Logging username on a reverse proxy server

[Michael Smith <mj...@iii.co.uk>]

Hi there,

I'm not sure if this is something that apache ought to do, but I'm
wondering if I can log usernames on a reverse proxy server.

In our setup, we use a reverse proxy to farm out requests to a number of
different servers.  The reverse proxy is lightweight and doesn't attempt
to do anything about authentication.  This is done at the next level.
Obviously the client is sending the username and password through the
reverse proxy, so is it possible to get that server to log the
information without actually doing authentication itself?

Cheers

Mike

Re: Logging username on a reverse proxy server

[Michael Smith <mj...@iii.co.uk>]

Brian Behlendorf wrote:

> >Obviously the client is sending the username and password through the
> >reverse proxy, so is it possible to get that server to log the
> >information without actually doing authentication itself?
>
> %{WWW-Authenticate}i, maybe?
>
>         Brian

Well, not with my browser :) The only relevant header it sends is
something like:

Authorization: Basic c2ltb25zYXlzOnNpbW9u

(Do some browsers send WWW-Authenticate headers?)

Anyway I guess it would be possible to log the Authorization header and
then decode it at a later date.  Is that the best I can do?

Mike

Re: Logging username on a reverse proxy server

[Brian Behlendorf <br...@hyperreal.org>]

>Obviously the client is sending the username and password through the
>reverse proxy, so is it possible to get that server to log the
>information without actually doing authentication itself?

%{WWW-Authenticate}i, maybe?

	Brian


--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
History is made at night;                         brian@hyperreal.org
  character is what you are in the dark.