passing attributes with reverse proxy

Peter Schober peter.schober at
Sat Apr 9 12:38:22 EDT 2016

* Tonu Mikk <tmikk at> [2016-04-08 21:11]:
> *RequestHeader set REMOTE-USER %{REMOTE_USER}s*
> It was slightly tricky to understand how to view that the header was
> passed.  This required writing some code on the application server that
> displayed the header values on the web page.

AFAIR that will make the HTTP Request Header name HTTP_REMOTE_USER, so
you might as well call it anything you like, maybe even containing
some secret string in the header name, e.g. HTTP_1CEQJ7HXUWUNHII9
making injection of the value even less likely. You'll likely have to
modify the recieving end anyway, even for "HTTP_REMOTE_USER".

More information about the users mailing list