Hi all,
Is there any reason (RFC or security) that prevents using common vars
within 'RequestHeader XX %{ENV_VAR}e'. Those can now be only set by
SetEnv, SetEnvIf and PassEnv.
A simple patch that calls ap_add_common_vars(r) before processing
the variable from r->subprocess_env will do more then enough.
It will allow to pass the REMOTE_USER for example down the reverse
proxy backend as header.
Second thing is setting the unknown value to string "(null)".
I propose to not set anything if the header value is not present and
to remove the value from headers_in if present and the required env var
doesn't exists.
As an example of current behavior:
RequestHeader REMOTE_USER %{REMOTE_USER}e
sets the header:
HTTP_REMOTE_USER="(null)"
Of course the '(null)' is far from being a valid user name.
I have enclosed the patch.
Regards,
Mladen
|