Apache proxy: passing on REMOTE_USER to backend server

apache-2.2 proxy reverse-proxy environment-variables
10,338

Solution 1

I wanted to do exactly the same as you with shibboleth. But unfortunately I found this on the corresponding apache docs. REMOTE_USER is part of the CGI standard therefore cannot be modified with apache directives.

It is not possible to override or change the standard CGI variables using the environment manipulation directives.

Solution 2

You can send the value of REMOTE_USER on the query string sent to your backend servers:

RewriteCond %{LA-U:REMOTE_USER} (.*)
RewriteRule ^/test.asp(.*) test.asp?userid=%{LA-U:REMOTE_USER} [QSA,P,L]

The LA-U means lookahead. From the mod_rewrite manual:

%{LA-U:variable} can be used for look-aheads which perform an internal (URL-based) sub-request to determine the final value of variable. This can be used to access variable for rewriting which is not available at the current stage, but will be set in a later phase.

For instance, to rewrite according to the REMOTE_USER variable from within the per-server context (httpd.conf file) you must use %{LA-U:REMOTE_USER} - this variable is set by the authorization phases, which come after the URL translation phase (during which mod_rewrite operates).

Share:
10,338

Related videos on Youtube

Chris
Author by

Chris

Updated on September 17, 2022

Comments

  • Chris
    Chris over 1 year

    We are using shibboleth for authentication. Our shibboleth Service provider is running on a host that is running apache with reverse proxy configuration (mod_proxy). The applications using shibboleth are running in the backend, no SP is installed on these servers. We are getting all shibboleth headers on the backend servers.

    Now I need the REMOTE_USER variable that is filled by shibboleth authentication on the proxy server to be available on the backend server. I"ve managed to get the value into HTTP_REMOTE_USER and pass it on the the backend servers but i'm struggling to put this value into REMOTE_USER on the backend server.

    I would like to know what the difference is between HTTP_REMOTE_USER and REMOTE_USER and how to manipulate REMOTE_USER from the apache config without doing actual authentication.

    • David Pashley
      David Pashley almost 15 years
      What is your remote application running? Is there any reason why you can't run the SP there?
    • Chris
      Chris almost 15 years
      We like the simplicity of having one SP on the proxy that controls the shib configuration for all the backend applications.
    • S.Lott
      S.Lott over 13 years
      Are you using Django? Django adds the "HTTP_". It isn't really part of the header, it's just a prefix Django adds.
    • macoughl
      macoughl almost 11 years

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Apache Reverse Proxy for Sharepoint Remembers Credentials
Nginx with proxy_pass and local static cache won't serve images from the proxy location
502 proxy error apache reverse proxy
Carrying cookies across redirects when using Apache as a reverse proxy
Unable to configure apache to restrict access by IP for proxy
Apache Rewrite or Proxy to internal server
Apache: Reverse proxy the whole domain
can't get mod_proxy to correctly forward encoded slash (/) characters (%2f)
Apache httpd error "proxy: ap_get_scoreboard_lb" with ProxyPass
Apache reverse proxy to application on tomcat with 8080 port gives wrong URL in response header