更改请求标头定义并转发到应用程序服务器
如果我的术语不正确,我深表歉意。
我正在尝试更改传入标头的名称而不更改前端连接配置,因为我有一个使用当前值的当前服务器和一个必须在同一物理机和相同 IP 上使用不同值的新服务器。
目前从前端获取
RequestHeader set X-Y_Z %{SSL_CLIENT_S_DN_CN}e \<---- with an underscore in the definition
在新应用程序上,使用 python / django,django 框架显然不接受任何带有下划线的标头。它完全剥夺了它们。在 apache 日志中,它会显示并且信息正在传递,但不会传递给应用程序。
我在应用程序前面使用 apache 设置了反向代理,并使用破折号而不是下划线对其进行了测试,一切正常。在django中,远程用户身份验证的默认值是remote_user,所以我没有使用X-SSL-Client-CN,而是使用了Remote-User,这很有效。 CAC 的客户端身份验证效果良好。
是否有某种方法可以使用应用程序在 apache 服务器前面或在服务器内(如果可能的话)使用反向代理来重写标头定义?
基本上,我希望能够接收 X-Y_Z 但将其作为远程用户发送到应用程序服务器。
我尝试了几种不同的设置请求标头的想法,并尝试了应用程序中的一些操作但无济于事。
I apologize if my terminology is incorrect.
I'm trying to change the name of an incoming header without changing the frontend connection configuration because I have a current server that uses the current value and a new server that has to use a different value on the same physical machine and same IP.
Currently getting from front end
RequestHeader set X-Y_Z %{SSL_CLIENT_S_DN_CN}e \<---- with an underscore in the definition
On the new application, using python / django, django framework apparently doesn't accept any headers with an underscore in them. It strips them completely. In apache logs, it shows up and the information is being passed, but not to the application.
I set up a reverse proxy with apache in front of the application and tested it out with a dash instead of underscore, and everything works fine. In django, the default for remote user authentication is remote_user everywhere so instead of using X-SSL-Client-CN, I just used Remote-User and that worked. Client authentication from CAC is coming across fine.
Is there some method to rewrite the header definition using the reverse proxy in front of the apache server with the application or, within the server if possible?
Basically, I want to be able to receive X-Y_Z but send it to the application server as REMOTE-USER.
I have tried several different set request header ideas and tried some things in the application to no avail.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论