Form replay allows you to open a session on a protected application by replaying the form POST without asking anything to the user.
Please always try to find another solution to protect your application with LL::NG. At least, check if it is not a known application, or try to adapt its source code.
If you configure form replay with LL::NG, the Handler will catch configured POST URL and send a POST query to the target page (which can be different of the caught page). Each field can be filled with static values or data from user's session.
$_password
to fill any password POST field.
LL::NG can catch a GET request and transform it internally in a POST request. All this work is transparent for the user, he cannot see what data are posted by LL::NG.
You should grab some informations:
For example:
Then go in Manager, Virtual Hosts
» virtualhost » Form replay
and click on Add POST URL
.
Fill values here:
Then click on New POST data
and add all data with their values, for example:
Due to a conflict between LL::NG form replay and Apache mod_proxy (see issue), you cannot use form replay on proxied applications, unless you use LL::NG internal proxy:
<VirtualHost> ServerName test2.example.com PerlHeaderParserHandler My::Package PerlModule Lemonldap::NG::Handler::Proxy SetHandler perl-script PerlHandler Lemonldap::NG::Handler::Proxy PerlSetVar LmProxyPass http://APPLICATION/ PerlSetVar LmLocationToReplace http://APPLICATION/,http://test2.example.com </VirtualHost>