twain is a php-based forward auth page/app for reverse proxies. I've long been dissatisfied with the limitations of basic authentication and reverse proxies in general, but whenever I tried to figure out a better way, the information I found was somewhat scattered and incomplete. I managed to piece it together eventually, and realised that decoupling the reverse proxy from authentication and access control was exactly what I needed. I wrote an application to do just that, and decided to publish it, along with what I've learned. This post is mostly about the concept of forward authentication, as that is a big piece of the puzzle and one about which there is limited information available. Reverse Proxies Running a reverse proxy is a very useful way to provide secured access to the web-based applications you have running on your internal network. It takes incoming requests, and forwards them to another server, typically based on the host name and/or path of the original