https://bz.apache.org/bugzilla/show_bug.cgi?id=59285
Bug ID: 59285
Summary: Digitaly sign header when forwarding request
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: mod_proxy
Assignee: [email protected]
Reporter: [email protected]
It could be great to have some "signature capabilities" in the proxy.
The typical scenario would be :
1) Apache is a reverse proxy and receive a request
2) Apache add a header (like REMOUTE_USER)
3) Apache use a private key to sign the headers specified and put this value in
a new header (like HEADERS_SIGNATURE).
4) Target server behind reverse proxy can now trust the request and the header
Configuration could be
HeaderSignatureTarget REMOTE_USER
HeaderSignatureStored REMOTE_USER_SIGNATURE
HeaderSignatureAlgorithm SHA1withRSA
HeaderSignaturePrivateKey file.pem
This means the that the apache will first evaluate the REMOTE_USER and sign
this with the private key stored in file.pem using the algorithm SHA1withRSA.
The header REMOTE_USER_SIGNATURE will be added to the forwarded request.
This could be a simple and efficient way of binding the reverse proxy to the
target application server.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
