I have a web application running on a tomcat server which is "behind" an Apache httpd server and I am using mod_proxy to forward requests from the httpd to the tomcat server. The httpd server is using mod_auth_tkt for authentication, which stores the info about the user in the environment variable REMOTE_USER. I pass this variable from the httpd to the tomcat server using mod_rewrite, saving it as a header (X-Forwarded-User).
The ProxyPass is set up as
httpd_server/app/ -> tomcat_server/app/
this is the vhost.conf:
<Location />
RewriteEngine On
RequestHeader unset X-Forwarded-User
RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule .* - [E=RU:%1,NS]
RequestHeader add X-Forwarded-User %{RU}e
</Location>
<IfModule mod_proxy.c>
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /app/ http://127.0.0.1:8084/app/
ProxyPassReverse /app/ http://127.0.0.1:8084/app/
</IfModule>
And this works perfectly. But if try to change the ProxyPass to
httpd_server/ -> tomcat_server/app/
So changing the the vhost.conf to:
ProxyPass / http://127.0.0.1:8084/app/
ProxyPassReverse / http://127.0.0.1:8084/app/
Then the header (X-Forwarded-User) ends up empty (null) on the web application.
After further investigation I found out that if I try to forward a different variable, for example REMOTE_PORT (or even a string), everything works correctly for both configurations (The app recieves the header correctly).
Is there any obvious mistake why the forwarding of REMOTE_USER does not work when proxy-ing from the root directory? Did I miss something or could this be a mod_auth_tkt issue?
