Hi @all,
i need some help with the following situation: we use nginx as reverse proxy for microsoft exchange owa / active sync

All working so far but since yesterday we have a new firewall (Palo Alto) which supports "User-ID", meaning that the remote IP is connect to the domain\username. That means that all non-microsoft devices (Apple, Linux) can also use user-based policies in the firewall.

Now the problem is, that the username, which is accessing exchange, is bound to the proxy ip and not to the client ip.

There exits an Palo Alto API which supports manual mapping via the API. Now my idea was to use the parameters $remote_addr and $remote_user to get this running but i have no idea how to call the api.

An example looks like this:
https://<Firewall-IPaddress>/api/?type=user-id&key=<Key Value>&action=set&vsys=vsys1&cmd=<uid-message><version>1.0</version><type>update</type><payload><login><entry name="pan\sam1" ip="192.168.141.82"/></login></payload></uid-message>

"pan\sam1" has to be replaced by $remote_user and ip by $remote_addr, right?

But which is the right place in the config to start the api call? My config looks similiar like this: forum.nginx.org/read.php?11,252590,252590

Thanks a lot in advance,
Uwe