setting variables for mod_proxy_ajp

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi all,

I am trying to pass an arbitrary environment variable from Apache (2.2) to Tomcat (6.0)
using mod_proxy_ajp, but without success so far. Specifically I want to pass the
SSL_CLIENT_S_DN variable set by the mod_ssl.

The manual page
http://httpd.apache.org/docs/2.2/mod/mod_proxy_ajp.html
says that

"Environment variables whose names have the prefix AJP_ are forwarded to the origin server
 as AJP request attributes (with the AJP_ prefix removed from the name of the key)."

However I can't figure out how I can set such a variable. I have Googled up
several solutions, but none worked.

SetEnv can assign only static strings as values, not variables.

This directive:

 SetEnvIf SSL_CLIENT_S_DN (.*) AJP_SSL_CLIENT_S_DN=$1

sets empty string.

Using mod_rewrite like

 RewriteCond %{SSL_CLIENT_S_DN} (.*)
 RewriteRule .* - [E=AJP_SSL_CLIENT_S_DN:%1]

or

 RewriteCond %{SSL_CLIENT_S_DN} (.*)
 RewriteRule .* - [E=AJP_SSL_CLIENT_S_DN:%{SSL_CLIENT_S_DN}]

does not work either.

I have even tried

 RequestHeader set X-SSL-DN "%{SSL_CLIENT_S_DN}e"
 SetEnvIf X-SSL-DN (.*) AJP_SSL_CLIENT_S_DN=$1

but only the header X-SSL-DN is set, not the AJP_SSL_CLIENT_S_DN variable.

It looks like the SSL_CLIENT_S_DN is not present in the time when the RewriteRule
or SetEnvIf directives are processed.


I know that I can use mod_jk instead of mod_proxy_ajp, and it provides the directive

JkEnvVar SSL_CLIENT_S_DN

which is exactly what I need. However I wonder why the mod_proxy_ajp documentation
mentions the AJP_ prefixed variables when it is impossible to set them.

Or why the mod_proxy_ajp dpes not provide a directive similar to the JkEnvVar directive of mod_jk.

Best regards

Martin
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Supercomputing Center Brno             Martin Kuba
Institute of Computer Science    email: makub@xxxxxxxxxxx
Masaryk University             http://www.ics.muni.cz/~makub/
Botanicka 68a, 60200 Brno, CZ     mobil: +420-603-533775
--------------------------------------------------------------

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux