Welcome! Log In Create A New Profile

Advanced

Re: HTTP Basic Auth question

Previous Message Next Message
Forum List Message List New Topic Print View
Russ Lavoy
May 09, 2013 03:56PM
Hello,

Sorry for the long delay.  

I have tried the following configuration which does not seem to work at all.

proxy_hide_header Authorization;

proxy_set_header Authorization "$remote_user";|

I can still sniff the traffic on lo and get the base64 user:pass.  The interesting thing is I do not see the Authorization header being sent to the django app whatsoever.  Is there a way I can totally remove the header even at the loop back level so it is not able to get intercepted?

Thanks,

Russ

----- Original Message -----

From: Francis Daly <francis@daoine.org>
To: nginx@nginx.org
Cc:
Sent: Wednesday, May 1, 2013 4:45 PM
Subject: Re: HTTP Basic Auth question

On Wed, May 01, 2013 at 01:17:41PM -0400, B.R. wrote:

Hi there,

> To pass the nginx user to a fastcgi backend (PHP), I have to explicitly
> specify it using the following directive:
> fastcgi_param  MY_USER      $remote_user;
>
> I suppose you can do the same with proxy_pass?

That's how I'd do it -- probably proxy_set_header if the python
application is accessed using proxy_pass.

> I dunno how to remove an automatically forwarded parameter though... Maybe
> overwriting it with an empty string?

The password is in the http header Authorization, so using
proxy_hide_header to avoid sending that should be enough.

> On Wed, May 1, 2013 at 10:26 AM, Russ Lavoy <ussray_00@yahoo.com> wrote:

> > I am running nginx as a reverse proxy to a python application.  I am
> > wondering how I would be able to pass ONLY the user account and not the
> > password.  Can this be done?

As above: how are the user and pass currently sent? It will be by
"fastcgi_pass" or "proxy_pass" or something similar. Use the matching
"_hide_header" directive on the correct header to avoid sending it.

How do you want the user to be sent? Use the variable $remote_user and
the matching "_set_header" or "_param" directive to send the provided
username.

    f
--
Francis Daly        francis@daoine.org

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx


_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

HTTP Basic Auth question

Russ Lavoy May 01, 2013 10:28AM

Re: HTTP Basic Auth question

B.R. May 01, 2013 01:20PM

Re: HTTP Basic Auth question

Francis Daly May 01, 2013 05:48PM

Re: HTTP Basic Auth question

Russ Lavoy May 09, 2013 03:56PM

Re: HTTP Basic Auth question

Francis Daly May 09, 2013 06:26PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 179
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready