Mostly copied from mod_auth_basic of apache-2.2.

The basic-auth handshake was replaced by some code which gets the userid out of a customable variable. The variable could be anything ap_expr could read in authentication hook, e.g.: a header field, a httpd environment variable or an SSL environment variable. The syntax is the same known from RewriteCond of mod_rewrite: e.g.: %{HTTP:variable}, %{ENV:variable} or %{SSL:variable}

No password is written into internal httpd variables. So the authentication has to be validated by mod_authn_anon.
For authorisation any of the authz standard modules could be used.

Features

  • accept authentification of a an other server (e.g. reverse proxy)
  • accept authentification by trusting HTTP Header variable
  • accept authentification by trusting Environment variable
  • accept authentification by trusting SSL variable (e.g. SSL_CLIENT_M_SERIAL)

Project Activity

See All Activity >

Categories

HTTP Servers

License

Apache License V2.0

Follow mod_auth_trustheader

mod_auth_trustheader Web Site

Other Useful Business Software
Our Free Plans just got better! | Auth0 Icon
Our Free Plans just got better! | Auth0

With up to 25k MAUs and unlimited Okta connections, our Free Plan lets you focus on what you do best—building great apps.

You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
Try free now
Rate This Project
Login To Rate This Project

User Reviews

Be the first to post a review of mod_auth_trustheader!

Additional Project Details

Intended Audience

System Administrators, Other Audience, Security Professionals, Security

Programming Language

C

Related Categories

C HTTP Servers

Registered

2012-04-09
Report inappropriate content