The Proxy-Authorization header is being sent from the proxy server so I don't
need to recreate it. The problem is that apache is dumping this header and not
letting me see it.
This is apache 2.2 on RH 6.3.
There was a mention of REMOTE-USER, however as I understand that, it's only
there if authentication is set up on the http server. There is no
authentication on the web server, only on the proxy.
Date: Mon, 14 Jan 2013 09:47:12 +1100
From: icici...@gmail.com
To: users@httpd.apache.org
Subject: Re: [users@httpd] Passing proxy authentication user name
On Mon, Jan 14, 2013 at 8:10 AM, Igor Cicimov <icici...@gmail.com> wrote:
On 14/01/2013 1:48 AM, "Terry Cooper" <terry.coo...@sympatico.ca> wrote:
>
> I am currently attempting to migrate an existing system which is built on the
> Sun web proxy server and the Sun web server to the Apache web server. The
> proxy portion will remain on Sun until proxy appliances are obtained and
> installed, so all I’m dealing with now is the move to Apache HTTPD.
>
>
>
> The current system has user access control that is completely based on the
> proxy server and acls therein. This means that users log into the proxy, but
> there is no login requirement on the web servers. There are a number of cgi
> scripts which need to get the user name to operate correctly. Currently the
> environment variable HTTP_PROXY_AUTHORIZATION is used to obtain this
> information, however from what I can find this is not passed by Apache to the
> scripts. I understand the security issue with this as it contains the
> password as well, which I don’t need. Is there a way to get at least the user
> name that is passed by the proxy server.
>
>
>
> I’m sure I’m missing something simple here, but I just can’t seem to find it.
>
>
>
> Thanks,
>
>
>
> Terry
Set a header maybe?
RequestHeader append Proxy-Authorization
I mean there is already Authorization request header set why not using it?
