HTTP::release¶
Description¶
Releases the data collected via
HTTP::collect. Unless a subsequent
HTTP::collect command was issued, there is no
need to use the HTTP::release command inside of the
HTTP_REQUEST_DATA and
HTTP_RESPONSE_DATA events, since (in
these cases) the data is implicitly released.
It is important to note that these semantics are different than those
of the TCP::collect and
TCP::release commands. With
TCP::collect, the event for processing the
data (CLIENT_DATA) will fire without
TCP::release being called, whereas with
HTTP::collect, the event
(HTTP_REQUEST_DATA or
HTTP_RESPONSE_DATA) will not fire
without HTTP::release being called (at least implicitly).
Examples¶
when CLIENT_ACCEPTED {
set authinsck 0
set forceauth 1
set ckname BIGXAUTH
set ckpass 1xxx5678
set ckvalue [IP::client_addr]
set ckdomain .y.z
set asid [AUTH::start pam default_radius]
}
when HTTP_REQUEST {
if {[HTTP::cookie exists $ckname]} {
HTTP::cookie decrypt $ckname $ckpass 128
if {[HTTP::cookie value $ckname] eq $ckvalue} {
set forceauth 0
}
HTTP::cookie remove $ckname
}
if {$forceauth eq 1} {
AUTH::username_credential $asid [HTTP::username]
AUTH::password_credential $asid [HTTP::password]
AUTH::authenticate $asid
HTTP::collect
}
}
when HTTP_RESPONSE {
if {$authinsck eq 1} {
HTTP::cookie insert name $ckname value $ckvalue path / domain $ckdomain
HTTP::cookie secure $ckname enable
HTTP::cookie encrypt $ckname $ckpass 128
}
}
when AUTH_SUCCESS {
if {$asid eq [AUTH::last_event_session_id]} {
set authinsck 1
HTTP::release
}
}
when AUTH_FAILURE {
if {$asid eq [AUTH::last_event_session_id]} {
HTTP::respond 401 "WWW-Authenticate" "Basic realm=\"\""
}
}
when AUTH_WANTCREDENTIAL {
if {$asid eq [AUTH::last_event_session_id]} {
HTTP::respond 401 "WWW-Authenticate" "Basic realm=\"\""
}
}
when AUTH_ERROR {
if {$asid eq [AUTH::last_event_session_id]} {
HTTP::respond 401
}
}