Hi all.Maybe the problems I am describing are more likely related to Tomcat users, yet I think that an architecture based on an Apache as front-end and one or more Tomcat's as back ends is quite common.
Reverse proxying from Apache to Tomcat works, and it still works if we let Tomcat to provide some authentication and authorization feature (i.e. via ldap).
Yet I'd like to have authentication (and even authorization) on Apache, I think it would be more correct. So I tried to study the problem, having some locations of the Apache protected by a Basic Authentication and proxy-passed to Tomcat. I expected the Tomcat to preserve the REMOTE_USER (or HTTP_REMOTE_USER ? ) variable received by Apache. It does not work.
Do you know how can Tomcat force an environmental variable (coming from Apache via reverse proxy) into its REMOTE_USER, after recognizing the REMOTE_ADDR of the federate Apache, without being open to attacks ?
Thanks in advance. Yours Ezio.
begin:vcard fn:Ezio Paglia n:Paglia;Ezio org:Comune di Grosseto;Servizio Elaborazioni Dati adr:;;Via Ginori;Grosseto;GR;58100;Italia email;internet:ezio@xxxxxxxxxxxxxxxxxx title:Responsabile Area Sistemi tel;work:+39-0564-410844 version:2.1 end:vcard
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|