You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Chris Stromsoe <cb...@cts.ucla.edu> on 2008/02/21 01:45:26 UTC
r->user not logged for authenticated requests with handlers outside
the protected area
I'm running PHP as a CGI with a configuration similar to
<virtualhost *:80>
addtype application/x-httpd-php .php
addhandler php-handler .php
action php-handler /cgi-bin/php-cgi
documentroot /opt/html
scriptalias /cgi-bin/php-cgi /opt/cgi-bin/php-cgi
<directory /opt>
order allow,deny
allow from all
</direectory>
<directory /opt/html>
require valid-user
</directory>
</virtualhost>
I have authentication set up using files. The authentication piece is
working fine. Documents in /opt/html that are not handled by php-handler
are properly logged with r->user.
All requests for php in /opt/html authenticate properly but don't set
REMOTE_USER and are logged with r->user == NULL. I'm guessing that's
because the handler is not inside the protected directory.
Feature or bug? I can provide more detail if that's not eough.
-Chris
Re: r->user not logged for authenticated requests with handlers
outside the protected area
Posted by Chris Stromsoe <cb...@cts.ucla.edu>.
On Wed, 20 Feb 2008, Joshua Slive wrote:
> Feature. It is explicitly documented in mod_log_config:
> http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#modifiers
That makes sense. Thanks.
> Try also dumping all the env variables starting with REDIRECT_
And thanks again. I saw the code to set REDIRECT_REMOTE_USER in
server/util_script.c, but wasn't seeing it in my environment. Turns out
my php wrapper was stripping it out of the environment. Sigh.
-Chris
Re: r->user not logged for authenticated requests with handlers outside the protected area
Posted by Joshua Slive <jo...@slive.ca>.
On Wed, Feb 20, 2008 at 7:45 PM, Chris Stromsoe <cb...@cts.ucla.edu> wrote:
> All requests for php in /opt/html authenticate properly but don't set
> REMOTE_USER and are logged with r->user == NULL. I'm guessing that's
> because the handler is not inside the protected directory.
>
> Feature or bug? I can provide more detail if that's not eough.
Feature. It is explicitly documented in mod_log_config:
http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#modifiers
Try also dumping all the env variables starting with REDIRECT_
Joshua.