Re: setting variables for mod_proxy_ajp

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: Re: setting variables for mod_proxy_ajp
From: Martin Kuba <makub@xxxxxxxxxxx>
Date: Fri, 28 Jan 2011 12:58:09 +0100
In-reply-to: <4D2D9259.6060601@xxxxxxxxxxx>
Reply-to: users@xxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; cs-CZ; rv:1.9.2.13) Gecko/20101206 SUSE/3.1.7 Thunderbird/3.1.7

Hi all,

no response so far, but I have figured it myself, the right directive is

RewriteRule .* - [E=AJP_SSL_CLIENT_S_DN:%{SSL:SSL_CLIENT_S_DN}]

Cheers

Martin

Dne 12.1.2011 12:36, Martin Kuba napsal(a):

Hi all,

I am trying to pass an arbitrary environment variable from Apache (2.2) to Tomcat (6.0)
using mod_proxy_ajp, but without success so far. Specifically I want to pass the
SSL_CLIENT_S_DN variable set by the mod_ssl.

The manual page
http://httpd.apache.org/docs/2.2/mod/mod_proxy_ajp.html
says that

"Environment variables whose names have the prefix AJP_ are forwarded to the origin server
as AJP request attributes (with the AJP_ prefix removed from the name of the key)."

However I can't figure out how I can set such a variable. I have Googled up
several solutions, but none worked.

SetEnv can assign only static strings as values, not variables.

This directive:

SetEnvIf SSL_CLIENT_S_DN (.*) AJP_SSL_CLIENT_S_DN=$1

sets empty string.

Using mod_rewrite like

RewriteCond %{SSL_CLIENT_S_DN} (.*)
RewriteRule .* - [E=AJP_SSL_CLIENT_S_DN:%1]

or

RewriteCond %{SSL_CLIENT_S_DN} (.*)
RewriteRule .* - [E=AJP_SSL_CLIENT_S_DN:%{SSL_CLIENT_S_DN}]

does not work either.

I have even tried

RequestHeader set X-SSL-DN "%{SSL_CLIENT_S_DN}e"
SetEnvIf X-SSL-DN (.*) AJP_SSL_CLIENT_S_DN=$1

but only the header X-SSL-DN is set, not the AJP_SSL_CLIENT_S_DN variable.

It looks like the SSL_CLIENT_S_DN is not present in the time when the RewriteRule
or SetEnvIf directives are processed.


I know that I can use mod_jk instead of mod_proxy_ajp, and it provides the directive

JkEnvVar SSL_CLIENT_S_DN

which is exactly what I need. However I wonder why the mod_proxy_ajp documentation
mentions the AJP_ prefixed variables when it is impossible to set them.

Or why the mod_proxy_ajp dpes not provide a directive similar to the JkEnvVar directive of mod_jk.

Best regards

Martin



--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Supercomputing Center Brno             Martin Kuba
Institute of Computer Science    email: makub@xxxxxxxxxxx
Masaryk University             http://www.ics.muni.cz/~makub/
Botanicka 68a, 60200 Brno, CZ     mobil: +420-603-533775
--------------------------------------------------------------

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Follow-Ups:
- Re: setting variables for mod_proxy_ajp
  - From: Igor Galić

References:
- setting variables for mod_proxy_ajp
  - From: Martin Kuba

Prev by Date: Re: Apache 2.x authentication and mod_rewrite
Next by Date: Reverse Proxy will multiple IPs in same subnet
Previous by thread: setting variables for mod_proxy_ajp
Next by thread: Re: setting variables for mod_proxy_ajp
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]