1

My organisation has subscribed to a language web service infrastructure called the Language Grid which uses basic access authentication for the service invocation. We hired a contractor to develop an application for us using these language services. The problem is that we do not want to give the username and password to access the service grid to the contractor and we want to monitor (log) the access.

Hence we were thinking of creating a "proxy" for the web service requests so that the contractor can make tests as depicted in the following figure:

enter image description here

I was thinking that one of the simplest ways to do this was to ask the contractor to make his requests via a script (PHP or other) located on our server and to relay this request to the service grid. Such a script could look like that:

$auth = base64_encode("$user:$pass");
$url = $_POST['url']

$request = new HTTPRequest($url, HTTP_METH_POST);
$request->setPostFields($_POST)
$request->send();
$response = $request->getResponseBody();
echo $response;

Is there a better and more secure way to do this? For example by using Apache proxy mod functionalities?

Julien Bourdon
  • 1,713
  • 17
  • 28

1 Answers1

1

A helpful thread on an authenticated proxy setup w/ mod_proxy:

Setting up an Apache Proxy with Authentication

Looks like one of the answers suggests Squid as well. While I've used both it really comes down to what you're most familiar with and how much time you're willing to spend. Squid is a purpose-built proxy, but you can probably get setup with Apache more quickly.

Community
  • 1
  • 1
quickshiftin
  • 66,362
  • 10
  • 68
  • 89