Hanno’s Coding Log: software development, geek stuff

Dynamic ip based authentication with Apache

I have a very cool Squeezebox WiFi MP3-Player which comes with a very cool music server software called Slimserver (written in Perl, Open Source, too!).
One thing this Slimserver can do is stream MP3 to every MP3 stream capable player. (Winamp, etc.)

The problem: How to access my music from any computer that has i.e. Winamp installed, without risking a big security breach at my home computer.
Solution: Secure the Slimserver with Apache as a proxy, using Apache’s SSL and authentication capabilities.
Catch: Winamp doesn’t do SSL and MediaPlayer isn’t to good at it, either.

The real solution: Access the management interface of Slimserver via SSL, protect it via some AuthType and allow unprotected, unencrypted access to the stream URL only from IPs that have previously accessed and successfully logged in at the SSL protected page.
I do that with mod_python and the various hooks it provides. Yes, you can do more with it than just executing Python scripts.

Logging the IP addresses

The first thing I need is a way to log the IP addresses that accessed the management interface of Slimserver. I do that with a so called FixupHandler — a routine Apache calls right before executing the request (serving the file or handing the request over to another server when acting as a reverse proxy).
Because the FixupHandler gets called after the Authentication Handler, it will only be called if the authentication was successful.

If you have mod_python installed, you can define a script that should be called as the FixupHandler. The Directive PythonFixupHandler has one argument: The python module that contains the handler function. The module has to be in the python path, which can be modified with the PythonPath directive.
I add to the apache configuration for the SSL protected management interface:

SetHandler mod_python
PythonPath "sys.path+['G:/Programme/Apache Group/Apache2/conf/python']"
PythonFixupHandler log_slim_ip
#PythonDebug On

In conf/python I have the following Python script:

from mod_python import apache
import os.path
from pysqlite2 import dbapi2 as sqlite
from time import time
def fixuphandler(req):
  logDir = os.path.dirname(req.server.error_fname)
  sqlConn = openDatabase(logDir + '/slimserverAllowedIPs.db')
  insertNewIP(sqlConn, req.connection.remote_ip)
  return apache.OK

For a complete listing have a look at the attachments.

  • Digg
  • del.icio.us
  • MisterWong
  • Technorati
  • StumbleUpon
  • Yigg

Related posts

You can follow any responses to this entry through the RSS 2.0 feed.

Stoppt die Vorratsdatenspeicherung! Jetzt klicken & handeln!Willst du auch bei der Aktion teilnehmen? Hier findest du alle relevanten Infos und Materialien: