Hi John, John Chilton wrote, On 07/22/2011 11:40 AM:
We have Galaxy behind an apache proxy, and apache is taking care of the authentication. If I want to enable exporting workflows and histories to other galaxy instances do I just need to disable the authentication checks for locations "/history/export_archive" and "/workflow/for_direct_import"? I assume this wouldn't also open a hole that would allow unpublished workflows or histories to be accessed by others (at my institution or else wise), is this correct?
We have the same situation with two internal galaxies. We use the following apache "mod_rewrite" rule to detect incoming requests from one galaxy server, and add a fake REMOTE_USER variable, simulating an authenticated user: ========= ## This rule match "genomics.cshl.edu" server, and ## adds a fake authenticated user - allow people ## to copy datasets from rave to genomics RewriteCond %{REMOTE_HOST} =143.48.36.4 RewriteRule (.*) $1 [E=MCAC_UserName:genomics_import] <Location "/galaxy" > RequestHeader add REMOTE_USER %{MCAC_UserName}e require valid-user Order Allow,Deny Allow from genomics.cshl.edu Satisfy any </Location> ========== There are two important statements here: 1. the "RewriteCond + RewriteRule" check for the server's IP, and creates the environment variable for the fake authenticated user. 2. the "Allow from genomics" + "Satisfy any" means that apache will allow access to the "/galaxy" location from either an authenticated user or from a specific host. Hope this helps, -gordon