httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mladen Turk <mt...@apache.org>
Subject mod_headers -- RequestHeader passing common vars.
Date Sat, 04 Dec 2004 08:23:29 GMT
Hi all,

Is there any reason (RFC or security) that prevents using common vars
within 'RequestHeader XX %{ENV_VAR}e'. Those can now be only set by
SetEnv, SetEnvIf and PassEnv.

A simple patch that calls ap_add_common_vars(r) before processing
the variable from r->subprocess_env will do more then enough.
It will allow to pass the REMOTE_USER for example down the reverse
proxy backend as header.

Second thing is setting the unknown value to string "(null)".
I propose to not set anything if the header value is not present and
to remove the value from headers_in if present and the required env var
doesn't exists.

As an example of current behavior:
RequestHeader REMOTE_USER %{REMOTE_USER}e
sets the header:
HTTP_REMOTE_USER="(null)"
Of course the '(null)' is far from being a valid user name.


I have enclosed the patch.

Regards,
Mladen

Mime
View raw message