You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by LeVon Smoker <ls...@hrcsb.org> on 2010/06/03 21:30:53 UTC

[users@httpd] Rails, fcgid and environment variables

Is there a way to make environment variables stay set when using mod_fcgid?

I have the following section in an apache config:
<VirtualHost x.x.x.x:80>
    ServerName local.domain
    DocumentRoot /var/www/myapp/charts

    RewriteEngine On

    <Directory />

        AuthName "Charts"
        AuthType Basic
        AuthBasicProvider ldap
        AuthLDAPBindDN ldapbind@local.domain
        AuthLDAPBindPassword xxx
        AuthLDAPUrl ldap://x.x.x.x:3268/?sAMAccountName,memberOf?sub
        AuthzLDAPAuthoritative off
        Require ldap-group cn=Charts,ou=Groups,dc=hrcsb,dc=org
        Require ldap-group cn=IT,ou=Groups,dc=hrcsb,dc=org
        Require valid-user

    </Directory>

    RewriteCond %{ENV:AUTHENTICATE_MEMBEROF} (.*cn=(charts|it),.*) [NC]
    RewriteCond %{QUERY_STRING} ^(?!(.*batches=true.*))
    RewriteRule ^/charts
https://charts.local.domain/charts/?batches=true [L]

    RewriteCond %{ENV:AUTHENTICATE_SAMACCOUNTNAME} (.+)
    RewriteCond %{ENV:AUTHENTICATE_MEMBEROF} ^(?!(.*cn=(charts|it),.*)) [NC]
    RewriteCond %{QUERY_STRING} (.*batches=true.*) [NC]
    RewriteRule ^/charts https://charts.local.domain/charts/? [L]

</VirtualHost>

The problem is that with fcgid, the environment variables get unset for
some requests so my rewrites don't work.

Any ideas?
-- 
LeVon Smoker

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: [users@httpd] Rails, fcgid and environment variables

Posted by "Thomas, Peter" <pt...@HPTI.com>.

With Rails & phusion -- and thus likely with fcgid -- the environment
variables you are seeing are likely what was in the Apache subprocess
when your persistent Rails or--more generaly--fcgid--process was
spawned.  To be safe, I suggest you clear them during Ruby
initialization, to avoid confusion later.

The per-request AUTHENTICATE_* variables from are NOT in the separate
Rails process environment--they are passed as request headers.

--Pete

> -----Original Message-----
> From: LeVon Smoker [mailto:lsmoke@hrcsb.org] 
> Sent: Thursday, June 03, 2010 3:31 PM
> To: users@httpd.apache.org
> Subject: [users@httpd] Rails, fcgid and environment variables
> 
> Is there a way to make environment variables stay set when 
> using mod_fcgid?
> 
> I have the following section in an apache config:
> <VirtualHost x.x.x.x:80>
>     ServerName local.domain
>     DocumentRoot /var/www/myapp/charts
> 
>     RewriteEngine On
> 
>     <Directory />
> 
>         AuthName "Charts"
>         AuthType Basic
>         AuthBasicProvider ldap
>         AuthLDAPBindDN ldapbind@local.domain
>         AuthLDAPBindPassword xxx
>         AuthLDAPUrl ldap://x.x.x.x:3268/?sAMAccountName,memberOf?sub
>         AuthzLDAPAuthoritative off
>         Require ldap-group cn=Charts,ou=Groups,dc=hrcsb,dc=org
>         Require ldap-group cn=IT,ou=Groups,dc=hrcsb,dc=org
>         Require valid-user
> 
>     </Directory>
> 
>     RewriteCond %{ENV:AUTHENTICATE_MEMBEROF} 
> (.*cn=(charts|it),.*) [NC]
>     RewriteCond %{QUERY_STRING} ^(?!(.*batches=true.*))
>     RewriteRule ^/charts
> https://charts.local.domain/charts/?batches=true [L]
> 
>     RewriteCond %{ENV:AUTHENTICATE_SAMACCOUNTNAME} (.+)
>     RewriteCond %{ENV:AUTHENTICATE_MEMBEROF} 
> ^(?!(.*cn=(charts|it),.*)) [NC]
>     RewriteCond %{QUERY_STRING} (.*batches=true.*) [NC]
>     RewriteRule ^/charts https://charts.local.domain/charts/? [L]
> 
> </VirtualHost>
> 
> The problem is that with fcgid, the environment variables get 
> unset for some requests so my rewrites don't work.
> 
> Any ideas?
> --
> LeVon Smoker
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org