acl-proxy

command
Version: v1.4.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 9, 2021 License: MIT Imports: 24 Imported by: 0

Documentation

Overview

A privilege separation HTTP proxy

The privilege it's guarding is the permission to talk to the upstream server. Incoming requests are checked against an ACL before forwarded using the configured client certificate, which should be kept private. In addition, the incoming client must authenticate with a separate client certificate that the proxy accepts. This can be done with a simple valid cert check or by specifying an exact common name or key signature.

Thus you can have a certificate with more permissions and this proxy reduces it to a lower set. Obviously the incoming client can't have access to the upstream client certificate file or this is pointless.

The program will exit with status code 10 if it detects that any of the certificates expires. You can use that exit code to detect this condition.

Source Files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL