REMOTE_USER through Apache reverse proxy
This is possible with mod_headers, mod_rewrite, and mod_proxy.
On the proxy, I assume you have your authentication working and setting REMOTE_USER appropriately. If so, then put the value of REMOTE_USER into a Proxy-User header to the backend like this:
RewriteRule .* - [E=PROXY_USER:%{LA-U:REMOTE_USER}] # note mod_rewrite's lookahead option
RequestHeader set Proxy-User %{PROXY_USER}e
Here's what happens:
- The RewriteRule fires for every request and sets the environment variable PROXY_USER equal to the value of REMOTE_USER, which should have been set already by an auth module.
- The RequestHeader sets a request header named Proxy-User with the value of PROXY_USER
Now on the backend, you can pull that header value and set REMOTE_USER like this:
RewriteCond %{HTTP:Proxy-user} ^(.*)$
RewriteRule .* - [E=REMOTE_USER:%1]
Here's what happens:
- The RewriteCondition checks the value of the Proxy-User header to see if it matches the pattern ^.*$ (which it will). The parentheses tells mod_rewrite to store that value in %1.
- The RewriteRule then sets the environment variable REMOTE_USER with the value in %1.