Devin Bougie wrote:
...
Hi.
I'll give you my interpretation, after looking at the log, not really at
the configuration.
I think the confusion may be about when and where, things happen
exactly. And it is not really helped by your choice to proxy from your
server to itself..
If you examine the log below, you will see different/distinct requests,
identified by their respective "rid" number.
The first is the request rid#8aa28f8 that comes in originally, on your
"first" server (before the proxying occurs).
That one does the proxying before your <Location /test> is even invoked
(in my opinion). So at that point, the authentication has not even
happened, and REMOTE_USER is undefined or empty.
That request, you then proxy to your "second" server.
Now the proxied request comes in to your "second" server. That is
request rid#8aa8908. That one starts without a REMOTE_USER (see above),
but then goes through the <Location> section, where it acquires an id.
But by then it is too late for proxying..
It would all probably be clearer if you set this up in two distinct
VirtualHosts, and proxied from the first to the second.
Another thing, is that Apache "environment variables", are kind of
"virtual", in the sense that they exist inside of Apache, for the
duration of one request.
When you proxy something to another server, this is a new request, and
this other server does not magically inherit the environment of your
first request in the first server.
To pass it on, you would have to set it in a header which you pass to
the second server. But then, you must have a value to pass, by the time
you create the header.
Which does not seem to be the case here.
Hope that is clear.
As for me, I think I need a cup of coffee now.
------
######
# GlassFish proxy
ProxyPreserveHost on
RewriteEngine on
RewriteLog /var/log/httpd/rewrite.log
RewriteLogLevel 9
RequestHeader Set Proxy-keysize 512
RequestHeader Set Proxy-ip %{REMOTE_ADDR}e
RequestHeader Set Host ourserver.com:443
RequestHeader set REMOTE_USER %{LA-U:REMOTE_USER}e
RewriteRule ^/test$ /test/ [R,L]
RewriteRule ^/test/(.*) http://localhost/cgi-bin/test/$1
[P,L,E=REMOTE_USER:%{LA-U:REMOTE_USER}]
<Location "/test">
order deny,allow
deny from all
AuthType KerberosV5
AuthName "kerberos authentication"
Satisfy any
require valid-user
</Location>
------
And here is what I see in rewrite.log. REMOTE_USER is eventually set
properly, just not soon enough for the script.
------
... [rid#8aa28f8/initial] (2) init rewrite engine with requested uri
/test/remote.cgi
... [rid#8aa28f8/initial] (3) applying pattern '^/test$' to uri
'/test/remote.cgi'
... [rid#8aa28f8/initial] (3) applying pattern '^/test/(.*)' to uri
'/test/remote.cgi'
... [rid#8aa28f8/initial] (2) rewrite /test/remote.cgi ->
http://localhost/cgi-bin/test/remote.cgi
... [rid#8aa4900/subreq] (2) init rewrite engine with requested uri
/test/remote.cgi
... [rid#8aa4900/subreq] (1) pass through /test/remote.cgi
... [rid#8aa28f8/initial] (5) lookahead: path=/test/remote.cgi
var=REMOTE_USER -> val=
... [rid#8aa28f8/initial] (5) setting env variable 'REMOTE_USER' to ''
... [rid#8aa28f8/initial] (2) forcing proxy-throughput with
http://localhost/cgi-bin/test/remote.cgi
... [rid#8aa28f8/initial] (1) go-ahead with proxy request
proxy:http://localhost/cgi-bin/test/remote.cgi [OK]
... [rid#8aa8908/initial] (2) init rewrite engine with requested uri
/test/remote.cgi
... [rid#8aa8908/initial] (3) applying pattern '^/test$' to uri
'/test/remote.cgi'
... [rid#8aa8908/initial] (3) applying pattern '^/test/(.*)' to uri
'/test/remote.cgi'
... [rid#8aa8908/initial] (2) rewrite /test/remote.cgi ->
http://localhost/cgi-bin/test/remote.cgi
... [rid#8abcf90/subreq] (2) init rewrite engine with requested uri
/test/remote.cgi
... [rid#8abcf90/subreq] (1) pass through /test/remote.cgi
... [rid#8aa8908/initial] (5) lookahead: path=/test/remote.cgi
var=REMOTE_USER -> val=dab66
... [rid#8aa8908/initial] (5) setting env variable 'REMOTE_USER' to 'dab66'
... [rid#8aa8908/initial] (2) forcing proxy-throughput with
http://localhost/cgi-bin/test/remote.cgi
... [rid#8aa8908/initial] (1) go-ahead with proxy request
proxy:http://localhost/cgi-bin/test/remote.cgi [OK]
------
Any suggestions would be greatly appreciated. Please let me know if
there is any more information I can provide.
Many thanks,
Devin
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
