httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Evans <tevans...@googlemail.com>
Subject RE: [users@httpd] REMOTE_USER and PROXY request
Date Thu, 28 May 2009 13:23:07 GMT
On Thu, 2009-05-28 at 13:58 +0200, Efjestad, Dag wrote:
> No, when I do this the value in RewriteCond is null.
> 
> From logfile:
> lookahead: path=/kongsberg/ var=REMOTE_USER -> val=
> RewriteCond: input='' pattern='(.*)' => matched
> 
> -----Opprinnelig melding-----
> Fra: Tom Evans [mailto:tevans.uk@googlemail.com] 
> Sendt: 28. mai 2009 11:49
> Til: users@httpd.apache.org
> Emne: Re: [users@httpd] REMOTE_USER and PROXY request
> 
> On Thu, 2009-05-28 at 10:52 +0200, Efjestad, Dag wrote:
> > Hi.
> > 
> > I can't get access to the REMOTE_USER value when I do a proxy request. The value
is empty.
> > RewriteRule ^/kongsberg(.*) http://aeoas02/kongsberg/%{LA-U:REMOTE_USER}$1 [P,L]
> > 
> > For rewrite  against directory URL's I get the value.
> > RewriteRule ^/kongsberg(.*) /kongsberg/%{LA-U:REMOTE_USER}$1 [L]
> > 
> > and for redirect it works:
> > RewriteRule ^/kongsberg(.*) http://aeoas02/kongsberg/%{LA-U:REMOTE_USER}$1 [R,L]
> > 
> > 
> > I also tried this syntaks with same result - no value in REMOTE_USER env. var.:
> >    RewriteCond %{LA-U:REMOTE_USER} (.+) 
> >    RewriteRule .  - [E=RU:%1]
> >    
> >    ProxyRequests    Off
> >    ProxyPassInterpolateEnv On
> >    ProxyPass        /kongsberg/ http://aeoas02/kongsberg/${RU}/ interpolate
> >    ProxyPassReverse /kongsberg/ http://aeoas02/kongsberg/${RU}/ interpolate
> > 
> > 
> > I also noticed that I can see the username value in the access logfile but not in
the rewrite logfile. 
> > 
> > Suggestions anyone?
> > 
> > 
> > Kind regards, Dag 
> > 
> 
> Does this not work?
> 
> RewriteCond %{LA-U:REMOTE_USER} (.+) 
> RewriteRule /kongsberg/ http://aeoas02/kongsberg/%1/ [P]
> 
> Cheers
> 
> Tom
> 
> 

>>From my testing, that config works fine:

<VirtualHost *:80>
    ServerName ssoauth
    DocumentRoot /usr/local/www/ssoauth/htdocs
    <Directory /usr/local/www/ssoauth/htdocs>
        Order allow,deny
        Allow from all
    </Directory>
    KeepAlive Off

    RewriteEngine On
    RewriteCond %{LA-U:REMOTE_USER} (.+)
    RewriteRule /kongsberg/ http://ssoauth:8081/kongsberg/%1/ [P]

    RewriteLog /var/log/rwrite.log
    RewriteLogLevel 5
    <Location />
        Include auth/ldap_group_it.conf
    </Location>
</VirtualHost>


The log then shows this: (cat /var/log/rwrite.log | sed 's:.*] ::')

(2) init rewrite engine with requested uri /kongsberg/
(3) applying pattern '/kongsberg/' to uri '/kongsberg/'
(2) init rewrite engine with requested uri /kongsberg/
(3) applying pattern '/kongsberg/' to uri '/kongsberg/'
(4) RewriteCond: input='' pattern='(.+)' => not-matched
(1) pass through /kongsberg/
(2) init rewrite engine with requested uri /kongsberg/index.html
(3) applying pattern '/kongsberg/' to uri '/kongsberg/index.html'
(2) init rewrite engine with requested uri /kongsberg/index.html
(3) applying pattern '/kongsberg/' to uri '/kongsberg/index.html'
(4) RewriteCond: input='' pattern='(.+)' => not-matched
(1) pass through /kongsberg/index.html
(5) lookahead: path=/kongsberg/index.html var=REMOTE_USER -> val=tevans
(4) RewriteCond: input='tevans' pattern='(.+)' => matched
(2) rewrite '/kongsberg/index.html' -> 'http://ssoauth:8081/kongsberg/tevans/'
(2) forcing proxy-throughput with http://ssoauth:8081/kongsberg/tevans/
(1) go-ahead with proxy request proxy:http://ssoauth:8081/kongsberg/tevans/ [OK]
(5) lookahead: path=/kongsberg/ var=REMOTE_USER -> val=tevans
(4) RewriteCond: input='tevans' pattern='(.+)' => matched
(2) rewrite '/kongsberg/' -> 'http://ssoauth:8081/kongsberg/tevans/'
(2) forcing proxy-throughput with http://ssoauth:8081/kongsberg/tevans/
(1) go-ahead with proxy request proxy:http://ssoauth:8081/kongsberg/tevans/ [OK]

This log is for just one request. Are you sure you that you are
authenticated using apache auth modules? REMOTE_USER would be empty if
you are not authenticated.

Cheers

Tom


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message