On Mon, Jan 14, 2013 at 8:10 AM, Igor Cicimov <icicimov@xxxxxxxxx> wrote:
I mean there is already Authorization request header set why not using it?
On 14/01/2013 1:48 AM, "Terry Cooper" <terry.cooper@xxxxxxxxxxxx> wrote:
>
> I am currently attempting to migrate an existing system which is built on the Sun web proxy server and the Sun web server to the Apache web server. The proxy portion will remain on Sun until proxy appliances are obtained and installed, so all I’m dealing with now is the move to Apache HTTPD.
>
>
>
> The current system has user access control that is completely based on the proxy server and acls therein. This means that users log into the proxy, but there is no login requirement on the web servers. There are a number of cgi scripts which need to get the user name to operate correctly. Currently the environment variable HTTP_PROXY_AUTHORIZATION is used to obtain this information, however from what I can find this is not passed by Apache to the scripts. I understand the security issue with this as it contains the password as well, which I don’t need. Is there a way to get at least the user name that is passed by the proxy server.
>
>
>
> I’m sure I’m missing something simple here, but I just can’t seem to find it.
>
>
>
> Thanks,
>
>
>
> TerrySet a header maybe?
RequestHeader append Proxy-Authorization
%{LA-U:variable} can be used for look-aheads which perform
an internal (URL-based) sub-request to determine the final
value of variable. This can be used to access
variable for rewriting which is not available at the current
stage, but will be set in a later phase.
For instance, to rewrite according to the
REMOTE_USER variable from within the
per-server context (httpd.conf file) you must
use %{LA-U:REMOTE_USER} - this
variable is set by the authorization phases, which come
after the URL translation phase (during which mod_rewrite
operates).
</snip>
|