Re: [users@httpd] authenticating reverse proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Apr 8, 2005, at 12:26 PM, Bud P. Bruegger wrote:

Actually I did use ProxyPass:

<Location /bud>
Allow from all
ProxyPass http://www.gol.grosseto.it/cgi-bin/test-env
ProxyPassReverse http://www.gol.grosseto.it/cgi-bin/test-env
AuthType Basic
AuthName "budRealm"
AuthUserFile /var/www/budPwd
Require user bud ezio
RequestHeader add Remote_User "%{REMOTE_USER}e"
</Location>
Hmm... the top-down ordering of your directives seems off. Were I doing this I would definitely put the ProxyPass and ProxyPassReverse statements at the very bottom of the <Location> block. That won't necessarily ensure that your RequestHeader line will be added, but you have a much better chance of it being picked up if you put that statement before/above your proxy statements. 


thanks for the conf snipplet.  I did some tests and it just works.


Glad to hear it.
Why is there such a difference between mod-rewrite and mod-proxy? I thought that mod-rewrite was using mod-proxy to do its work..
I don't have an answer for that, really. But about the only thing I'm sure of is mod_rewrite is using the parts of mod_proxy that set up the X-Forwarded headers. Beyond that, I'm not sure.
Also, why is the env variable REMOTE_USER not directly available to mod-headers?
I'd be very surprised if it wasn't. I think this is related to the order in which you are defining your directives.
So now (thanks to your help!) I manage to propagate the user info. Any suggestions how to fake basic authentication on the application server? Can I simply use RequestHeader add REMOTE_USER for this?
That would depend on the application server... but I'm not sure if you can fake the encoding of the WWW-Authenticate header. Maybe for Basic (not sure how;), but I don't see any way to fake a Digest authenticate header, if you plan to make use of the more secure method... 

-Brian


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux