Re: HTTP Basic Auth question
On Thu, May 09, 2013 at 12:55:22PM -0700, Russ Lavoy wrote: Hi there, > I have tried the following configuration which does not seem to work at all. > > proxy_hide_header Authorization; > > proxy_set_header Authorization "$remote_user";| What did you do; what did you see; what did you expect to see? > I can still sniff the traffic on lo and get the base64 user:pass. The > interesting thing is I do not see the Authorization header being sent to the > django app whatsoever. Is there a way I can totally remove the header even > at the loop back level so it is not able to get intercepted? > I don't understand what it is that you are trying to do, that you have not yet done. You seem to say that you do see the Authorization header and that you don't see the Authorization header, so I presume I'm misreading something. Can you provide a simple nginx configuration that I can use to replicate whatever the problem is? f -- Francis Dalyfran...@daoine.org ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: HTTP Basic Auth question
Hello, Sorry for the long delay. I have tried the following configuration which does not seem to work at all. proxy_hide_header Authorization; proxy_set_header Authorization "$remote_user";| I can still sniff the traffic on lo and get the base64 user:pass. The interesting thing is I do not see the Authorization header being sent to the django app whatsoever. Is there a way I can totally remove the header even at the loop back level so it is not able to get intercepted? Thanks, Russ - Original Message - From: Francis Daly To: nginx@nginx.org Cc: Sent: Wednesday, May 1, 2013 4:45 PM Subject: Re: HTTP Basic Auth question On Wed, May 01, 2013 at 01:17:41PM -0400, B.R. wrote: Hi there, > To pass the nginx user to a fastcgi backend (PHP), I have to explicitly > specify it using the following directive: > fastcgi_param MY_USER $remote_user; > > I suppose you can do the same with proxy_pass? That's how I'd do it -- probably proxy_set_header if the python application is accessed using proxy_pass. > I dunno how to remove an automatically forwarded parameter though... Maybe > overwriting it with an empty string? The password is in the http header Authorization, so using proxy_hide_header to avoid sending that should be enough. > On Wed, May 1, 2013 at 10:26 AM, Russ Lavoy wrote: > > I am running nginx as a reverse proxy to a python application. I am > > wondering how I would be able to pass ONLY the user account and not the > > password. Can this be done? As above: how are the user and pass currently sent? It will be by "fastcgi_pass" or "proxy_pass" or something similar. Use the matching "_hide_header" directive on the correct header to avoid sending it. How do you want the user to be sent? Use the variable $remote_user and the matching "_set_header" or "_param" directive to send the provided username. f -- Francis Daly fran...@daoine.org ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: HTTP Basic Auth question
On Wed, May 01, 2013 at 01:17:41PM -0400, B.R. wrote: Hi there, > To pass the nginx user to a fastcgi backend (PHP), I have to explicitly > specify it using the following directive: > fastcgi_param MY_USER $remote_user; > > I suppose you can do the same with proxy_pass? That's how I'd do it -- probably proxy_set_header if the python application is accessed using proxy_pass. > I dunno how to remove an automatically forwarded parameter though... Maybe > overwriting it with an empty string? The password is in the http header Authorization, so using proxy_hide_header to avoid sending that should be enough. > On Wed, May 1, 2013 at 10:26 AM, Russ Lavoy wrote: > > I am running nginx as a reverse proxy to a python application. I am > > wondering how I would be able to pass ONLY the user account and not the > > password. Can this be done? As above: how are the user and pass currently sent? It will be by "fastcgi_pass" or "proxy_pass" or something similar. Use the matching "_hide_header" directive on the correct header to avoid sending it. How do you want the user to be sent? Use the variable $remote_user and the matching "_set_header" or "_param" directive to send the provided username. f -- Francis Dalyfran...@daoine.org ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: HTTP Basic Auth question
To pass the nginx user to a fastcgi backend (PHP), I have to explicitly specify it using the following directive: fastcgi_param MY_USER $remote_user; I suppose you can do the same with proxy_pass? I dunno how to remove an automatically forwarded parameter though... Maybe overwriting it with an empty string? --- *B. R.* On Wed, May 1, 2013 at 10:26 AM, Russ Lavoy wrote: > Hello, > > I am running nginx as a reverse proxy to a python application. I am > wondering how I would be able to pass ONLY the user account and not the > password. Can this be done? > > Thanks! > > ___ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx