#Transform Rule, or something else?

1 messages · Page 1 of 1 (latest)

willow crag
#

I was playing for the first time today with adding some auth to a CF tunnel, which, thanks to the very clear documentation on how to do that worked great! I added Azure AD in front of an app and it was fairly simple following the instructions to get things going!

The challenge that I ran into after that part, was that the app I am protecting is expecting the resulting username to be presented in the HTTP Headers as X-Remote-User. I didn't find anything out of the box on this, so I turned to getting some Ai advice which as usualy was a bit of a mixed bag, however, it did introduce me to Transform Rules, where I can rewrite headers. I used that to attempt to add the header with the dynamic value http.request.headers["cf-access-authenticated-user-email"][0], however I just couldn't get it to work.

I can see cf-access-authenticated-user-email in the headers that reach my app* and I could add different headers, however I wasn't able to map cf-access-authenticated-user-email into X-Remote-User for some unknown reason.

So... are transform rules the right way to attempt this? Is there some magic I'm missing during auth that would map headers during a successful auth?

Appreciate any help anyone might have.

*incidentally, while I was trying to troubleshoot this, I found the container mejatos/request-headers to be INCREDIBLY helpful. It basically receives a request and logs all headers to console and as HTML in the response. Really nice, simple tool for using while you're trying to figure out what your headers look like. Figured I'd share that since I found it to be a helpful nugget.

main sapphireBOT
#
Support AI

According to the documentation, Transform Rules can be used to modify request headers (https://developers.cloudflare.com/rules/transform/troubleshooting/). However, it's mentioned that these modifications affect the HTTP headers sent by Cloudflare's network to your origin server, and will not be visible in your browser request or response data.

It's also stated that Cloudflare Logpush only logs original HTTP request/response headers, and will not include any header transformations done via Transform Rules.

In your case, since you're trying to add a header that will be visible to your app, Transform Rules might not be the best approach. Instead, you might want to consider using a Cloudflare Worker to insert additional HTTP headers into the request, as described in the documentation (https://developers.cloudflare.com/cloudflare-one/tutorials/extend-sso-with-workers/).

This approach would allow you to add custom headers, including the X-Remote-User header, to the request before it reaches your app.

Sources
Feedback

Feedback has been submitted! Thank you :)

This is an AI generated response, it may not be 100% accurate. Please validate the output. You can ask followups by replying to this message or mentioning me.
willow crag
#

That's a good response. I did try to flirt with workers, but I just couldn't figure out how to make them from code nor how to inject them into the request pipeline. I'll keep digging.

willow crag
#

yeah, still can't figure this out.

willow crag
#

ok I got it, with a worker. Started with hello world and rewrote headers that way. I had tried that before, but I guess I got the routes wrong before. Now it's working great!