4

Is there any way to have a reverse proxy using http basic Authentication in front of a REST API which also uses http basic Authentication with different username and passwords?

The reverse proxy is Apache, if it matters.

The most obvious solution seems to be to get the application and the proxy to use different headers for the authentication.

1) For example, I could send a request to the proxy like:

GET /foo/1 HTTP/1.1
Authorization: proxyuserpasshere
X-Passthru-Authorization: restuserpasshere

And then the proxy would consume the "Authorization" header and (if it were valid) pass on a request to the underlying web-app like:

GET /foo/1 HTTP/1.1
Authorization: restuserpasshere

(where the value 'restuserpasshere' was taken from the 'X-Passthru-Authorization' header)

Is there a way to configure Apache to make that work?

2) Conversely, I could use the standard "Authorization" header for the proxy, and use a custom header for my application's authentication. So the request would look like:

GET /foo/1 HTTP/1.1
Authorization: proxyuserpasshere
X-Myapp-Authorization: restuserpasshere

The drawback to this is that my app is now hardcoded to use the "X-Myapp-Authorization" header instead of the standard Authorization header.

Is there a better way around this?

Improve this question
1
  • A bit more detail would be useful here. You're saying that you have a RESTful service which needs one set of usernames/password, in front of a proxy that needs another set of usernames and passwords? Without knowing more about your situation, I know that many HTTP libraries provide options for configuring basic auth. But it sounds like you need something more. Commented Apr 15, 2012 at 6:45

1 Answer 1

Reset to default
2

Not tested, but I would try something like:

RequestHeader set Authorization %{HTTP:X-Passthru-Authorization}

I don't know if %{HTTP:x-HEADER} syntax is allowed. You may have to play with environment variables.

See:

http://httpd.apache.org/docs/2.2/mod/mod_headers.html

http://php.dzone.com/news/inserting-variable-headers-apa

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.