RabbitMQ needs restarting to pick up config changes:
http://www.rabbitmq.com/configure.html
Adam, it would be *immensely* helpful if you post log file contents
instead of leaving folks on this list guessing why authentication fails.
On 21 April 2016 at 23:23:18, Adam Milton-Barker (
adammilt...@gmail.com) wrote:
> Using the suggested methods, cannot connect to the management on a
> different port with ssl activated, steps taken were updating the conf file
> (Which is now commented out again ) and then opening the port through
> firewall also cannot authenticate via the plugin:
>
> %% -*- mode: erlang -*-
> %%
> ----------------------------------------------------------------------------
> %% RabbitMQ Sample Configuration File.
> %%
> %% See
http://www.rabbitmq.com/configure.html for details.
> %%
> ----------------------------------------------------------------------------
> [
> {ssl, [{versions, ['tlsv1.2', 'tlsv1.1']}]},
> {rabbit,
> [%%
> %% Network Connectivity
> %% ====================
> %%
>
> %% By default, RabbitMQ will listen on all interfaces, using
> %% the standard (reserved) AMQP port.
> %%
> %%{tcp_listeners, [5672]},
>
> %% To listen on a specific interface, provide a tuple of {IpAddress,
> Port}.
> %% For example, to listen only on localhost for both IPv4 and IPv6:
> %%
> %% {tcp_listeners, [{"127.0.0.1", 5672},
> %% {"::1", 5672}]},
>
> %% SSL listeners are configured in the same fashion as TCP listeners,
> %% including the option to control the choice of interface.
> %%
> {ssl_listeners, [5671]},
>
> %% Number of Erlang processes that will accept connections for the TCP
> %% and SSL listeners.
> %%
> %% {num_tcp_acceptors, 10},
> %% {num_ssl_acceptors, 1},
>
> %% Maximum time for AMQP 0-8/0-9/0-9-1 handshake (after socket connection
> %% and SSL handshake), in milliseconds.
> %%
> %% {handshake_timeout, 10000},
>
> %% Log levels (currently just used for connection logging).
> %% One of 'debug', 'info', 'warning', 'error' or 'none', in decreasing
> %% order of verbosity. Defaults to 'info'.
> %%
> {log_levels, [{connection, info}, {channel, info}]},
>
> %% Set to 'true' to perform reverse DNS lookups when accepting a
> %% connection. Hostnames will then be shown instead of IP addresses
> %% in rabbitmqctl and the management plugin.
> %%
> %% {reverse_dns_lookups, true},
>
> %%
> %% Security / AAA
> %% ==============
> %%
>
> %% The default "guest" user is only permitted to access the server
> %% via a loopback interface (e.g. localhost).
> %% {loopback_users, [<<"guest">>]},
> %%
> %% Uncomment the following line if you want to allow access to the
> %% guest user from anywhere on the network.
> %% {loopback_users, []},
>
> %% Configuring SSL.
> %% See
http://www.rabbitmq.com/ssl.html for full documentation.
> %%
>
> {ssl_options, [{cacertfile, "/etc/rabbitmq/certs/ca.pem"},
> {certfile, "/etc/rabbitmq/certs/crt.pem"},
> {keyfile, "/etc/rabbitmq/certs/key.pem"},
> {versions, ['tlsv1.2', 'tlsv1.1']},
> {verify, verify_peer},
> {fail_if_no_peer_cert, false}]},
>
>
> %% Choose the available SASL mechanism(s) to expose.
> %% The two default (built in) mechanisms are 'PLAIN' and
> %% 'AMQPLAIN'. Additional mechanisms can be added via
> %% plugins.
> %%
> %% See
http://www.rabbitmq.com/authentication.html for more details.
> %%
> %% {auth_mechanisms, ['PLAIN', 'AMQPLAIN']},
>
> %% Select an authentication database to use. RabbitMQ comes bundled
> %% with a built-in auth-database, based on mnesia.
> %%
> {auth_backends, [rabbit_auth_backend_http]},
>
> %% Configurations supporting the rabbitmq_auth_mechanism_ssl and
> %% rabbitmq_auth_backend_ldap plugins.
> %%
> %% NB: These options require that the relevant plugin is enabled.
> %% See
http://www.rabbitmq.com/plugins.html for further details.
>
> %% The RabbitMQ-auth-mechanism-ssl plugin makes it possible to
> %% authenticate a user based on the client's SSL certificate.
