Welcome! Log In Create A New Profile

Advanced

Re: Conditionally removing a proxy header

May 21, 2020 04:38PM
Thanks so much Francis, yes that seems to be have worked. When the application is accessed outside our domain, it doesn't try to negotiate which would pop up the Windows authentication prompt and would never work anyways, but if the user is inside our domain either by being physically inside the building or through a VPN, the negotiate header is there to allow for automatic sign-in using their Windows credentials.

As you suggested I used a map:

map $external_traffic $negotiate {
1 '';
0 $upstream_http_www_authenticate;
}

Then inside the location block I removed and conditionally added the WWW-Authenticate header:

proxy_hide_header WWW-Authenticate; # Remove negotiate header
add_header WWW-Authenticate $negotiate always; #Add negotiate header for internal addresses

Thanks again!
Neil
Subject Author Posted

Conditionally removing a proxy header

eckern May 12, 2020 03:01PM

Re: Conditionally removing a proxy header

Francis Daly May 14, 2020 06:10PM

Re: Conditionally removing a proxy header

eckern May 21, 2020 04:38PM

Re: Conditionally removing a proxy header

Francis Daly May 26, 2020 12:16PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 72
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready