"Protect your master, even if he is without honor...."

This is the home site for the AppSamurai system, which consists of the Apache::AppSamurai Perl modules and supporting files.



There are many ways to protect web applications from attack, but most have a weakness: they allow unauthenticated attackers to fire requests against the entire application. AppSamurai protects web applications from direct attack by unauthenticated users, preventing any access to any part of a protected web application unless the user is properly authenticated. It also adds a flexible authentication front end to applications with limited support for stronger authentication.

AppSamurai is primarily designed to be used as part of a Apache mod_perl proxy inside a DMZ protecting a backend web application in an internal network. It may also be used to protect web applications on AppSamurai server itself. It should also play nice with mod_security and other Apache modules.

Figure 1: Proxy overview diagram
Figure 1: Proxy overview diagram [PNG] [SVG]

Figure 1 shows how AppSamurai would fit into a reverse web proxy configuration to give access to an internal web application.

Example uses of AppSamurai include:

Finally, a quick note on the AppSamurai project's scope:


AppSamurai features include:


AppSamurai requires Apache HTTPD and mod_perl. (Apache 1.x/mod_perl 1.x and Apache 2.x/mod_perl 2.x are supported with the same code base.) In addition, the following are required to install and use Apache::AppSamurai:

Module::Build is used for installation and packaging of Apache::AppSamurai, and is recommended. A simplified Makefile.PL (ExtUtils::MakeMaker) script is also provided in case you prefer the traditional perl Makefile.PL, make, make test, make install flow.

Main development and testing is done on OpenBSD, but Apache::AppSamurai should work on most modern UNIX-like operating systems.

Downloads (How To Get AppSamurai)

Apache::AppSamurai is available for direct download, or can be installed using CPAN.

Current Release: 1.01 (2008-05-03)

Documentation and Support

Links and Other Information

Sorry for the tracking pixel, but I just gots to know