> %%
> %% To use auth-mechanism-ssl, add to or replace the auth_mechanisms
> %% list with the entry 'EXTERNAL'.
> %%
> %% {auth_mechanisms, ['EXTERNAL']},
>
> %% The rabbitmq_auth_backend_ldap plugin allows the broker to
> %% perform authentication and authorisation by deferring to an
> %% external LDAP server.
> %%
> %% For more information about configuring the LDAP backend, see
> %%
http://www.rabbitmq.com/ldap.html.
> %%
> %% Enable the LDAP auth backend by adding to or replacing the
> %% auth_backends entry:
> %%
> %% {auth_backends, [rabbit_auth_backend_ldap]},
>
> %% This pertains to both the rabbitmq_auth_mechanism_ssl plugin and
> %% STOMP ssl_cert_login configurations. See the rabbitmq_stomp
> %% configuration section later in this file and the README in
> %%
https://github.com/rabbitmq/rabbitmq-auth-mechanism-ssl for further
> %% details.
> %%
> %% To use the SSL cert's CN instead of its DN as the username
> %%
> %% {ssl_cert_login_from, common_name},
>
> %% SSL handshake timeout, in milliseconds.
> %%
> %% {ssl_handshake_timeout, 5000},
>
> %% Password hashing implementation. Will only affect newly
> %% created users. To recalculate hash for an existing user
> %% it's necessary to update her password.
> %%
> %% {password_hashing_module, rabbit_password_hashing_sha256},
>
> %%
> %% Default User / VHost
> %% ====================
> %%
>
> %% On first start RabbitMQ will create a vhost and a user. These
> %% config items control what gets created. See
> %%
http://www.rabbitmq.com/access-control.html for further
> %% information about vhosts and access control.
> %%
> %% {default_vhost, <<"/">>},
> %% {default_user, <<"guest">>},
> %% {default_pass, <<"guest">>},
> %% {default_permissions, [<<".*">>, <<".*">>, <<".*">>]},
>
> %% Tags for default user
> %%
> %% For more details about tags, see the documentation for the
> %% Management Plugin at
http://www.rabbitmq.com/management.html.
> %%
> %% {default_user_tags, [administrator]},
>
> %%
> %% Additional network and protocol related configuration
> %% =====================================================
> %%
>
> %% Set the default AMQP heartbeat delay (in seconds).
> %%
> %% {heartbeat, 600},
>
> %% Set the max permissible size of an AMQP frame (in bytes).
> %%
> %% {frame_max, 131072},
>
> %% Set the max frame size the server will accept before connection
> %% tuning occurs
> %%
> %% {initial_frame_max, 4096},
>
> %% Set the max permissible number of channels per connection.
> %% 0 means "no limit".
> %%
> %% {channel_max, 128},
>
> %% Customising Socket Options.
> %%
> %% See (
http://www.erlang.org/doc/man/inet.html#setopts-2) for
> %% further documentation.
> %%
> %% {tcp_listen_options, [{backlog, 128},
> %% {nodelay, true},
> %% {exit_on_close, false}]},
>
> %%
> %% Resource Limits & Flow Control
> %% ==============================
> %%
> %% See
http://www.rabbitmq.com/memory.html for full details.
>
> %% Memory-based Flow Control threshold.
> %%
> %% {vm_memory_high_watermark, 0.4},
>
> %% Alternatively, we can set a limit (in bytes) of RAM used by the node.
> %%
> %% {vm_memory_high_watermark, {absolute, 1073741824}},
> %%
> %% Or you can set absolute value using memory units.
> %%
> %% {vm_memory_high_watermark, {absolute, "1024M"}},
> %%
> %% Supported units suffixes:
> %%
> %% k, kiB: kibibytes (2^10 bytes)
> %% M, MiB: mebibytes (2^20)
> %% G, GiB: gibibytes (2^30)
> %% kB: kilobytes (10^3)
> %% MB: megabytes (10^6)
> %% GB: gigabytes (10^9)
>
> %% Fraction of the high watermark limit at which queues start to
> %% page message out to disc in order to free up memory.
> %%
> %% Values greater than 0.9 can be dangerous and should be used carefully.
> %%
> %% {vm_memory_high_watermark_paging_ratio, 0.5},
>
> %% Interval (in milliseconds) at which we perform the check of the memory
> %% levels against the watermarks.
