Hi all.
Maybe the problems I am describing are more likely related to Tomcat
users, yet I think that an architecture based on an Apache as front-end
and one or more Tomcat's as back ends is quite common.
Reverse proxying from Apache to Tomcat works, and it still works if we
let Tomcat to provide some authentication and authorization feature
(i.e. via ldap).
Yet I'd like to have authentication (and even authorization) on Apache,
I think it would be more correct. So I tried to study the problem,
having some locations of the Apache protected by a Basic Authentication
and proxy-passed to Tomcat. I expected the Tomcat to preserve the
REMOTE_USER (or HTTP_REMOTE_USER ? ) variable received by Apache. It
does not work.
Do you know how can Tomcat force an environmental variable (coming from
Apache via reverse proxy) into its REMOTE_USER, after recognizing the
REMOTE_ADDR of the federate Apache, without being open to attacks ?
Thanks in advance.
Yours Ezio.
begin:vcard
fn:Ezio Paglia
n:Paglia;Ezio
org:Comune di Grosseto;Servizio Elaborazioni Dati
adr:;;Via Ginori;Grosseto;GR;58100;Italia
email;internet:[EMAIL PROTECTED]
title:Responsabile Area Sistemi
tel;work:+39-0564-410844
version:2.1
end:vcard
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
