1

Is there an apache authentication module out there, that can blindly trust a header?

For instance if a reverse proxy were to put the user "mboorshtein" into an http header is there a module that take that header and set the correct data structure in httpd? (2.2.x). I know its insecure but this is just for a prototype, before I go and implement a custom authentication provider.

Rafał Rawicki
  • 22,324
  • 5
  • 59
  • 79
mlbiam
  • 415
  • 4
  • 17

1 Answers1

-1

You can use probably use Apache anonymous auth. It doesn't help you build a new module, though. And the header must be the same as what basic auth uses (i.e. Authorization). For this to be secure, you need to make absolutely sure the server won't accept requests from any other host than the reverse proxy.

http://httpd.apache.org/docs/2.2/mod/mod_authn_anon.html

Matt Fenwick
  • 48,199
  • 22
  • 128
  • 192
Viljo Viitanen
  • 181
  • 6