Flask Snippets

Snippets are unofficial and unmaintained.

This is an archived view of user-submitted snippets. Despite being hosted on the Flask site, they are not official. No Flask maintainer has curated or checked the snippets for security, correctness, or design.

Passing REMOTE_USER from Apache as a reverse proxy to web application servers

Posted by Armin Ronacher on 2011-09-08 @ 19:42 and filed in Deployment

The REMOTE_USER key in the CGI/WSGI environment is well established as to where servers should put the identity of an authenticated user. This is also where mod_wsgi will store it. But what if you are using HTTP proxying? If you are using mod_proxy in Apache you can use the RequestHeader directive to pass that information to Flask as an HTTP header:

RequestHeader set X-Proxy-REMOTE-USER %{REMOTE_USER}

Then you only need a small WSGI middleware to rename the key:

class RemoteUserMiddleware(object):
    def __init__(self, app):
        self.app = app
    def __call__(self, environ, start_response):
        user = environ.pop('HTTP_X_PROXY_REMOTE_USER', None)
        environ['REMOTE_USER'] = user
        return self.app(environ, start_response)

And hook in the middleware:

app.wsgi_app = RemoteUserMiddleware(app.wsgi_app)

Inside a view you can then access REMOTE_USER as usual:

remote_user = request.environ.get('REMOTE_USER')
if remote_user:

This snippet by Armin Ronacher can be used freely for anything you like. Consider it public domain.