Hi All,

I was wondering if one of these existed already so thought I'd ask here 
before I wrote one...

So, we have a front end server running Apache, on Windows, doing NTLM 
auth (yay! go suckiness!). It proxies requests through to one of our 
back end servers, setting a header in the process:

<Proxy *>
    Order deny,allow
    Allow from all
    RewriteEngine On
    RewriteCond %{LA-U:REMOTE_USER} (.+)
    RewriteRule . - [E=RU:%1]
    RequestHeader set X-Forwarded-User %{RU}e

So, I need to turn the 'X-Forwarded-User' request header into the BFG 
user id. Anyone done an authentication policy that does this yet?



PS: Yes, this would be insecure, were the backend servers not all 
firewalled off to only accept requests from the front end ;-)
Repoze-dev mailing list

Reply via email to