Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 2 replies
  • Subscribers 6 subscribers
  • Views 2649 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

What content is passed in http headers?

Chris McGovern

Hi,
A customer I'm working for has Sophos UTM and they've set up a reverse proxy with a form login to a back end web server.
Can anyone point me to some documentation or tell me what is passed in http headers?

Is it just the URL of the back end web server? Or is the user name included?

I hope I got this in the right channel :)


Thanks!
Chris



This thread was automatically locked due to age.
Parents
  • +2

    UTM WAF supports only Basic Authentication.   

    If you have source code control over the real webserver, you can add basic authentication pretty easily, and you can find sample code by searching the web.  Of course, this probably means that you need two login URLs, one for WAF-Basic and one for non-WAF users.   Microsoft Exchange has this capability, with different login modes on the internal and external URLs.

    If your real webserver supports RADIUS, TACACS+, or LDAP, you can use those with WIKID (wikidsystems.com) or DUO (duosecurity.com).   WIKID is free up to 5 users, DUO is free up to 10 users.  All users are paid once you exceed the free limit.    Both have experience integrating with UTM.

    IF your real webserver supports none of these standards, you are out of luck.

Reply
  • +2

    UTM WAF supports only Basic Authentication.   

    If you have source code control over the real webserver, you can add basic authentication pretty easily, and you can find sample code by searching the web.  Of course, this probably means that you need two login URLs, one for WAF-Basic and one for non-WAF users.   Microsoft Exchange has this capability, with different login modes on the internal and external URLs.

    If your real webserver supports RADIUS, TACACS+, or LDAP, you can use those with WIKID (wikidsystems.com) or DUO (duosecurity.com).   WIKID is free up to 5 users, DUO is free up to 10 users.  All users are paid once you exceed the free limit.    Both have experience integrating with UTM.

    IF your real webserver supports none of these standards, you are out of luck.

Children
No Data
Unfiltered HTML