1

Running httpd 2.4.6 on CentOS 7 as a reverse proxy for Splunk with SSO.

This works with no proxying:

RewriteCond %{LA-U:REMOTE_USER} "user" [NC]
RewriteRule ^.*$ - [F,L]

The above does NOT work with proxying. I would like to match an authenticated user via basic auth. The X-Remote-User header is being passed to Splunk (SSO debug confirms this).

I have tried using several headers like HTTP_X_REMOTE_USER but still no joy. I don't know enough to see what's going on via ProxyPass etc. Have checked trace rewrite log and enabled forensic log but nothing. Seems the variable is not known in the proxy rewrite environment and the entire block is skipped.

Is my approach wrong? Can I do this another way?

ProxyRequests Off
ProxyPreserveHost Of
ProxyPass /sh https://127.0.0.1:8000/sh
ProxyPassReverse /sh https://127.0.0.1:8000/sh
RewriteEngine On
RequestHeader set X-Remote-User %{REMOTE_USER}s
RewriteCond %{LA-U:REMOTE_USER} "user" [NC]
RewriteRule ^.*$ - [F,L]
Improve this question

1 Answer 1

Reset to default
1

Not quite sure what you mean, however....

I have tried using several headers like HTTP_X_REMOTE_USER

HTTP_X_REMOTE_USER isn't an HTTP request header. That looks like the corresponding index that PHP creates in the $_SERVER superglobal for an HTTP header of the form X-Remote-User.

To match an HTTP request header using mod_rewrite in .htaccess you can do use the %{HTTP:Http-Request-Header} syntax. For example:

RewriteCond %{HTTP:X-Remote-User} "user" [NC]
RewriteRule ^ - [F]

^.*$ is the same as simply ^. No need for the L flag when using F (it is implied).

Improve this answer
3
  • It sounds like he is looking for a header that passes along the remote user in a similar manner to how the IP is passed by the X-Forwarded-For header when behind a proxy. Commented Aug 28, 2017 at 22:39
  • I said I have "tried" other headers and that it does work with REMOTE_USER without proxying. Something breaks with rewrite and proxying. Commented Aug 29, 2017 at 13:10
  • Thank you, I'll clean up the RewriteRule in the meantime. Commented Aug 29, 2017 at 13:12

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.