caddy-frontend: Drop REMOTE_USER header

It is used internally for communication between backend and the server.

caddy-frontend: Drop REMOTE_USER header
It is used internally for communication between backend and the server.
985553a9 · Łukasz Nowak · b40bb01a · 985553a9 · 985553a9 · 985553a9
Commit 985553a9 authored Jun 04, 2018 by Łukasz Nowak
4 changed files
--- a/software/caddy-frontend/buildout.hash.cfg
+++ b/software/caddy-frontend/buildout.hash.cfg
@@ -39,7 +39,7 @@ md5sum = 665e83d660c9b779249b2179d7ce4b4e

 [template-caddy-frontend-configuration]
 filename = templates/Caddyfile.in
-md5sum = a5367cf68ccfb34b1171086882548cec
+md5sum = 2c3685356bef4b52fa2e654712e463cd

 [template-custom-slave-list]
 filename = templates/apache-custom-slave-list.cfg.in
@@ -51,11 +51,11 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b

 [template-default-slave-virtualhost]
 filename = templates/default-virtualhost.conf.in
-md5sum = a0fcdbe974d92e220319534aad934183
+md5sum = 25222f8a997bb26a6e3dfa2b7c41a103

 [template-cached-slave-virtualhost]
 filename = templates/cached-virtualhost.conf.in
-md5sum = be76c0e96df722dee278077988d869a6
+md5sum = 6e569282b05fa326d0e9aa6958cb6910

 [template-log-access]
 filename = templates/template-log-access.conf.in

--- a/software/caddy-frontend/templates/Caddyfile.in
+++ b/software/caddy-frontend/templates/Caddyfile.in
@@ -5,9 +5,6 @@
 # TODO-Caddy AddType application/x-compress .Z
 # TODO-Caddy AddType application/x-gzip .gz .tgz

-# As backend is trusting REMOTE_USER header unset it always
-# TODO-Caddy RequestHeader unset REMOTE_USER
-
 # TODO-Caddy <Directory {{ protected_path }}>
 # TODO-Caddy   Order Deny,Allow
 # TODO-Caddy   Allow from {{ access_control_string }}

--- a/software/caddy-frontend/templates/cached-virtualhost.conf.in
+++ b/software/caddy-frontend/templates/cached-virtualhost.conf.in
@@ -14,6 +14,9 @@
  bind {{ local_ipv4 }}
 # Rewrite part
  proxy / {{ slave_parameter.get('backend_url', '') }} {
+    # As backend is trusting REMOTE_USER header unset it always
+    header_upstream -REMOTE_USER
+
    transparent
    timeout 600s
 {%- if ssl_proxy_verify %}
@@ -31,6 +34,8 @@
  bind {{ local_ipv4 }}
 ##  tls {{ slave_parameter.get('path_to_ssl_crt', slave_parameter.get('login_certificate')) }} {{ slave_parameter.get('path_to_ssl_key', slave_parameter.get('login_key')) }}
  proxy / {{ slave_parameter.get('https_backend_url', '') }} {
+    # As backend is trusting REMOTE_USER header unset it always
+    header_upstream -REMOTE_USER
    transparent
    timeout 600s
 {%- if ssl_proxy_verify %}

--- a/software/caddy-frontend/templates/default-virtualhost.conf.in
+++ b/software/caddy-frontend/templates/default-virtualhost.conf.in
@@ -45,6 +45,9 @@

 {% if slave_type ==  'zope' and backend_url -%}
  proxy / {{ backend_url }} {
+    # As backend is trusting REMOTE_USER header unset it always
+    header_upstream -REMOTE_USER
+
 {% if disable_via_header %}
    header_downstream -Via
 {% endif -%}
@@ -87,6 +90,9 @@
  {% endif -%}
  {%- if backend_url %}
  proxy / {{ backend_url }} {
+    # As backend is trusting REMOTE_USER header unset it always
+    header_upstream -REMOTE_USER
+
 {% if disable_via_header %}
    header_downstream -Via
 {% endif -%}
@@ -135,6 +141,9 @@
  }
 {% elif slave_type ==  'zope' and backend_url -%}
  proxy / {{ backend_url }} {
+    # As backend is trusting REMOTE_USER header unset it always
+    header_upstream -REMOTE_USER
+
 {% if disable_via_header %}
    header_downstream -Via
 {% endif -%}
@@ -173,6 +182,9 @@
  {% endif -%}
  {%- if slave_parameter.get('url', '') %}
  proxy / {{ slave_parameter.get('url', '') }} {
+    # As backend is trusting REMOTE_USER header unset it always
+    header_upstream -REMOTE_USER
+
 {% if disable_via_header %}
    header_downstream -Via
 {% endif -%}