Forcing a proxied host to generate REMOTE_USER
|
View:
New views
3 Messages
—
Rating Filter:
Alert me
|
 |
Forcing a proxied host to generate REMOTE_USER
by jens persson
::
Rate this Message:
Hello all! I'm having trouble with a proxy setup, where I need to generate a REMOTE_USER variable for a cgi-script, but also allow no-authenticated use. The setup to allow authentication ether by http-auth and remote ip, and then froward the calls to an inner server where the cgi-program checks for the presence of REMOTE_USER in the environment or else uses REMOTE_ADDR (which I extract from HTTP_X_FORWARDED_FOR in a wrapper script). I cant seem to get this working :-( the current config is on these lines: first server: <Location /service> AuthType Basic AuthName "Service domain" AuthUserFile /etc/apache2/passwd/servicepasswd order deny,allow deny from all Include /etc/apache2/passwd/servicedomains require valid-user satisfy any </Location> RewriteRule ^/service/?(.*) http://inner-server/service/$1 [P] Inner server (in service/.htaccess): AuthUserFile /www/conf/servicepasswd AuthName "Service domain" AuthType Basic order deny,allow In this basic setup, nothing works :-) (well I can login and see the application but the application wont get a REMOTE_USER variable), if I add a "require valid-user" on the inner server in works for authenticated user but login via ip-number stops working. After half a day of of searching the documentation and trying various combinations of "Allow from <first server ip>", "satisfy any" etc. I'm stumped. Anyone go any ideas how to do this? Best regards /jp -- jens persson # Don't spend more on programs, Debian <jens@...> # -- Subject on a spam to Mäster Olofsväg 24 # debian-user-swedish S-224 66 LUND;SWEDEN # --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@... " from the digest: users-digest-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Forcing a proxied host to generate REMOTE_USER
by Joshua Slive-2
::
Rate this Message:
On 2/13/06, jens persson <jens@...> wrote:
> > Hello all! > > I'm having trouble with a proxy setup, where I need to generate a > REMOTE_USER variable for a cgi-script, but also allow no-authenticated use. > > The setup to allow authentication ether by http-auth and remote ip, and > then froward the calls to an inner server where the cgi-program checks > for the presence of REMOTE_USER in the environment or else uses > REMOTE_ADDR (which I extract from HTTP_X_FORWARDED_FOR in a wrapper > script). I cant seem to get this working :-( So I guess you want to pass REMOTE_USER from the proxy to the origin server. Something like this might work: RewriteEngine On RewriteCond %{LA-U:REMOTE_USER} (.+) RewriteRule . - [E=RU:%1] Header add X-Forwarded-User %{RU}e (Ouch, that's complicated. And I'm not sure it will work; depends on the order of hook processing.) Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@... " from the digest: users-digest-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Forcing a proxied host to generate REMOTE_USER
by Joshua Slive-2
::
Rate this Message:
On 2/13/06, Joshua Slive <joshua@...> wrote:
> Header add X-Forwarded-User %{RU}e Of course, that should be RequestHeader. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@... " from the digest: users-digest-unsubscribe@... For additional commands, e-mail: users-help@... |
| Free Forum Powered by Nabble | Forum Help |