Re: [users@httpd] apache as reverse-proxy : forwarding SSL environment variables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

At 09.20 14/06/2005 -0400, you wrote:
I've posted examples of how to do this to the list a few times over the past several months. If you have trouble finding them in one of the archives, let me know and I'll send the example conf statements directly to you. 

-Brian


Hi Brian et al.

here my digestion of what you proposed..  [comments welcome]
Thanks to help from the Apache users mailing list, here is a setup for authenticating with a reverse proxy (i.e., OpenPortalGuard gate keeper). 

Objective:
A reverse-proxy handles all the authentication for multilple application servers behind the proxy. The application servers behave as if they had handled the authentication themselves (with HTTP BASIC). 

Requirements:
The described setup requires Apache 2.0 or higher on the remote proxy (because only apache 2 adds the RequestHeader directive in mod-headers). Currently, only Apache 1.3 has been tested as application server--but higher versions of Apache should work too. It should be independent on what application server is run (tested with cgi, but also tomcat via mod-jk, php, quixote via mod-scgi, ecc. should work--this has to be verified) 

Authentication Methods:
Currently, the described setup has been tested with straight HTTP BASIC Authentication. But I believe it should equally work for more useful authentication methods including: - HTTP BASIC over ssl with user DB on LDAP (mod-ssl with mod-ldap or mod-auth-ldap) 
- SSL with client-cert-auth and +fakeBasicAuth


ReverseProxy Setup:
the following directives are a simple test of a reverse proxy:

<Location /test1>
Allow from all
RewriteEngine on
#
AuthType Basic
AuthName "testRealm"
AuthUserFile /path/to/PwdFile
Require user bud ezio
#
# Set a HTTP request-header "OPG_USER" with the
# name of the authenticated user (REMOTE_USER)
#
RewriteCond %{REMOTE_USER} (.*)
RewriteRule .* - [E=OPG_USER:%1]
RequestHeader add OPG_USER "%{OPG_USER}e"
#
RewriteRule ^(.*) http://test1.myDomain.it/$1 [P,L]
</Location>

Application Server Setup:
The following directives make the Apache server behind the proxy set the REMOTE_USER environment variable to the value set in the HTTP Header "OPG_USER" 

RewriteEngine on
RewriteCond %{HTTP:OPG_USER} (.*)
RewriteRule .* - [E=REMOTE_USER:%1]



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux