You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2012/03/13 08:44:36 UTC

DO NOT REPLY [Bug 52892] Require expr and %{REMOTE_USER}

https://issues.apache.org/bugzilla/show_bug.cgi?id=52892

--- Comment #1 from Stefan Fritsch <sf...@sfritsch.de> 2012-03-13 07:44:36 UTC ---
The require statements are actually executed twice, once before auth and once
after auth. Auth is only triggered if a Require statement says that its result
may change after auth and the change of this statement would actually make a
difference in the end result. However, Require expr currently lacks the
necessary logic for this.

You could try (untested):

<RequireAll>
  Require ssl-verify-client
  Require valid-user
  <RequireAny>
    Require user workaround_for_PR_52892
    Require expr ...
  </RequireAny>
</RequireAll>

Then the Require user would trigger auth. Of course, workaround_for_PR_52892
must not exist as a user or you have a security problem.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org