> %%
> %% {memory_monitor_interval, 2500},
>
> %% Set disk free limit (in bytes). Once free disk space reaches this
> %% lower bound, a disk alarm will be set - see the documentation
> %% listed above for more details.
> %%
> %% {disk_free_limit, 50000000},
> %%
> %% Or you can set it using memory units (same as in
> vm_memory_high_watermark)
> %% {disk_free_limit, "50MB"},
> %% {disk_free_limit, "50000kB"},
> %% {disk_free_limit, "2GB"},
>
> %% Alternatively, we can set a limit relative to total available RAM.
> %%
> %% Values lower than 1.0 can be dangerous and should be used carefully.
> %% {disk_free_limit, {mem_relative, 2.0}},
>
> %%
> %% Misc/Advanced Options
> %% =====================
> %%
> %% NB: Change these only if you understand what you are doing!
> %%
>
> %% To announce custom properties to clients on connection:
> %%
> %% {server_properties, []},
>
> %% How to respond to cluster partitions.
> %% See
http://www.rabbitmq.com/partitions.html for further details.
> %%
> %% {cluster_partition_handling, ignore},
>
> %% Make clustering happen *automatically* at startup - only applied
> %% to nodes that have just been reset or started for the first time.
> %% See
http://www.rabbitmq.com/clustering.html#auto-config for
> %% further details.
> %%
> %% {cluster_nodes, {['
rab...@my.host.com'], disc}},
>
> %% Interval (in milliseconds) at which we send keepalive messages
> %% to other cluster members. Note that this is not the same thing
> %% as net_ticktime; missed keepalive messages will not cause nodes
> %% to be considered down.
> %%
> %% {cluster_keepalive_interval, 10000},
>
> %% Set (internal) statistics collection granularity.
> %%
> %% {collect_statistics, none},
>
> %% Statistics collection interval (in milliseconds).
> %%
> %% {collect_statistics_interval, 5000},
>
> %% Explicitly enable/disable hipe compilation.
> %%
> %% {hipe_compile, true},
>
> %% Timeout used when waiting for Mnesia tables in a cluster to
> %% become available.
> %%
> %% {mnesia_table_loading_timeout, 30000},
>
> %% Size in bytes below which to embed messages in the queue index. See
> %%
http://www.rabbitmq.com/persistence-conf.html
> %%
> %% {queue_index_embed_msgs_below, 4096}
>
> ]},
> {rabbitmq_auth_backend_http,
> [{user_path,
> "
https://iot.techbubbletechnologies.com/API/AMQP/Authenticate/1_0/auth.php"},
> {vhost_path,
> "
https://iot.techbubbletechnologies.com/API/AMQP/Authenticate/1_0/auth.php"},
> {resource_path,
> "
https://iot.techbubbletechnologies.com/API/AMQP/Authenticate/1_0/auth.php"}]},
>
> %%
> ----------------------------------------------------------------------------
> %% Advanced Erlang Networking/Clustering Options.
> %%
> %% See
http://www.rabbitmq.com/clustering.html for details
> %%
> ----------------------------------------------------------------------------
> {kernel,
> [%% Sets the net_kernel tick time.
> %% Please see
http://erlang.org/doc/man/kernel_app.html and
> %%
http://www.rabbitmq.com/nettick.html for further details.
> %%
> %% {net_ticktime, 60}
> ]},
>
> %%
> ----------------------------------------------------------------------------
> %% RabbitMQ Management Plugin
> %%
> %% See
http://www.rabbitmq.com/management.html for details
> %%
> ----------------------------------------------------------------------------
>
> {rabbitmq_management,
> [%% Pre-Load schema definitions from the following JSON file. See
> %%
http://www.rabbitmq.com/management.html#load-definitions
> %%
> %% {load_definitions, "/path/to/schema.json"},
>
> %% Log all requests to the management HTTP API to a file.
> %%
> %% {http_log_dir, "/path/to/access.log"},
>
> %% Change the port on which the HTTP listener listens,
> %% specifying an interface for the web server to bind to.
> %% Also set the listener to use SSL and provide SSL options.
> %%
> %%{listener, [{port, 12345},
> %% {ssl, true},
> %% {ssl_opts, [{cacertfile,
> "/etc/rabbitmq/certs/ca.pem"},
> %% {certfile, "/etc/rabbitmq/certs/crt.pem"},
> %% {keyfile,
> "/etc/rabbitmq/certs/key.pem"}]},
> %%
> %% One of 'basic', 'detailed' or 'none'. See
> %%
http://www.rabbitmq.com/management.html#fine-stats for more details.
