At 09.20 14/06/2005 -0400, you wrote:
I've posted examples of how to do this to the list a few times over the
past several months. If you have trouble finding them in one of the
archives, let me know and I'll send the example conf statements directly
to you.
-Brian
Hi Brian et al.
here my digestion of what you proposed.. [comments welcome]
Thanks to help from the Apache users mailing list, here is a setup for
authenticating with a reverse proxy (i.e., OpenPortalGuard gate keeper).
Objective:
A reverse-proxy handles all the authentication for multilple application
servers behind the proxy. The application servers behave as if they had
handled the authentication themselves (with HTTP BASIC).
Requirements:
The described setup requires Apache 2.0 or higher on the remote proxy
(because only apache 2 adds the RequestHeader directive in
mod-headers). Currently, only Apache 1.3 has been tested as application
server--but higher versions of Apache should work too. It should be
independent on what application server is run (tested with cgi, but also
tomcat via mod-jk, php, quixote via mod-scgi, ecc. should work--this has to
be verified)
Authentication Methods:
Currently, the described setup has been tested with straight HTTP BASIC
Authentication. But I believe it should equally work for more useful
authentication methods including:
- HTTP BASIC over ssl with user DB on LDAP (mod-ssl with mod-ldap or
mod-auth-ldap)
- SSL with client-cert-auth and +fakeBasicAuth
ReverseProxy Setup:
the following directives are a simple test of a reverse proxy:
<Location /test1>
Allow from all
RewriteEngine on
#
AuthType Basic
AuthName "testRealm"
AuthUserFile /path/to/PwdFile
Require user bud ezio
#
# Set a HTTP request-header "OPG_USER" with the
# name of the authenticated user (REMOTE_USER)
#
RewriteCond %{REMOTE_USER} (.*)
RewriteRule .* - [E=OPG_USER:%1]
RequestHeader add OPG_USER "%{OPG_USER}e"
#
RewriteRule ^(.*) http://test1.myDomain.it/$1 [P,L]
</Location>
Application Server Setup:
The following directives make the Apache server behind the proxy set the
REMOTE_USER environment variable to the value set in the HTTP Header "OPG_USER"
RewriteEngine on
RewriteCond %{HTTP:OPG_USER} (.*)
RewriteRule .* - [E=REMOTE_USER:%1]
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
