Mostly copied from mod_auth_basic of apache-2.2.

The basic-auth handshake was replaced by some code which gets the userid out of a customable variable. The variable could be anything ap_expr could read in authentication hook, e.g.: a header field, a httpd environment variable or an SSL environment variable. The syntax is the same known from RewriteCond of mod_rewrite: e.g.: %{HTTP:variable}, %{ENV:variable} or %{SSL:variable}

No password is written into internal httpd variables. So the authentication has to be validated by mod_authn_anon.
For authorisation any of the authz standard modules could be used.

Features

  • accept authentification of a an other server (e.g. reverse proxy)
  • accept authentification by trusting HTTP Header variable
  • accept authentification by trusting Environment variable
  • accept authentification by trusting SSL variable (e.g. SSL_CLIENT_M_SERIAL)

Project Activity

See All Activity >

Categories

HTTP Servers

License

Apache License V2.0

Follow mod_auth_trustheader

mod_auth_trustheader Web Site

Other Useful Business Software
$300 Free Credits for Your Google Cloud Projects Icon
$300 Free Credits for Your Google Cloud Projects

Start building on Google Cloud with $300 in free credits. No commitment, no credit card required until you're ready to scale.

Launch your next project with $300 in free Google Cloud credits—no strings attached. Test, build, and deploy without risk. Use your credits across the entire Google Cloud platform to find what works best for your needs. After your credits are used, continue with always-free tier services. Only pay when you're ready to scale. Sign up in minutes and start exploring.
Start Free Trial
Rate This Project
Login To Rate This Project

User Reviews

Be the first to post a review of mod_auth_trustheader!

Additional Project Details

Intended Audience

Other Audience, Security, Security Professionals, System Administrators

Programming Language

C

Related Categories

C HTTP Servers

Registered

2012-04-09