You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Krist van Besien <kr...@gmail.com> on 2009/12/18 14:54:14 UTC
[users@httpd] How to remove an environment variable...
Hello all,
I have a PHP content management system, Drupal on a apache 2.2
server. For the moment we use a Drupal add on that uses the
webserver's own authentication. So I have set up apache basic auth,
and Drupal asumes that whenever a request comes with the "REMOTE_USER"
variable set, the user is authenticated, and uses the value of
REMOTE_USER to determine who it's talking with.
Now for test purposes I want to offer a way to look at the site as non
authenticated users would see it, but without (for now) removing the
authentication. As the website is still under development I don't want
to allow unauthenticated access yet.
I thought I could do that by just have Apache remove the REMOTE_USER
header. like this:
UnsetEnv REMOTE_USER
However, this does not work.
Also setting REMOTE_USER to something else doesn't work either.
Setting other variables works though.
What are my options here? How can I remove REMOTE_USER?
Krist
--
krist.vanbesien@gmail.com
krist@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] How to remove an environment variable...
Posted by Peter Schober <pe...@univie.ac.at>.
* Krist van Besien <kr...@gmail.com> [2009-12-18 14:54]:
> Now for test purposes I want to offer a way to look at the site as
> non authenticated users would see it, but without (for now) removing
> the authentication. As the website is still under development I
> don't want to allow unauthenticated access yet.
Maybe Alias the site to a different <Location> and don't protect that
with basic auth (but your IP-address)? Or setup another vhost for
testing.
Also if the complete site/application is protected by basic auth there
will be not much to see for unauthenticated users. Or are you using
basic auth only on some part of the appliation, that establishes an
application session? Then you could unset REMOTE_USER in that PHP that
bootstraps the application session, I suppose.
-peter
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] How to remove an environment variable...
Posted by André Warnier <aw...@ice-sa.com>.
Krist van Besien wrote:
...
>
> Maybe I could use some mod_perl to manipulate this internal
> representation.
Yes of course.
Maybe try this
<Location /noauth>
PerlFixupHandler "sub { \
use Apache2::Const qw(:common);
my $r = shift; \
$r->user(undef); \
return Apache2::Const::OK; \
}"
</Location>
Note : that's really rough, and I haven't tried it. Use at your own
risk. Let me know though.
;-)
Or just use a custom "index.php" which unsets this
> variable.
Hèèèk.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] How to remove an environment variable...
Posted by Krist van Besien <kr...@gmail.com>.
On Fri, Dec 18, 2009 at 3:16 PM, Eric Covener <co...@gmail.com> wrote:
> mod_cgi (and anyone acting like mod_cgi) calls a utility function to
> set REMOTE_USER from the internal representation of the user, right
> before running the script (in the handler phase). There does not seem
> to be any window where you could blank out the variable (the closest
> you can get is mod_rewrite E= in <Directory> or htaccess with no
> substitution)
>
> You might be able to write an apache module that zaps r->user in the
> fixups phase when some criteria is met, but I am not seeing any more
> direct way.
Maybe I could use some mod_perl to manipulate this internal
representation. Or just use a custom "index.php" which unsets this
variable. All explore that.
Krist
--
krist.vanbesien@gmail.com
krist@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] How to remove an environment variable...
Posted by Eric Covener <co...@gmail.com>.
On Fri, Dec 18, 2009 at 8:54 AM, Krist van Besien
<kr...@gmail.com> wrote:
>
> UnsetEnv REMOTE_USER
>
> However, this does not work.
>
> Also setting REMOTE_USER to something else doesn't work either.
> Setting other variables works though.
>
> What are my options here? How can I remove REMOTE_USER?
mod_cgi (and anyone acting like mod_cgi) calls a utility function to
set REMOTE_USER from the internal representation of the user, right
before running the script (in the handler phase). There does not seem
to be any window where you could blank out the variable (the closest
you can get is mod_rewrite E= in <Directory> or htaccess with no
substitution)
You might be able to write an apache module that zaps r->user in the
fixups phase when some criteria is met, but I am not seeing any more
direct way.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org