From 5a869128a4371445471bcd86392680c096240d2c Mon Sep 17 00:00:00 2001 From: Jan Pazdziora Date: Fri, 17 Jan 2014 14:41:19 +0800 Subject: Process incoming HTTP headers in application on backend. Caution: make sure the application is only accessible via a proxy which will properly clear and set these headers, so that the end user cannot gain extra privileges. --- proxy_frontend.conf | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 proxy_frontend.conf (limited to 'proxy_frontend.conf') diff --git a/proxy_frontend.conf b/proxy_frontend.conf new file mode 100644 index 0000000..537c820 --- /dev/null +++ b/proxy_frontend.conf @@ -0,0 +1,13 @@ +ProxyPass /application http://localhost:8888/bapplication + + +RequestHeader unset Authorization + +# Put mod_auth_kerb's authentication result (r->user) to env variable +RewriteEngine on +RewriteCond %{REMOTE_USER} (.+) +RewriteRule ^.+$ - [E=REMOTE_USER:%1] + +RequestHeader unset REMOTE-USER +RequestHeader set REMOTE-USER %{REMOTE_USER}e env=REMOTE_USER + -- cgit