httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Kuba <ma...@ics.muni.cz>
Subject Re: [users@httpd] setting variables for mod_proxy_ajp
Date Fri, 28 Jan 2011 11:58:09 GMT
Hi all,

no response so far, but I have figured it myself, the right directive is

RewriteRule .* - [E=AJP_SSL_CLIENT_S_DN:%{SSL:SSL_CLIENT_S_DN}]

Cheers

Martin

Dne 12.1.2011 12:36, Martin Kuba napsal(a):
> Hi all,
>
> I am trying to pass an arbitrary environment variable from Apache (2.2) to Tomcat (6.0)
> using mod_proxy_ajp, but without success so far. Specifically I want to pass the
> SSL_CLIENT_S_DN variable set by the mod_ssl.
>
> The manual page
> http://httpd.apache.org/docs/2.2/mod/mod_proxy_ajp.html
> says that
>
> "Environment variables whose names have the prefix AJP_ are forwarded to the origin server
> as AJP request attributes (with the AJP_ prefix removed from the name of the key)."
>
> However I can't figure out how I can set such a variable. I have Googled up
> several solutions, but none worked.
>
> SetEnv can assign only static strings as values, not variables.
>
> This directive:
>
> SetEnvIf SSL_CLIENT_S_DN (.*) AJP_SSL_CLIENT_S_DN=$1
>
> sets empty string.
>
> Using mod_rewrite like
>
> RewriteCond %{SSL_CLIENT_S_DN} (.*)
> RewriteRule .* - [E=AJP_SSL_CLIENT_S_DN:%1]
>
> or
>
> RewriteCond %{SSL_CLIENT_S_DN} (.*)
> RewriteRule .* - [E=AJP_SSL_CLIENT_S_DN:%{SSL_CLIENT_S_DN}]
>
> does not work either.
>
> I have even tried
>
> RequestHeader set X-SSL-DN "%{SSL_CLIENT_S_DN}e"
> SetEnvIf X-SSL-DN (.*) AJP_SSL_CLIENT_S_DN=$1
>
> but only the header X-SSL-DN is set, not the AJP_SSL_CLIENT_S_DN variable.
>
> It looks like the SSL_CLIENT_S_DN is not present in the time when the RewriteRule
> or SetEnvIf directives are processed.
>
>
> I know that I can use mod_jk instead of mod_proxy_ajp, and it provides the directive
>
> JkEnvVar SSL_CLIENT_S_DN
>
> which is exactly what I need. However I wonder why the mod_proxy_ajp documentation
> mentions the AJP_ prefixed variables when it is impossible to set them.
>
> Or why the mod_proxy_ajp dpes not provide a directive similar to the JkEnvVar directive
of mod_jk.
>
> Best regards
>
> Martin


-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Supercomputing Center Brno             Martin Kuba
Institute of Computer Science    email: makub@ics.muni.cz
Masaryk University             http://www.ics.muni.cz/~makub/
Botanicka 68a, 60200 Brno, CZ     mobil: +420-603-533775
--------------------------------------------------------------


Mime
View raw message