Loading ...

Would you like to discuss your environment with a knowledgable engineer?

Preferred communication *

Thank you. We will be in touch with you shortly

Access Token Plugin

Simple Access Control Plugin for aiScaler 

What this plugin does.
This plugin applies expiration enforcement to the URI Received. If the URI is of the form http://blah.com/secret_content.asp?ID=1&token=XXXXXXXXXXXXXXXXXXXXXXXXXXXX, where XXXXXXXXXXXXXXXXXXXXXXXXXXXX is the Unix epoch time, the request will be discarded if the received token corresponds to a time, less than the current system unix time, thus implying that the token is stale.

How does the plugin do it?
The plugin code code has access to most of request’s information, including URI. The plugin code, after analyzing the request, tells aiScaler to drop the request.

Defining plugins.

aiScaler will attempt to locate and initialize plugin init function only when you provide init string, in the plugin declaration directive. These are to be placed in global section of aiScaler configuration file.

For example:
req_plugin_define access_pl_func ./access_pl_func.so

The declaration directive is called req_plugin_define . It takes up to 3 parameters: a required exec function name (access_pl_func in this example), module file name where this function is to be located (./demo_pl_func.so) and optional third parameter, an initialization string you want to pass to plugin init function (we won’t use this parameter ). aiScaler doesn’t attempt to interpret the init string in any way and it is up to plugin developer just what and how is placed within the string.

Attaching plugins.

After you define the plugin function, you can then tell aiScaler which plugin exec functions to fire when. You can configure some or all of the defined plugin exec functions to fire at global, website or pattern level.

Pattern level exec functions take precedence over website-level plugins, which in turn take precedence over global-level plugin. You attach plugin exec functions via req_plugin_exec directive. This directive can be placed in global, website or pattern sections. Same function could be used in different sections.

For example: req_plugin_exec access_plugin

Coding the plugin.

See the file access_plugin.c 

The demo_pl_func is the function aiScaler calls, after every URI is received. For more information on the plugin arrchitecture, please refer to Page 147 of the aiScaler user guide ( Please find it in the References section.)
The section of the code where the plugin enforces access token control is reproduced below:

        sec = time (NULL); /* This is the unix epoch time – the number of seconds since Jan 1 1970 */ 

         if (pl_req_data->uri && ((cptr = strstr(pl_req_data->uri,”token=”)) != NULL)) { 


                 cptr += 6; /* Advance cptr to go past the “token=” field in the URI */ 

                     received_token = atoi(cptr); 

                     /* Drop the Request since the access token is stale */ 

                     if(received_token < sec) 

                                 pl_resp_data->action |= PL_RET_F_DROP; 


What the plugin does is that it extracts the Access token from the URI header. This access token is nothing but a Unix representation of the Current Date, Time and the Year. Let us assume that aiScaler has issued the token to correspond to the time that the URI is expected to be valid. The plugin then applies Access Control and appends the “PL_RET_F_DROP” flag which instructs aiScaler to drop the URI if the token is more than the current system time, ie if it is stale. If not, it just does nothing, thus allows the URI to pass through unscathed.

Compiling the plugin.
Here is how you would compile a single plugin source file into a single plugin module (Linux .so file):

gcc -Wall -fPIC -c access_plugin.c

gcc -shared -Wl,-soname,access_pl_func.so -o access_pl_func.so access_plugin.o



Pages 147-156, aiScaler V 6.228 User Guide available at http://aiscaler.com/pdf/adminguide.pdf.


[icon name=icon-folder-close]

[icon name=icon-file] access_pl_func.so 
[icon name=icon-file] access_plugin.c
[icon name=icon-file] plugin.sh
US (208) 948-9786‬   EU ‭+31 621302365