Process incoming HTTP headers in application on backend.proxy-setup

Caution: make sure the application is only accessible via a proxy which will properly clear and set these headers, so that the end user cannot gain extra privileges.
author: Jan Pazdziora <jpazdziora@redhat.com> 2014-01-17 14:41:19 +0800
committer: Jan Pazdziora <jpazdziora@redhat.com> 2016-01-20 09:03:10 +0100
commit: 5a869128a4371445471bcd86392680c096240d2c (patch)
tree: 56a8d2f7eaa16478070880e0ccb5d22b3e145b01 /proxy_frontend.conf
parent: cdaaa88a4c9b516080555aa8b9f9df65ad0b5b90 (diff)
download: CGI-sessions-proxy-setup.tar.gz
CGI-sessions-proxy-setup.tar.xz
CGI-sessions-proxy-setup.zip
1 files changed, 13 insertions, 0 deletions
diff --git a/proxy_frontend.conf b/proxy_frontend.conf
new file mode 100644
index 0000000..537c820
--- /dev/null
+++ b/proxy_frontend.conf
@@ -0,0 +1,13 @@
+ProxyPass /application http://localhost:8888/bapplication
+
+<LocationMatch ^/application/login>
+RequestHeader unset Authorization
+
+# Put mod_auth_kerb's authentication result (r->user) to env variable
+RewriteEngine on
+RewriteCond %{REMOTE_USER} (.+)
+RewriteRule ^.+$ - [E=REMOTE_USER:%1]
+
+RequestHeader unset REMOTE-USER
+RequestHeader set REMOTE-USER %{REMOTE_USER}e env=REMOTE_USER
+</LocationMatch>
author	Jan Pazdziora <jpazdziora@redhat.com>	2014-01-17 14:41:19 +0800
committer	Jan Pazdziora <jpazdziora@redhat.com>	2016-01-20 09:03:10 +0100
commit	5a869128a4371445471bcd86392680c096240d2c (patch)
tree	56a8d2f7eaa16478070880e0ccb5d22b3e145b01 /proxy_frontend.conf
parent	cdaaa88a4c9b516080555aa8b9f9df65ad0b5b90 (diff)
download	CGI-sessions-proxy-setup.tar.gz CGI-sessions-proxy-setup.tar.xz CGI-sessions-proxy-setup.zip