httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 59285] New: Digitaly sign header when forwarding request
Date Thu, 07 Apr 2016 11:59:23 GMT
https://bz.apache.org/bugzilla/show_bug.cgi?id=59285

            Bug ID: 59285
           Summary: Digitaly sign header when forwarding request
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_proxy
          Assignee: bugs@httpd.apache.org
          Reporter: david.naramski@nowina.lu

It could be great to have some "signature capabilities" in the proxy. 

The typical scenario would be : 

1) Apache is a reverse proxy and receive a request
2) Apache add a header (like REMOUTE_USER)
3) Apache use a private key to sign the headers specified and put this value in
a new header (like HEADERS_SIGNATURE). 
4) Target server behind reverse proxy can now trust the request and the header

Configuration could be 

HeaderSignatureTarget REMOTE_USER
HeaderSignatureStored REMOTE_USER_SIGNATURE
HeaderSignatureAlgorithm SHA1withRSA
HeaderSignaturePrivateKey file.pem

This means the that the apache will first evaluate the REMOTE_USER and sign
this with the private key stored in file.pem using the algorithm SHA1withRSA.
The header REMOTE_USER_SIGNATURE will be added to the forwarded request.

This could be a simple and efficient way of binding the reverse proxy to the
target application server.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message