Skip to content

Commit dd30004

Browse files
SnawootSnawoot
committed
upd doc
1 parent 3981de7 commit dd30004

1 file changed

Lines changed: 3 additions & 2 deletions

File tree

README.md

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -302,10 +302,11 @@ Authentication parameters are passed as URI via `-auth` parameter. Scheme of URI
302302
* `code` - optional parameter specifying HTTP response code. Default is 403.
303303
* `body` - optional parameter specifying file with response body.
304304
* `headers` - optional parameter specifying file with response headers. It uses format identical to request header file format used by `curl` program.
305-
* `tlscookie` - (EXPERIMENTAL) auth provider which grants access to whitelisted TLS session IDs. Whitelist is checked by query of another auth provider (provided as URL in `lookup` query parameter) with session ID as username and empty password. Example of auth parameter: `-auth tlscookie://?lookup=basicfile%3A%2F%2F%3Fpath%3D%2Fetc%2Fdumbproxy%2Fsessions`. Parameters of this scheme are:
305+
* `tlscookie` - (EXPERIMENTAL) auth provider which grants access to whitelisted TLS session IDs. Whitelist is either checked by query of another auth provider (provided as URL in `lookup` query parameter) with session ID as username and empty password, or checked against list of sessions which once requested some secret domain name through proxy. Example of auth parameter: `-auth tlscookie://?lookup=basicfile%3A%2F%2F%3Fpath%3D%2Fetc%2Fdumbproxy%2Fsessions`. Parameters of this scheme are:
306+
* `hidden_domain` - if specified and is not an empty string, authorize every session ID which requested this secret domain.
306307
* `next` - optional URL specifying the next auth provider to chain to, if authentication succeeded.
307308
* `else` - optional URL specifying the next auth provider to chain to, if authentication failed.
308-
* `lookup` - mandatory URL specifying another auth provider queried for session validity (typically `basicfile` or some Redis-backed password auth). Queries to this lookup provider ask for validity of session providing hexadecimal session ID as username and empty string as password.
309+
* `lookup` - optional URL specifying another auth provider queried for session validity (typically `basicfile` or some Redis-backed password auth). Queries to this lookup provider ask for validity of session providing hexadecimal session ID as username and empty string as password.
309310
310311
## Scripting
311312

0 commit comments

Comments
 (0)