No remote user in LOG file in CGI (HTTP Authentification)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: No remote user in LOG file in CGI (HTTP Authentification)
From: apache.org@xxxxxxxxxxx
Date: Fri, 03 Aug 2007 13:03:05 +0200
Reply-to: users@xxxxxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.4 (Windows/20070604)

Hello,

According to my previous post on the bug track:
http://issues.apache.org/bugzilla/show_bug.cgi?id=43018

This is a script in PHP that is called by the a CGI handler in Apache. HTTP
Authentification.

In a normal Apache module environnement, a HTTP Authentification iscalled and

we can see on the log of Apache :
IP - USER - [DATETIME] "GET / HTTP/1.1" 200 SIZE "REFERER" "AGENT"

Meanwhile, in a CGI environnement, Apache call a CGI script, in myexemple PHP

and pass him variables.

So in order of compatibility to pass the authentification to the PHPscript, we

have to set a .htaccess where :
RewriteEngine on

RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization},L<HTTP:Authorization%7D,L>]


So with it in environnement variables we can see :
[REDIRECT_REMOTE_USER] => Basic dGl0aTp0b3Rv
[REDIRECT_STATUS] => 200
where dGl0aTp0b3Rv is corresponding to user:password titi:toto (base64)

Of course, with network analyzer, we can see that the browser send tothe Apache

serveur in HTTP headers :
Authorization: Basic dGl0aTp0b3Rv
(our titi:toto)

In this cas, Apache log don't indicate the user :
IP - - - [DATETIME] "GET / HTTP/1.1" 200 SIZE "REFERER" "AGENT"

Ok, the use of PHP is independant of Apache log writes but if browser send

Authorization: Basic dGl0aTp0b3Rv in a module Apache or CGI Apache(PHP), why

Apache, that see the basic, don't write the remote_user in the log ?

In normal environnement, whithout CGI, handler ..., the browser send thesame

request and the log indicate the USER.

According to the track response, I've replaced the %u to %<u in theLogFormat directive but the user authentified still no appear

in the log :
IP - - - [DATETIME] "GET / HTTP/1.1" 200 SIZE "REFERER" "AGENT"


Has anyone the same problem or a soltion ?


Thank you for any help.




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

Follow-Ups:
- Re: No remote user in LOG file in CGI (HTTP Authentification)
  - From: Joshua Slive

Prev by Date: RE : [users@httpd] mass bug-closing?
Next by Date: URL modified to localhost by apache
Previous by thread: mass bug-closing?
Next by thread: Re: No remote user in LOG file in CGI (HTTP Authentification)
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]