You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Chris Stromsoe <cb...@cts.ucla.edu> on 2008/02/21 01:45:26 UTC

r->user not logged for authenticated requests with handlers outside the protected area

I'm running PHP as a CGI with a configuration similar to

<virtualhost *:80>
   addtype application/x-httpd-php .php
   addhandler php-handler .php
   action php-handler /cgi-bin/php-cgi

   documentroot /opt/html
   scriptalias /cgi-bin/php-cgi /opt/cgi-bin/php-cgi

   <directory /opt>
     order allow,deny
     allow from all
   </direectory>

   <directory /opt/html>
     require valid-user
   </directory>
</virtualhost>

I have authentication set up using files.  The authentication piece is 
working fine.  Documents in /opt/html that are not handled by php-handler 
are properly logged with r->user.

All requests for php in /opt/html authenticate properly but don't set 
REMOTE_USER and are logged with r->user == NULL.  I'm guessing that's 
because the handler is not inside the protected directory.

Feature or bug?  I can provide more detail if that's not eough.


-Chris

Re: r->user not logged for authenticated requests with handlers outside the protected area

Posted by Chris Stromsoe <cb...@cts.ucla.edu>.

On Wed, 20 Feb 2008, Joshua Slive wrote:

> Feature. It is explicitly documented in mod_log_config: 
> http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#modifiers

That makes sense.  Thanks.

> Try also dumping all the env variables starting with REDIRECT_

And thanks again.  I saw the code to set REDIRECT_REMOTE_USER in 
server/util_script.c, but wasn't seeing it in my environment.  Turns out 
my php wrapper was stripping it out of the environment.  Sigh.

-Chris

Re: r->user not logged for authenticated requests with handlers outside the protected area

Posted by Joshua Slive <jo...@slive.ca>.

On Wed, Feb 20, 2008 at 7:45 PM, Chris Stromsoe <cb...@cts.ucla.edu> wrote:

>  All requests for php in /opt/html authenticate properly but don't set
>  REMOTE_USER and are logged with r->user == NULL.  I'm guessing that's
>  because the handler is not inside the protected directory.
>
>  Feature or bug?  I can provide more detail if that's not eough.

Feature. It is explicitly documented in mod_log_config:
http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#modifiers

Try also dumping all the env variables starting with REDIRECT_

Joshua.