Ian Bicking: the old part of his blog

Re: HTTP proxying questions

I can only see two viable options to trusting data in headers/urls, share a secret and sign the header with that (a simple example would be to just to set the authorization header for the backend, but that requires that the backend have some sort of authentication system in place to check the data) or only allow requests to from trusted servers/ports.

Comment on HTTP proxying questions
by Laurence Rowe