Reputation: 455
Apache header based authentication module
Is there an apache authentication module out there, that can blindly trust a header?
For instance if a reverse proxy were to put the user "mboorshtein" into an http header is there a module that take that header and set the correct data structure in httpd? (2.2.x). I know its insecure but this is just for a prototype, before I go and implement a custom authentication provider.
Upvotes: 1
Views: 1116
Answers (1)
Reputation: 181
You can use probably use Apache anonymous auth. It doesn't help you build a new module, though. And the header must be the same as what basic auth uses (i.e. Authorization). For this to be secure, you need to make absolutely sure the server won't accept requests from any other host than the reverse proxy.
http://httpd.apache.org/docs/2.2/mod/mod_authn_anon.html
Upvotes: -1
Related Questions
- enable Apache http Authorization header
- OAuth 2.0 authentication using Apache HTTPd module
- apache server authentication
- Apache server not allowing Authorization Header in http request
- How do I get <script type="module"> to use the given Authorization header?
- Can apache prevent bearer authentication header?
- Remove basic authentication header with apache mod proxy
- Authorization header and apache_request_headers function
- Apache2 mod_proxy authentication
- How to send kind of persistent "Authorization" headers with PHP