caddy-frontend: Drop REMOTE_USER header

It is used internally for communication between backend and the server.

caddy-frontend: Drop REMOTE_USER header
It is used internally for communication between backend and the server.
e5aa26ed · Łukasz Nowak · c24e81d0 · e5aa26ed · e5aa26ed · e5aa26ed
Commit e5aa26ed authored Jun 04, 2018 by Łukasz Nowak
3 changed files
--- a/software/caddy-frontend/buildout.hash.cfg
+++ b/software/caddy-frontend/buildout.hash.cfg
@@ -50,11 +50,11 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
 [template-default-slave-virtualhost]
 filename = templates/default-virtualhost.conf.in
-md5sum = 19322acbbb17eaca36a51ce1aec47230
+md5sum = 113d1708520bca2ebbd72d84b440c37b
 [template-cached-slave-virtualhost]
 filename = templates/cached-virtualhost.conf.in
-md5sum = 7a1fa1239f29cf1a3f6f578f6ff05ca3
+md5sum = eafc7e73d7fe47ba9930343bcb876d63
 [template-log-access]
 filename = templates/template-log-access.conf.in

--- a/software/caddy-frontend/templates/cached-virtualhost.conf.in
+++ b/software/caddy-frontend/templates/cached-virtualhost.conf.in
@@ -17,6 +17,9 @@
 {%- endif %}
 # Rewrite part
  proxy / {{ slave_parameter.get('backend_url', '') }} {
+    # As backend is trusting REMOTE_USER header unset it always
+    header_upstream -REMOTE_USER
    transparent
    timeout 600s
 {%- if ssl_proxy_verify %}
@@ -37,6 +40,8 @@
 {%- endif %}
 ##  tls {{ slave_parameter.get('path_to_ssl_crt', slave_parameter.get('login_certificate')) }} {{ slave_parameter.get('path_to_ssl_key', slave_parameter.get('login_key')) }}
  proxy / {{ slave_parameter.get('https_backend_url', '') }} {
+    # As backend is trusting REMOTE_USER header unset it always
+    header_upstream -REMOTE_USER
    transparent
    timeout 600s
 {%- if ssl_proxy_verify %}

--- a/software/caddy-frontend/templates/default-virtualhost.conf.in
+++ b/software/caddy-frontend/templates/default-virtualhost.conf.in
@@ -48,6 +48,9 @@
 {% if slave_type ==  'zope' and backend_url %}
  proxy / {{ backend_url }} {
+    # As backend is trusting REMOTE_USER header unset it always
+    header_upstream -REMOTE_USER
 {% if disable_via_header %}
    header_downstream -Via
 {% endif -%}
@@ -91,6 +94,9 @@
  {%- if backend_url %}
  proxy / {{ backend_url }} {
+    # As backend is trusting REMOTE_USER header unset it always
+    header_upstream -REMOTE_USER
 {% if disable_via_header %}
    header_downstream -Via
 {% endif -%}
@@ -142,6 +148,9 @@
  }
 {% elif slave_type ==  'zope' and backend_url %}
  proxy / {{ backend_url }} {
+    # As backend is trusting REMOTE_USER header unset it always
+    header_upstream -REMOTE_USER
 {% if disable_via_header %}
    header_downstream -Via
 {% endif -%}
@@ -180,6 +189,9 @@
  {% endif -%}
  {%- if slave_parameter.get('url', '') %}
  proxy / {{ slave_parameter.get('url', '') }} {
+    # As backend is trusting REMOTE_USER header unset it always
+    header_upstream -REMOTE_USER
 {% if disable_via_header %}
    header_downstream -Via
 {% endif -%}