Commit d83217b9 authored by Rafael Monnerat's avatar Rafael Monnerat

Revert "erp5: backend apache must not handle Remote-User"

This reverts commit 1bd75eee.
parent e6b0a89a
...@@ -94,7 +94,7 @@ md5sum = 0fad9497da12ed0186dca5236c23f3a7 ...@@ -94,7 +94,7 @@ md5sum = 0fad9497da12ed0186dca5236c23f3a7
[template-haproxy-cfg] [template-haproxy-cfg]
filename = haproxy.cfg.in filename = haproxy.cfg.in
md5sum = 50c72e1934e589b0e26918cc53ee1fc0 md5sum = 2cd76971b64b0bf7771978ad07bfc2e5
[template-rsyslogd-cfg] [template-rsyslogd-cfg]
filename = rsyslogd.cfg.in filename = rsyslogd.cfg.in
......
...@@ -192,6 +192,9 @@ listen {{ name }} ...@@ -192,6 +192,9 @@ listen {{ name }}
# remove X-Forwarded-For unless client presented a verified certificate # remove X-Forwarded-For unless client presented a verified certificate
http-request del-header X-Forwarded-For unless { ssl_c_verify 0 } { ssl_c_used 1 } http-request del-header X-Forwarded-For unless { ssl_c_verify 0 } { ssl_c_used 1 }
# set Remote-User if client presented a verified certificate
http-request del-header Remote-User
http-request set-header Remote-User %{+Q}[ssl_c_s_dn(cn)] if { ssl_c_verify 0 } { ssl_c_used 1 }
# reject invalid host header before using it in path # reject invalid host header before using it in path
http-request deny deny_status 400 if { req.hdr(host) -m sub / } http-request deny deny_status 400 if { req.hdr(host) -m sub / }
......
  • I reverted 1bd75eee, because it was pushed by mistake. Sorry about that.

    This commit is part of: !1381 and it has to be reviewed properly.

Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment