Story13Start - Support for POST parameters

See StoriesExplained? for more infos about tasks. This story is based on the template at StoryTemplateStart

Status : closed
Date opened : 2007-02-27
List of tasks involved : Task43Start, Task44Start, Task45Start
Testsuite : user_story6.rb
Release version : 160

Story

User Colin has an installation of PhpMyAdmin
He wants to secure the login with remo and the help of mod_security

This story is based on a request of Ryan Barnett to prepare a session for his cool-rules webcast.

Story
2007-03-01 - Implemented

Changelog

2007-03-01 - Implemented

PhpMyAdmin can be configured to use http authentication. This means you pass on the db username/password via basic auth header.

Remo supports this with the following rule:

POST /phpMyAdmin/index.php
Headers:
   Authorization: Basic\s[0-9a-zA-Z /]{0,256}={0,2}

Works fine. Actually POST parameters are not even necessary to do this.

This is a curl script used for testing:

curl -v -H "Cookie:  phpMyAdmin=227adad04fa76646b44a73cf871cb75c; pma_lang=en-utf-8; pma_charset=iso-8859-1; pma_collation_connection=utf8_unicode_ci; pma_navi_width=200; pma_theme=original; sessionid=85.0.227.198.1172748142686610" \
        --user-agent "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.1) Gecko/20060601 Firefox/2.0.0.1 (Ubuntu-edgy)" \
        -H "Authorization: Basic cm9vdDpza2xrNysx" \
        http://remo.netnea.com/phpMyAdmin/index.php

Ryan Barnett used it meanwhile to do an owa login check. See attached picture.