@plugin=authproxy.so @pparam=--auth-transform=redirect @pparam=--auth-host=127.0.0.1 @pparam=--auth-port=9000
map http://origin.internal.com/ http://origin.internal.com/ \
@plugin=authproxy.so @pparam=--auth-transform=redirect @pparam=--auth-host=127.0.0.1 @pparam=--auth-port=9000