Is there a possibility that you can configure a vhost that forwards to the
vhost that you are running cgi in? In that case, you'll get an
http-forwarded-for header with the address you want. This of course is a
hack, and may not be appropriate
On Tue, Mar 10, 2020 at 10:53 AM Yann Ylavic wrote:
On Tue, Mar 10, 2020 at 2:46 AM Roderick wrote:
>
> Excuse me the question: does httpd obtain REMOTE_USER by parsing
> the AUTHORIZATION header?
Yes, that's where it's available for basic auth, so mod_auth_basic
will do this:
https://github.com/winlibs/apache/blob/master/2.4.x/modules/aaa/mod_au
On Tue, 3 Mar 2020, Yann Ylavic wrote:
With this I get HTTP_AUTHORIZATION, but Unfortunately not REMOTE_USER.
Sure, if httpd isn't doing auth it will not care about REMOTE_USER nor
parse the Authorization header.
Excuse me the question: does httpd obtain REMOTE_USER by parsing
the AUTHORI
Sorry I meant: https://tools.ietf.org/html/rfc2617#section-2 here:
>
> User names never have ':', per
> https://tools.ietf.org/html/rfc2617#section-3.2.2 :
>
> user-pass = userid ":" password
> userid = *
> password= *TEXT
-
On Tue, Mar 3, 2020 at 12:12 AM Roderick wrote:
>
> Thanks, Yann!
>
> With this I get HTTP_AUTHORIZATION, but Unfortunately not REMOTE_USER.
Sure, if httpd isn't doing auth it will not care about REMOTE_USER nor
parse the Authorization header.
>
> If user names do not have ":", I can get the use
Thanks, Yann!
With this I get HTTP_AUTHORIZATION, but Unfortunately not REMOTE_USER.
If user names do not have ":", I can get the username.
> On Sun, Mar 1, 2020 at 7:33 PM Roderick wrote:
>
> [...]
> You seem to want:
> https://httpd.apache.org/docs/2.4/en/mod/core.html#cgipassauth
On Sun, Mar 1, 2020 at 7:33 PM Roderick wrote:
>
> I do not want apache "doing basic auth". I want to do it in the
> cgi script myself, and as I understand RFC3875, the headers in
> question should be passed for that purpose.
You seem to want: https://httpd.apache.org/docs/2.4/en/mod/core.html#cg
That standard states:
if the client request required authentication for external
access, then the server MUST set the value of this variable from the
'auth-scheme' token in the request Authorization header field.
However, you are configuring Apache to NOT authenticate and therefore
Apache CANNO
I do not want apache "doing basic auth". I want to do it in the
cgi script myself, and as I understand RFC3875, the headers in
question should be passed for that purpose.
Thanks anyway
Rodrigo
On Sun, 1 Mar 2020, Eric Covener wrote:
> If Apache isn't doing basic auth, it can't supply REMOTE_U
On Sun, Mar 1, 2020 at 10:07 AM Roderick wrote:
>
>
> Dear Sirs,
>
> running a CGI script, in which I myself implement basic
> authentication, I miss necessary headers:
>
> REMOTE_USER
> AUTH_TYPE
> HTTP_AUTHORIZATION
>
> According to https://tools.ietf.org/html/rfc3875 the first MUST be passed.
>
Dear Sirs,
running a CGI script, in which I myself implement basic
authentication, I miss necessary headers:
REMOTE_USER
AUTH_TYPE
HTTP_AUTHORIZATION
According to https://tools.ietf.org/html/rfc3875 the first MUST be passed.
Is there a way to get these headers?
I get the last putting in the
11 matches
Mail list logo
