RE: REMOTE_USER and PROXY request

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks Tom,

I think I got it now.

It was about the + sign. If I did match against "RewriteCond %{LA-U:REMOTE_USER} (.*)" - the condition was true even if the REMOTE_USER was empty. The result was that the proxy request was done before there was a value. As our log shows the REMOTE_USER is filled out in the third run. 

Thanks for all help,

Cheers Dag 

-----Opprinnelig melding-----
Fra: Tom Evans [mailto:tevans.uk@xxxxxxxxxxxxxx] 
Sendt: 28. mai 2009 15:23
Til: users@xxxxxxxxxxxxxxxx
Emne: RE:  REMOTE_USER and PROXY request

On Thu, 2009-05-28 at 13:58 +0200, Efjestad, Dag wrote:
> No, when I do this the value in RewriteCond is null.
> 
> From logfile:
> lookahead: path=/kongsberg/ var=REMOTE_USER -> val=
> RewriteCond: input='' pattern='(.*)' => matched
> 
> -----Opprinnelig melding-----
> Fra: Tom Evans [mailto:tevans.uk@xxxxxxxxxxxxxx] 
> Sendt: 28. mai 2009 11:49
> Til: users@xxxxxxxxxxxxxxxx
> Emne: Re:  REMOTE_USER and PROXY request
> 
> On Thu, 2009-05-28 at 10:52 +0200, Efjestad, Dag wrote:
> > Hi.
> > 
> > I can't get access to the REMOTE_USER value when I do a proxy request. The value is empty.
> > RewriteRule ^/kongsberg(.*) http://aeoas02/kongsberg/%{LA-U:REMOTE_USER}$1 [P,L]
> > 
> > For rewrite  against directory URL's I get the value.
> > RewriteRule ^/kongsberg(.*) /kongsberg/%{LA-U:REMOTE_USER}$1 [L]
> > 
> > and for redirect it works:
> > RewriteRule ^/kongsberg(.*) http://aeoas02/kongsberg/%{LA-U:REMOTE_USER}$1 [R,L]
> > 
> > 
> > I also tried this syntaks with same result - no value in REMOTE_USER env. var.:
> >    RewriteCond %{LA-U:REMOTE_USER} (.+) 
> >    RewriteRule .  - [E=RU:%1]
> >    
> >    ProxyRequests    Off
> >    ProxyPassInterpolateEnv On
> >    ProxyPass        /kongsberg/ http://aeoas02/kongsberg/${RU}/ interpolate
> >    ProxyPassReverse /kongsberg/ http://aeoas02/kongsberg/${RU}/ interpolate
> > 
> > 
> > I also noticed that I can see the username value in the access logfile but not in the rewrite logfile. 
> > 
> > Suggestions anyone?
> > 
> > 
> > Kind regards, Dag 
> > 
> 
> Does this not work?
> 
> RewriteCond %{LA-U:REMOTE_USER} (.+) 
> RewriteRule /kongsberg/ http://aeoas02/kongsberg/%1/ [P]
> 
> Cheers
> 
> Tom
> 
> 

>From my testing, that config works fine:

<VirtualHost *:80>
    ServerName ssoauth
    DocumentRoot /usr/local/www/ssoauth/htdocs
    <Directory /usr/local/www/ssoauth/htdocs>
        Order allow,deny
        Allow from all
    </Directory>
    KeepAlive Off

    RewriteEngine On
    RewriteCond %{LA-U:REMOTE_USER} (.+)
    RewriteRule /kongsberg/ http://ssoauth:8081/kongsberg/%1/ [P]

    RewriteLog /var/log/rwrite.log
    RewriteLogLevel 5
    <Location />
        Include auth/ldap_group_it.conf
    </Location>
</VirtualHost>


The log then shows this: (cat /var/log/rwrite.log | sed 's:.*] ::')

(2) init rewrite engine with requested uri /kongsberg/
(3) applying pattern '/kongsberg/' to uri '/kongsberg/'
(2) init rewrite engine with requested uri /kongsberg/
(3) applying pattern '/kongsberg/' to uri '/kongsberg/'
(4) RewriteCond: input='' pattern='(.+)' => not-matched
(1) pass through /kongsberg/
(2) init rewrite engine with requested uri /kongsberg/index.html
(3) applying pattern '/kongsberg/' to uri '/kongsberg/index.html'
(2) init rewrite engine with requested uri /kongsberg/index.html
(3) applying pattern '/kongsberg/' to uri '/kongsberg/index.html'
(4) RewriteCond: input='' pattern='(.+)' => not-matched
(1) pass through /kongsberg/index.html
(5) lookahead: path=/kongsberg/index.html var=REMOTE_USER -> val=tevans
(4) RewriteCond: input='tevans' pattern='(.+)' => matched
(2) rewrite '/kongsberg/index.html' -> 'http://ssoauth:8081/kongsberg/tevans/'
(2) forcing proxy-throughput with http://ssoauth:8081/kongsberg/tevans/
(1) go-ahead with proxy request proxy:http://ssoauth:8081/kongsberg/tevans/ [OK]
(5) lookahead: path=/kongsberg/ var=REMOTE_USER -> val=tevans
(4) RewriteCond: input='tevans' pattern='(.+)' => matched
(2) rewrite '/kongsberg/' -> 'http://ssoauth:8081/kongsberg/tevans/'
(2) forcing proxy-throughput with http://ssoauth:8081/kongsberg/tevans/
(1) go-ahead with proxy request proxy:http://ssoauth:8081/kongsberg/tevans/ [OK]

This log is for just one request. Are you sure you that you are
authenticated using apache auth modules? REMOTE_USER would be empty if
you are not authenticated.

Cheers

Tom


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux