Hi John,
John Chilton wrote, On 07/22/2011 11:40 AM:
> We have Galaxy behind an apache proxy, and apache is taking care of
> the authentication. If I want to enable exporting workflows and
> histories to other galaxy instances do I just need to disable the
> authentication checks for locations "/history/export_archive" and
> "/workflow/for_direct_import"? I assume this wouldn't also open a
> hole that would allow unpublished workflows or histories to be
> accessed by others (at my institution or else wise), is this
> correct?
We have the same situation with two internal galaxies. We use the following
apache "mod_rewrite" rule to detect incoming requests from one galaxy server,
and add a fake REMOTE_USER variable, simulating an authenticated user:
=========
## This rule match "genomics.cshl.edu" server, and
## adds a fake authenticated user - allow people
## to copy datasets from rave to genomics
RewriteCond %{REMOTE_HOST} =143.48.36.4
RewriteRule (.*) $1 [E=MCAC_UserName:genomics_import]
<Location "/galaxy" >
RequestHeader add REMOTE_USER %{MCAC_UserName}e
require valid-user
Order Allow,Deny
Allow from genomics.cshl.edu
Satisfy any
</Location>
==========
There are two important statements here:
1. the "RewriteCond + RewriteRule" check for the server's IP, and creates the
environment variable for the fake authenticated user.
2. the "Allow from genomics" + "Satisfy any" means that apache will allow
access to the "/galaxy" location from either an authenticated user or from a
specific host.
Hope this helps,
-gordon
___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client. To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
http://lists.bx.psu.edu/
