What content is passed in http headers?

Question

Hi, A customer I'm working for has Sophos UTM and they've set up a reverse proxy with a form login to a back end web server. Can anyone point me to some documentation or tell me what is passed in http headers? 
 Is it just the URL of the back end web server? Or is the user name included? 
 I hope I got this in the right channel :) 
 Thanks! Chris

DouglasFoster · Accepted Answer

UTM WAF supports only Basic Authentication.    
 If you have source code control over the real webserver, you can add basic authentication pretty easily, and you can find sample code by searching the web.  Of course, this probably means that you need two login URLs, one for WAF-Basic and one for non-WAF users.   Microsoft Exchange has this capability, with different login modes on the internal and external URLs. 
 If your real webserver supports RADIUS, TACACS+, or LDAP, you can use those with WIKID (wikidsystems.com) or DUO (duosecurity.com).   WIKID is free up to 5 users, DUO is free up to 10 users.  All users are paid once you exceed the free limit.    Both have experience integrating with UTM. 
 IF your real webserver supports none of these standards, you are out of luck.