From 5a869128a4371445471bcd86392680c096240d2c Mon Sep 17 00:00:00 2001
From: Jan Pazdziora <jpazdziora@redhat.com>
Date: Fri, 17 Jan 2014 14:41:19 +0800
Subject: Process incoming HTTP headers in application on backend.

Caution: make sure the application is only accessible via a proxy
which will properly clear and set these headers, so that the end user
cannot gain extra privileges.
---
 README | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

(limited to 'README')

diff --git a/README b/README
index 1368955..c191769 100644
--- a/README
+++ b/README
@@ -4,11 +4,17 @@ with login form and logout page. It is intentionally written in simple
 perl with the CGI.pm module only used to parse POST values and HTTP
 cookie values, to make it easy to tweak and explore.
 
-If the script is placed to /var/www/app/app.cgi, the following Apache
-httpd directive will enable it on http://server-name/application
+If the script is placed to /var/www/backend/app.cgi, the following Apache
+httpd directive will enable it on backend http://server-name/bapplication
 location:
 
-	ScriptAlias /application /var/www/app/app.cgi
+	ScriptAlias /bapplication /var/www/backend/app.cgi
+
+Then on the frontend server
+
+	ProxyPass /application http://server-name/bapplication
+
+will ensure redirection to the backend server.
 
 The script uses HTTP cookie the-test-cookie to either have value
 ok:login to mean user login is logged in, or value xx to mean the user
-- 
cgit