> %% {rates_mode, basic},
>
> %% Configure how long aggregated data (such as message rates and queue
> %% lengths) is retained. Please read the plugin's documentation in
> %%
http://www.rabbitmq.com/management.html#configuration for more
> %% details.
> %%
> %% {sample_retention_policies,
> %% [{global, [{60, 5}, {3600, 60}, {86400, 1200}]},
> %% {basic, [{60, 5}, {3600, 60}]},
> %% {detailed, [{10, 5}]}]}
> ]},
>
> %%
> ----------------------------------------------------------------------------
> %% RabbitMQ Shovel Plugin
> %%
> %% See
http://www.rabbitmq.com/shovel.html for details
> %%
> ----------------------------------------------------------------------------
>
> {rabbitmq_shovel,
> [{shovels,
> [%% A named shovel worker.
> %% {my_first_shovel,
> %% [
>
> %% List the source broker(s) from which to consume.
> %%
> %% {sources,
> %% [%% URI(s) and pre-declarations for all source broker(s).
> %% {brokers, ["amqp://user:pass...@host.domain/my_vhost"]},
> %% {declarations, []}
> %% ]},
>
> %% List the destination broker(s) to publish to.
> %% {destinations,
> %% [%% A singular version of the 'brokers' element.
> %% {broker, "amqp://"},
> %% {declarations, []}
> %% ]},
>
> %% Name of the queue to shovel messages from.
> %%
> %% {queue, <<"your-queue-name-goes-here">>},
>
> %% Optional prefetch count.
> %%
> %% {prefetch_count, 10},
>
> %% when to acknowledge messages:
> %% - no_ack: never (auto)
> %% - on_publish: after each message is republished
> %% - on_confirm: when the destination broker confirms receipt
> %%
> %% {ack_mode, on_confirm},
>
> %% Overwrite fields of the outbound basic.publish.
> %%
> %% {publish_fields, [{exchange, <<"my_exchange">>},
> %% {routing_key, <<"from_shovel">>}]},
>
> %% Static list of basic.properties to set on re-publication.
> %%
> %% {publish_properties, [{delivery_mode, 2}]},
>
> %% The number of seconds to wait before attempting to
> %% reconnect in the event of a connection failure.
> %%
> %% {reconnect_delay, 2.5}
>
> %% ]} %% End of my_first_shovel
> ]}
> %% Rather than specifying some values per-shovel, you can specify
> %% them for all shovels here.
> %%
> %% {defaults, [{prefetch_count, 0},
> %% {ack_mode, on_confirm},
> %% {publish_fields, []},
> %% {publish_properties, [{delivery_mode, 2}]},
> %% {reconnect_delay, 2.5}]}
> ]},
>
> %%
> ----------------------------------------------------------------------------
> %% RabbitMQ Stomp Adapter
> %%
> %% See
http://www.rabbitmq.com/stomp.html for details
> %%
> ----------------------------------------------------------------------------
>
> {rabbitmq_stomp,
> [%% Network Configuration - the format is generally the same as for the
> broker
>
> %% Listen only on localhost (ipv4 & ipv6) on a specific port.
> %% {tcp_listeners, [{"127.0.0.1", 61613},
> %% {"::1", 61613}]},
>
> %% Listen for SSL connections on a specific port.
> %% {ssl_listeners, [61614]},
>
> %% Number of Erlang processes that will accept connections for the TCP
> %% and SSL listeners.
> %%
> %% {num_tcp_acceptors, 10},
> %% {num_ssl_acceptors, 1},
>
> %% Additional SSL options
>
> %% Extract a name from the client's certificate when using SSL.
> %%
> %% {ssl_cert_login, true},
>
> %% Set a default user name and password. This is used as the default
> login
> %% whenever a CONNECT frame omits the login and passcode headers.
> %%
> %% Please note that setting this will allow clients to connect without
> %% authenticating!
> %%
> %% {default_user, [{login, "guest"},
> %% {passcode, "guest"}]},
>
> %% If a default user is configured, or you have configured use SSL client
> %% certificate based authentication, you can choose to allow clients to
> %% omit the CONNECT frame entirely. If set to true, the client is
> %% automatically connected as the default user or user supplied in the
> %% SSL certificate whenever the first frame sent on a session is not a
> %% CONNECT frame.
