How do I create a custom header from an existing SSL environment variable?

apache-2.2 mod-rewrite reverse-proxy mod-ssl

Solution 1:

Ok -- I figured it out middle of the week but still wanted to give someone a chance to earn the bounty.

Surprisingly, this isn't very well documented anywhere, but as I used mod_headers to do this you can find that documentation here.

What you want to do it set the header, whether you grab it from ssl or the environment. Then you can edit the header in place using regex and capture groups.

Some examples:


  RequestHeader set REMOTE_USER        "%{SSL_CLIENT_S_DN_CN}s"
  RequestHeader edit REMOTE_USER (.*\s)(.*) $2
  RequestHeader set AUTHENTICATE_CN    "%{SSL_CLIENT_S_DN_CN}s"
  RequestHeader edit AUTHENTICATE_CN (.*\s)(.*) $1
  RequestHeader set AUTHENTICATE_MAIL  "%{SSL_CLIENT_S_DN_CN}s"
  RequestHeader edit AUTHENTICATE_MAIL (.*\s)(.*) [email protected]

Solution 2:

I'd use the AuthBasicFake directive which will set the header and then you can do the ProxyPass in the same Location block. It would look something like this:
<Location "/blah">
AuthBasicFake %{SSL_CLIENT_S_DN_CN}
ProxyPass http://example.org/blah
</Location>

If you have some other x509 attributes in the subject like the username on its own you could use SSL_CLIENT_S_DN_uid or SSL_CLIENT_S_DN_email.

Related

Restart idmapd without rebooting the host?
Upgrading Postgres.app 9.1 to 9.2, getting lc_collate values do not match error
How to give non-root user in Docker container access to a volume mounted on the host
What is React component 'displayName' is used for?
Integrating POP3 client functionality into a C# application?
Session/cookie management in Apache JMeter
How to add Gradle backing to existing project?
Connecting P2P over NAT?
Version Control for Graphics
Generating HTML documentation from WSDL [closed]
Using Subversion with DropBox
Is there a way to enforce unique constraint on a property (field) other than the primary key in dynamodb