开发者

Apache header based authentication module

Is there an apache authentication module out there, that can blindly trust a header?

For instance if a reverse proxy were to put the user "mboorshtein" into an http header is there a module that take that header and set the correct data structure in httpd? (2.2.x). I know its insecure but t开发者_运维百科his is just for a prototype, before I go and implement a custom authentication provider.


You can use probably use Apache anonymous auth. It doesn't help you build a new module, though. And the header must be the same as what basic auth uses (i.e. Authorization). For this to be secure, you need to make absolutely sure the server won't accept requests from any other host than the reverse proxy.

http://httpd.apache.org/docs/2.2/mod/mod_authn_anon.html

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