Split module deployment: reverse proxy authentication with origin authorization? #710
-
|
I have a reverse proxy set up where the proxy server is running apache with mod_auth_openidc for authentication. I'd like to use a separate mod_auth_openidc deployment in the origin server, configuring just the authorization controls without the direct authentication functionality there but instead leveraging the OIDC claims passed from the proxy server in the request headers. Is such a split deployment supported? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
that's not directly supported indeed but you can achieve what you want by having the origin server apply regular |
Beta Was this translation helpful? Give feedback.
-
|
That actually would be sufficient -- simpler & effective. Thanks! |
Beta Was this translation helpful? Give feedback.
that's not directly supported indeed but you can achieve what you want by having the origin server apply regular
Requirelogic on the headers set by the reverse proxy, see e.g. https://httpd.apache.org/docs/2.4/howto/access.html#env