You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2012/03/13 08:44:36 UTC
DO NOT REPLY [Bug 52892] Require expr and %{REMOTE_USER}
https://issues.apache.org/bugzilla/show_bug.cgi?id=52892
--- Comment #1 from Stefan Fritsch <sf...@sfritsch.de> 2012-03-13 07:44:36 UTC ---
The require statements are actually executed twice, once before auth and once
after auth. Auth is only triggered if a Require statement says that its result
may change after auth and the change of this statement would actually make a
difference in the end result. However, Require expr currently lacks the
necessary logic for this.
You could try (untested):
<RequireAll>
Require ssl-verify-client
Require valid-user
<RequireAny>
Require user workaround_for_PR_52892
Require expr ...
</RequireAny>
</RequireAll>
Then the Require user would trigger auth. Of course, workaround_for_PR_52892
must not exist as a user or you have a security problem.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org