httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 59285] New: Digitaly sign header when forwarding request
Date Thu, 07 Apr 2016 11:59:23 GMT

            Bug ID: 59285
           Summary: Digitaly sign header when forwarding request
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_proxy

It could be great to have some "signature capabilities" in the proxy. 

The typical scenario would be : 

1) Apache is a reverse proxy and receive a request
2) Apache add a header (like REMOUTE_USER)
3) Apache use a private key to sign the headers specified and put this value in
a new header (like HEADERS_SIGNATURE). 
4) Target server behind reverse proxy can now trust the request and the header

Configuration could be 

HeaderSignatureTarget REMOTE_USER
HeaderSignatureAlgorithm SHA1withRSA
HeaderSignaturePrivateKey file.pem

This means the that the apache will first evaluate the REMOTE_USER and sign
this with the private key stored in file.pem using the algorithm SHA1withRSA.
The header REMOTE_USER_SIGNATURE will be added to the forwarded request.

This could be a simple and efficient way of binding the reverse proxy to the
target application server.

You are receiving this mail because:
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message