> %%
> %% {implicit_connect, true}
> ]},
>
> %%
> ----------------------------------------------------------------------------
> %% RabbitMQ MQTT Adapter
> %%
> %% See
https://github.com/rabbitmq/rabbitmq-mqtt/blob/stable/README.md
> %% for details
> %%
> ----------------------------------------------------------------------------
>
> {rabbitmq_mqtt,
> [%% Set the default user name and password. Will be used as the default
> login
> %% if a connecting client provides no other login details.
> %%
> %% Please note that setting this will allow clients to connect without
> %% authenticating!
> %%
> %% {default_user, <<"guest">>},
> %% {default_pass, <<"guest">>},
>
> %% Enable anonymous access. If this is set to false, clients MUST provide
> %% login information in order to connect. See the
> default_user/default_pass
> %% configuration elements for managing logins without authentication.
> %%
> %% {allow_anonymous, true},
>
> %% If you have multiple chosts, specify the one to which the
> %% adapter connects.
> %%
> %% {vhost, <<"/">>},
>
> %% Specify the exchange to which messages from MQTT clients are
> published.
> %%
> %% {exchange, <<"amq.topic">>},
>
> %% Specify TTL (time to live) to control the lifetime of non-clean
> sessions.
> %%
> %% {subscription_ttl, 1800000},
>
> %% Set the prefetch count (governing the maximum number of unacknowledged
> %% messages that will be delivered).
> %%
> %% {prefetch, 10},
>
> %% TCP/SSL Configuration (as per the broker configuration).
> %%
> %% {tcp_listeners, [1883]},
> %% {ssl_listeners, []},
>
> %% Number of Erlang processes that will accept connections for the TCP
> %% and SSL listeners.
> %%
> %% {num_tcp_acceptors, 10},
> %% {num_ssl_acceptors, 1},
>
> %% TCP/Socket options (as per the broker configuration).
> %%
> %% {tcp_listen_options, [{backlog, 128},
> %% {nodelay, true}]}
> ]},
>
> %%
> ----------------------------------------------------------------------------
> %% RabbitMQ AMQP 1.0 Support
> %%
> %% See
https://github.com/rabbitmq/rabbitmq-amqp1.0/blob/stable/README.md
> %% for details
> %%
> ----------------------------------------------------------------------------
>
> {rabbitmq_amqp1_0,
> [%% Connections that are not authenticated with SASL will connect as this
> %% account. See the README for more information.
> %%
> %% Please note that setting this will allow clients to connect without
> %% authenticating!
> %%
> %% {default_user, "guest"},
>
> %% Enable protocol strict mode. See the README for more information.
> %%
> %% {protocol_strict_mode, false}
> ]},
>
> %%
> ----------------------------------------------------------------------------
> %% RabbitMQ LDAP Plugin
> %%
> %% See
http://www.rabbitmq.com/ldap.html for details.
> %%
> %%
> ----------------------------------------------------------------------------
>
> {rabbitmq_auth_backend_ldap,
> [%%
> %% Connecting to the LDAP server(s)
> %% ================================
> %%
>
> %% Specify servers to bind to. You *must* set this in order for the
> plugin
> %% to work properly.
> %%
> %% {servers, ["your-server-name-goes-here"]},
>
> %% Connect to the LDAP server using SSL
> %%
> %% {use_ssl, false},
>
> %% Specify the LDAP port to connect to
> %%
> %% {port, 389},
>
> %% LDAP connection timeout, in milliseconds or 'infinity'
> %%
> %% {timeout, infinity},
>
> %% Enable logging of LDAP queries.
> %% One of
> %% - false (no logging is performed)
> %% - true (verbose logging of the logic used by the plugin)
> %% - network (as true, but additionally logs LDAP network traffic)
> %%
> %% Defaults to false.
> %%
> %% {log, false},
>
> %%
> %% Authentication
> %% ==============
> %%
>
> %% Pattern to convert the username given through AMQP to a DN before
> %% binding
> %%
> %% {user_dn_pattern, "cn=${username},ou=People,dc=example,dc=com"},
>
> %% Alternatively, you can convert a username to a Distinguished
> %% Name via an LDAP lookup after binding. See the documentation for
> %% full details.
