Process incoming HTTP headers in application on backend.proxy-setup

Caution: make sure the application is only accessible via a proxy
which will properly clear and set these headers, so that the end user
cannot gain extra privileges.

1 files changed, 9 insertions, 3 deletions

diff --git a/README b/README
index 1368955..c191769 100644
--- a/README
+++ b/README
@@ -4,11 +4,17 @@ with login form and logout page. It is intentionally written in simple
 perl with the CGI.pm module only used to parse POST values and HTTP
 cookie values, to make it easy to tweak and explore.
 
-If the script is placed to /var/www/app/app.cgi, the following Apache
-httpd directive will enable it on http://server-name/application
+If the script is placed to /var/www/backend/app.cgi, the following Apache
+httpd directive will enable it on backend http://server-name/bapplication
 location:
 
-	ScriptAlias /application /var/www/app/app.cgi
+	ScriptAlias /bapplication /var/www/backend/app.cgi
+
+Then on the frontend server
+
+	ProxyPass /application http://server-name/bapplication
+
+will ensure redirection to the backend server.
 
 The script uses HTTP cookie the-test-cookie to either have value
 ok:login to mean user login is logged in, or value xx to mean the user