On Mon, Jan 14, 2013 at 9:47 AM, Igor Cicimov <icici...@gmail.com> wrote:
> On Mon, Jan 14, 2013 at 8:10 AM, Igor Cicimov <icici...@gmail.com> wrote:
>
>>
>> On 14/01/2013 1:48 AM, "Terry Cooper" <terry.coo...@sympatico.ca> wrote:
>> >
>> > I am currently attempting to migrate an existing system which is built
>> on the Sun web proxy server and the Sun web server to the Apache web
>> server. The proxy portion will remain on Sun until proxy appliances are
>> obtained and installed, so all I’m dealing with now is the move to Apache
>> HTTPD.
>> >
>> >
>> >
>> > The current system has user access control that is completely based on
>> the proxy server and acls therein. This means that users log into the
>> proxy, but there is no login requirement on the web servers. There are a
>> number of cgi scripts which need to get the user name to operate correctly.
>> Currently the environment variable HTTP_PROXY_AUTHORIZATION is used to
>> obtain this information, however from what I can find this is not passed by
>> Apache to the scripts. I understand the security issue with this as it
>> contains the password as well, which I don’t need. Is there a way to get at
>> least the user name that is passed by the proxy server.
>> >
>> >
>> >
>> > I’m sure I’m missing something simple here, but I just can’t seem to
>> find it.
>> >
>> >
>> >
>> > Thanks,
>> >
>> >
>> >
>> > Terry
>>
>> Set a header maybe?
>>
>> RequestHeader append Proxy-Authorization
>>
> I mean there is already Authorization request header set why not using it?
>
>
I remember mod_rewrite has lookahead option that look slike this:
<snip>
%{LA-U:variable} can be used for look-aheads which perform an internal
(URL-based) sub-request to determine the final value of *variable*. This
can be used to access variable for rewriting which is not available at the
current stage, but will be set in a later phase.
For instance, to rewrite according to the REMOTE_USER variable from within
the per-server context (httpd.conf file) you must use %{LA-U:REMOTE_USER} -
this variable is set by the authorization phases, which come *after* the
URL translation phase (during which mod_rewrite operates).
</snip>
So would say you can use this in a rewrite rule to pass on the REMOTE_USER
in the query string for example by using the QSA flag and proxying to the
backend in the same time:
RewriteCond %{LA-U:REMOTE_USER} (.*)
RewriteRule ^/something.html something.jsp?userid=%{LA-U:REMOTE_USER}
[QSA,P,L]
Just an idea and completely untested. Hope someone will correct me in case
I'm talking gibberish here ....
