RE: Passing proxy authentication user name (Apache Users)

The Proxy-Authorization header is being sent from the proxy server so I don't need to recreate it. The problem is that apache is dumping this header and not letting me see it.

This is apache 2.2 on RH 6.3.

There was a mention of REMOTE-USER, however as I understand that, it's only there if authentication is set up on the http server. There is no authentication on the web server, only on the proxy.

Date: Mon, 14 Jan 2013 09:47:12 +1100
From: icicimov@xxxxxxxxx
To: users@xxxxxxxxxxxxxxxx
Subject: Re: Passing proxy authentication user name

On Mon, Jan 14, 2013 at 8:10 AM, Igor Cicimov <icicimov@xxxxxxxxx> wrote:

On 14/01/2013 1:48 AM, "Terry Cooper" <terry.cooper@xxxxxxxxxxxx> wrote:
>
> I am currently attempting to migrate an existing system which is built on the Sun web proxy server and the Sun web server to the Apache web server. The proxy portion will remain on Sun until proxy appliances are obtained and installed, so all I’m dealing with now is the move to Apache HTTPD.
>
>
>
> The current system has user access control that is completely based on the proxy server and acls therein. This means that users log into the proxy, but there is no login requirement on the web servers. There are a number of cgi scripts which need to get the user name to operate correctly. Currently the environment variable HTTP_PROXY_AUTHORIZATION is used to obtain this information, however from what I can find this is not passed by Apache to the scripts. I understand the security issue with this as it contains the password as well, which I don’t need. Is there a way to get at least the user name that is passed by the proxy server.
>
>
>
> I’m sure I’m missing something simple here, but I just can’t seem to find it.
>
>
>
> Thanks,
>
>
>
> Terry

Set a header maybe?

RequestHeader append Proxy-Authorization

I mean there is already Authorization request header set why not using it?