开发者

Apache header based authentication module

开发者 https://www.devze.com 2023-02-27 10:32 出处:网络
Is there an apache authentication module out there, that can blindly trust a header? For instance if a reverse proxy were to put the user \"mboorshtein\" into an http header is there a module that ta

Is there an apache authentication module out there, that can blindly trust a header?

For instance if a reverse proxy were to put the user "mboorshtein" into an http header is there a module that take that header and set the correct data structure in httpd? (2.2.x). I know its insecure but t开发者_运维百科his is just for a prototype, before I go and implement a custom authentication provider.


You can use probably use Apache anonymous auth. It doesn't help you build a new module, though. And the header must be the same as what basic auth uses (i.e. Authorization). For this to be secure, you need to make absolutely sure the server won't accept requests from any other host than the reverse proxy.

http://httpd.apache.org/docs/2.2/mod/mod_authn_anon.html

0

精彩评论

暂无评论...
验证码 换一张
取 消