>
> %% When converting a username to a dn via a lookup, set these to
> %% the name of the attribute that represents the user name, and the
> %% base DN for the lookup query.
> %%
> %% {dn_lookup_attribute, "userPrincipalName"},
> %% {dn_lookup_base, "DC=gopivotal,DC=com"},
>
> %% Controls how to bind for authorisation queries and also to
> %% retrieve the details of users logging in without presenting a
> %% password (e.g., SASL EXTERNAL).
> %% One of
> %% - as_user (to bind as the authenticated user - requires a password)
> %% - anon (to bind anonymously)
> %% - {UserDN, Password} (to bind with a specified user name and
> password)
> %%
> %% Defaults to 'as_user'.
> %%
> %% {other_bind, as_user},
>
> %%
> %% Authorisation
> %% =============
> %%
>
> %% The LDAP plugin can perform a variety of queries against your
> %% LDAP server to determine questions of authorisation. See
> %%
http://www.rabbitmq.com/ldap.html#authorisation for more
> %% information.
>
> %% Set the query to use when determining vhost access
> %%
> %% {vhost_access_query, {in_group,
> %%
> "ou=${vhost}-users,ou=vhosts,dc=example,dc=com"}},
>
> %% Set the query to use when determining resource (e.g., queue) access
> %%
> %% {resource_access_query, {constant, true}},
>
> %% Set queries to determine which tags a user has
> %%
> %% {tag_queries, []}
> ]}
> ].
>
>
> ANd for the plugin script:
>
>
>
> class IoTJumpWayAMQP{
> protected $_Secure_Connection;
> public function __construct(Connection $dbcon) {
> $this->_Secure_Connection = $dbcon->dbcon;
> }
> public static function verify_password($password,$hash) {
> return password_verify($password, $hash);
> }
> public function validateUser(){
> $TechBubble_DBQuery = $this->_Secure_Connection->prepare("
> SELECT *
> FROM DBTABLE
> WHERE usr=:usr
> ");
> $TechBubble_DBQuery->execute([
> ':usr'=>filter_input(INPUT_GET,'username',FILTER_SANITIZE_STRING)
> ]);
> $usrDta=$TechBubble_DBQuery->fetch(PDO::FETCH_ASSOC);
> return $usrDta;
> }
> }
>
> $IoTJumpWayAMQP = new IoTJumpWayAMQP($_Connection);
>
> if(filter_input(INPUT_GET,'username',FILTER_SANITIZE_STRING)):
>
> $usrExists = $IoTJumpWayAMQP->validateUser();
> if($usrExists['id']):
> if(filter_input(INPUT_GET,'password',FILTER_SANITIZE_STRING)):
> if($IoTJumpWayAMQP->verify_password(filter_input(INPUT_GET,'password',FILTER_SANITIZE_STRING),$usrExists['pwd'])):
> echo "allow " . $usrExists['usrLvl'];
> else:
> echo "deny";
> endif;
> elseif(filter_input(INPUT_GET,'name',FILTER_SANITIZE_STRING)):
> if($usrExists['typer']=="device"):
>
> $valid_names =[
> $usrExists['lcnid']."_devices_".$usrExists['id']."_commands",
> $usrExists['lcnid']."_devices_".$usrExists['id']."_sensors",
> $usrExists['lcnid']."_devices_".$usrExists['id']."_actuators",
> $usrExists['lcnid']."_devices_".$usrExists['id']."_warnings",
> ];
> if( in_array(filter_input(INPUT_GET,'name',FILTER_SANITIZE_STRING),
> $valid_names) ):
> echo "allow";
> else:
> echo "deny";
> endif;
> else:
>
> $valid_names =[
> $usrExists['lcnid']."_".$usrExists['id']."_commands",
> $usrExists['lcnid']."_".$usrExists['id']."_sensors",
> $usrExists['lcnid']."_".$usrExists['id']."_actuators",
> $usrExists['lcnid']."_".$usrExists['id']."_warnings",
> ];
> if( in_array(filter_input(INPUT_GET,'name',FILTER_SANITIZE_STRING),
> $valid_names) ):
> echo "allow";
> else:
> echo "deny";
> endif;
> endif;
> elseif( filter_input(INPUT_GET,'vhost',FILTER_SANITIZE_STRING)):
> echo "allow";
> else:
> echo "deny";
> endif;
> else:
> echo "deny";
> endif;
>
> else:
> echo "deny";
> endif;