Rewrite REMOTE_USER environment variable

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I am involved in migrating a legacy site, using Apache authentication and cgi scripts, to a CMS based site which uses its own access control.

The legacy site used membership numbers as the user name, but the CMS site uses zero padded versions of those numbers. So a user logging in to the legacy site would enter 10123, but 00010123 on the CMS site. For consistency of user experience, we need to allow either form to pass Apache authentication - no problem as both forms are now included in the password file.

However, several hundred of the legacy cgi scripts read the REMOTE_USER environment variable to use as a key to identifying the member in the legacy database. This lookup fails for users who log in with the zero padded form of number.

Hence, we need to allow authentication of either form of number but to strip leading zeros from the number stored in REMOTE_USER.

I've tried various combinations of:
RewriteCond %{REMOTE_USER} ^0*([1-9][0-9]+)
RewriteRule ^0*([1-9]+)$ [E=RU:$1]
#SetEnvIfNoCase ^REMOTE.USER$ ^0*([1-9][0-9]+) RU=$1
RequestHeader set REMOTE-USER %{RU}e env=REMOTE_USER

From the documentation, I know that this sort of manipulation was easy before Apache 2.4, but now needs a work-around. What work-around should I use? As we're on a shared server, the solution has to be implemented in htaccess, not httpd.conf.

Ken


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux