Apache header based authentication module
Is there an apache authentication module out there, that can blindly trust a header?
For instance if a reverse proxy were to put the user "mboorshtein" into an http header is there a module that take that header and set the correct data structure in httpd? (2.2.x). I know its insecure but t开发者_运维百科his is just for a prototype, before I go and implement a custom authentication provider.
You can use probably use Apache anonymous auth. It doesn't help you build a new module, though. And the header must be the same as what basic auth uses (i.e. Authorization). For this to be secure, you need to make absolutely sure the server won't accept requests from any other host than the reverse proxy.
http://httpd.apache.org/docs/2.2/mod/mod_authn_anon.html
精彩评论