diff options
author | Jan Pazdziora <jpazdziora@redhat.com> | 2014-01-17 14:41:19 +0800 |
---|---|---|
committer | Jan Pazdziora <jpazdziora@redhat.com> | 2016-01-20 09:03:10 +0100 |
commit | 5a869128a4371445471bcd86392680c096240d2c (patch) | |
tree | 56a8d2f7eaa16478070880e0ccb5d22b3e145b01 /proxy_frontend.conf | |
parent | cdaaa88a4c9b516080555aa8b9f9df65ad0b5b90 (diff) | |
download | CGI-sessions-proxy-setup.tar.gz CGI-sessions-proxy-setup.tar.xz CGI-sessions-proxy-setup.zip |
Process incoming HTTP headers in application on backend.proxy-setup
Caution: make sure the application is only accessible via a proxy
which will properly clear and set these headers, so that the end user
cannot gain extra privileges.
Diffstat (limited to 'proxy_frontend.conf')
-rw-r--r-- | proxy_frontend.conf | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/proxy_frontend.conf b/proxy_frontend.conf new file mode 100644 index 0000000..537c820 --- /dev/null +++ b/proxy_frontend.conf @@ -0,0 +1,13 @@ +ProxyPass /application http://localhost:8888/bapplication + +<LocationMatch ^/application/login> +RequestHeader unset Authorization + +# Put mod_auth_kerb's authentication result (r->user) to env variable +RewriteEngine on +RewriteCond %{REMOTE_USER} (.+) +RewriteRule ^.+$ - [E=REMOTE_USER:%1] + +RequestHeader unset REMOTE-USER +RequestHeader set REMOTE-USER %{REMOTE_USER}e env=REMOTE_USER +</LocationMatch> |