Mostly copied from mod_auth_basic of apache-2.2.
The basic-auth handshake was replaced by some code which gets the userid out of a customable variable. The variable could be anything ap_expr could read in authentication hook, e.g.: a header field, a httpd environment variable or an SSL environment variable. The syntax is the same known from RewriteCond of mod_rewrite: e.g.: %{HTTP:variable}, %{ENV:variable} or %{SSL:variable}
No password is written into internal httpd variables. So the authentication has to be validated by mod_authn_anon.
For authorisation any of the authz standard modules could be used.
Features
- accept authentification of a an other server (e.g. reverse proxy)
- accept authentification by trusting HTTP Header variable
- accept authentification by trusting Environment variable
- accept authentification by trusting SSL variable (e.g. SSL_CLIENT_M_SERIAL)
Categories
HTTP ServersLicense
Apache License V2.0Follow mod_auth_trustheader
Other Useful Business Software
Define and Deliver Comprehensive Cybersecurity Services. Security threats continue to grow, and your clients are most likely at risk. Small- to medium-sized businesses (SMBs) are targeted by 64% of all cyberattacks, and 62% of them admit lacking in-house expertise to deal with security issues. Now technology solution providers (TSPs) are a prime target. Enter ConnectWise Cybersecurity Management (formerly ConnectWise Fortify) — the advanced cybersecurity solution you need to deliver the managed detection and response protection your clients require. Whether you’re talking to prospects or clients, we provide you with the right insights and data to support your cybersecurity conversation. From client-facing reports to technical guidance, we reduce the noise by guiding you through what’s really needed to demonstrate the value of enhanced strategy.
Rate This Project
Login To Rate This Project
User Reviews
Be the first to post a review of mod_auth_trustheader!