Documentation

One of the most powerful enhancements to TAG mod_rewrite Routing is the ability to perform Authentication on a RewriteRule via the A flag.

Assuming that proper Security Profiles and Accounts are set up, TAG is able to evaluate the required Authentication conditions to perform the route of the rule. Consider:

And that a Security Profile is associated with the Route in the Authentication section.

This rule matches all the incoming requests to TAG to the URL http://localhost:8080/tribestream and proxy to the substitute address https://tribestream.io due to the [P] flag. However, since we also have the [A] flag, an Authentication call will be executed against the configured Security Profile.

If the Authentication succeeds, the route will proxy the request as expected. On the other hand, if Authentication fails, TAG will immediately stop the rule set evaluation and return a response HTTP Status Error Code - 401 - Unauthorized.

The Route Authentication validation can check multiple Security Profiles. They will be evaluated in the order in which they are defined in the Authentication section. In the Require setting, it is possible to set up how the validation is performed. You can require ALL and then all Security Profiles associated with the Route must validate successfully to perform the routing behavior. Or, you can require ANY and only one Security Profile of the list must validate successfully to pass Authentication.

The Authentication flag [A] can also be applied to multiple RewriteRule directives, meaning that Authentication must pass on all flagged rules to move forward with the rule set evaluation.