Is there a way to have a reverse proxy using http basic Authentication before the REST API, which also uses http basic Authentication with different usernames and passwords?
The reverse proxy is Apache, if that matters.
The most obvious solution is to try to force the application and proxy to use different headers for authentication.
1) For example, I could send a proxy request, for example:
GET /foo/1 HTTP/1.1 Authorization: proxyuserpasshere X-Passthru-Authorization: restuserpasshere
And then the proxy server will use the βAuthorizationβ header and (if it would be right) to transfer the request to the basic web application, for example:
GET /foo/1 HTTP/1.1 Authorization: restuserpasshere
(where the meaning of "restuserpasshere" was taken from the heading "X-Passthru-Authorization")
Is there a way to configure Apache to work?
2) And vice versa, I can use the standard " Authorization " header for the proxy server and use my own header to authenticate my application. Thus, the request will look like this:
GET /foo/1 HTTP/1.1 Authorization: proxyuserpasshere X-Myapp-Authorization: restuserpasshere
The disadvantage of this is that my application is now hard-coded to use the " X-Myapp-Authorization " header instead of the standard Authorization header.
Is there a better way around this?
source share