Hi all;
I'm trying to strip out NTLM as an authentication option from response
packets (my Apache is acting as a reverse proxy). At first I did this
blindly with the Header command:
Header always unset WWW-Authenticate
Header always set WWW-Authenticate "Basic realm='%{SERVER_NAME}e'"
Header onsuccess unset WWW-Authenticate
However, this has the side effect of setting WWW-Authenticate: Basic ..
on *every* response. Ideally I'd like to only do the replacement on
response headers that contain WWW-Authenticate: NTLM. I thought
perhaps I could do this with SetEnvIf:
SetEnvIfNoCase WWW-Authenticate "^NTLM$" HAS_NTLM
Header always unset WWW-Authenticate env=HAS_NTLM
Header always set WWW-Authenticate "Basic realm='%{SERVER_NAME}e'" env=HAS_NTLM
This would work much better except that it appears SetEnfIf* only works
on request headers and not on response headers.
I came across this[1] patch from a few years back that would seem to
address this, but no indication of whether or not it was ever seriously
considered for inclusion in Apache.
Maybe there's an alternate, elegant way to do what I'm wanting? I
realize I could probalby use an external output filter of some sort,
but that's not an ideal solution in my case (too much overhead).
Any suggestions?
Ray
[1] http://marc.info/?l=apache-httpd-dev&m=114839705130894&w=2
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|