[users@httpd] No remote user in LOG file in CGI (HTTP Authentification)

Fri, 03 Aug 2007 04:03:42 -0700 

Hello,

According to my previous post on the bug track:
http://issues.apache.org/bugzilla/show_bug.cgi?id=43018

This is a script in PHP that is called by the a CGI handler in Apache. HTTP
Authentification.
In a normal Apache module environnement, a HTTP Authentification is called and 
we can see on the log of Apache :
IP - USER - [DATETIME] "GET / HTTP/1.1" 200 SIZE "REFERER" "AGENT"
Meanwhile, in a CGI environnement, Apache call a CGI script, in my exemple PHP 
and pass him variables.
So in order of compatibility to pass the authentification to the PHP script, we 
have to set a .htaccess where :
RewriteEngine on
RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization},L <HTTP:Authorization%7D,L>] 

So with it in environnement variables we can see :
[REDIRECT_REMOTE_USER] => Basic dGl0aTp0b3Rv
[REDIRECT_STATUS] => 200
where dGl0aTp0b3Rv is corresponding to user:password titi:toto (base64)
Of course, with network analyzer, we can see that the browser send to the Apache 
serveur in HTTP headers :
Authorization: Basic dGl0aTp0b3Rv
(our titi:toto)

In this cas, Apache log don't indicate the user :
IP - - - [DATETIME] "GET / HTTP/1.1" 200 SIZE "REFERER" "AGENT"

Ok, the use of PHP is independant of Apache log writes but if browser send
Authorization: Basic dGl0aTp0b3Rv in a module Apache or CGI Apache (PHP), why 
Apache, that see the basic, don't write the remote_user in the log ?
In normal environnement, whithout CGI, handler ..., the browser send the same 
request and the log indicate the USER.
According to the track response, I've replaced the %u to %<u in the LogFormat directive but the user authentified still no appear 
in the log :
IP - - - [DATETIME] "GET / HTTP/1.1" 200 SIZE "REFERER" "AGENT"


Has anyone the same problem or a soltion ?


Thank you for any help.




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to