httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Malo>
Subject SetEnvIf Remote_User <foo> <bar> never worked at all
Date Sat, 17 Jan 2004 22:22:39 GMT
and at the moment I see only one way to fix it reliably: Remove it from the
documentation and the code.

(There's also a report w.r.t. the issue:

Long version:
It could not work, because the hooks where which mod_setenvif is invoked, are
both called *before* any authentication is done. This is unavoidable, because
one wants to use the variables, e.g. in allow/deny clauses.

However, I've tried to fix it and took the same mechanism like mod_rewrite. I
did an ap_sub_req_lookup_uri to r->uri and copied the rr->user from it.
The point is: Because of the optimization step taken in server/request.c:213,
it does not work in directory context, because -- dir_config was already
merged, but auth not evaluated yet! (remember, we're still in header_parser).
This means, the lookup technique works only in server context (not in
htaccess) or after successful authn/z (too late).

My conclusion is:
(a) parse the header ourself (-1)
(b) drop it entirely (+1)

Any opinions?


View raw message