Here's an example from our config:
#!subst "/DB_USER/xxxxxxxx/" #!subst "/DB_PASSWORD/xxxxxxxxxx/"
event_route[xhttp:request] { # Challenge for authentication credentials DB_NAME and DB_PASSWORD.
xlog("L_INFO", "[R-XHTTP-REQUEST:$ci] Received HTTP request $rm $hu from $si:$sp\n");
if(is_present_hf("Authorization") && defined $au && $au ne "DB_USER") { xlog("L_INFO", "[R-XHTTP-REQUEST:$ci] !> Invalid user: $au\n"); sl_send_reply("403", "Forbidden"); exit; }
# The challenge does not send a qop= parameter, in order to ease # the burden on the client.
if(!pv_www_authenticate("$Ri", "DB_PASSWORD", "0", "POST")) { switch($rc) { case -1: xlog("L_INFO", "[R-XHTTP-REQUEST:$ci] !> Generic authentication error\n"); sl_send_reply("403", "Forbidden"); break;
case -2: xlog("L_INFO", "[R-XHTTP-REQUEST:$ci] !> Invalid password -- rejecting\n"); sl_send_reply("403", "Forbidden"); break;
default: xlog("L_INFO", "[R-XHTTP-REQUEST:$ci] !> Unauthorised -- issuing authentication challenge\n"); www_challenge("$Ri", "0"); }
exit; }
xlog("L_INFO", "[R-XHTTP-REQUEST:$ci] -> Authorised user: $au\n");
consume_credentials();
-- Alex