[TriLUG] Working with headers in apache

Steve Hoffman srhoffman at gmail.com
Thu Nov 6 21:56:16 EST 2008


Hello all,
I have a question that hopefully someone here can help with...a web user is
redirected from a third party site with a few headers set by that third
party, the most important of which is userType.  what I would like to do is
(with apache working as a reverse proxy) inspect the headers as they pass
through and if userType=S && sourceIP!=10.0.0.0/24 throw a custom error
page.

Essentially we have an application that is front ended by an apache server
working as reverse proxy.  Your privilege in the application is pulled form
the database on the back end, but the userType flag from the third party
could be used for us to catch employees trying to access the application
with their userId from off our network.

I know the smart move would have been for the apps folks to take care of
that in the application...but they didn't so I've been asked to resolve this
at our proxies...which I initially thought was possible...even if not
efficient but after googling for several hours I'm not so confident
anymore.  Does anyone know if this is possible and can you point me
somewhere to start looking?

Thanks,
Steve



More information about the TriLUG mailing list