1

I would like to pass the environment variable REMOTE_USER set by apache when HTTP basic authentication is correct to a backend. This would provide authentication to the backend server as well.

Here is my apache2 configuration file:

<Directory />
  AuthType basic
  AuthUserFile $my_file
  require valid-user
  RewriteEngine on
  RewriteCond %{REMOTE_USER} (.+)
  RequestHeader set X-Forwarded-User %{REMOTE_USER}e
</Directory>

Authentication by apache2 goes well, as I am properly redirected to the backend server, but then, backend server does not receive the REMOTE_USER as the X-Forwarded-User variable does not appear in tcpdump trace.

What may I have forgotten/misconfigured which does not let this REMOTE_USER variable being forwarded to backend as X-Forwarded-User?

Grant
  • 17,671
  • 14
  • 69
  • 101
philippe
  • 2,131
  • 4
  • 30
  • 53

1 Answers1

1

REMOTE_USER is not actually an environment variable inside Apache, but is instead set by Apache when running things like CGI or PHP handlers.

The actual value is embedded in a structure within Apache. See Apache documentation on Environment Variables

Perhaps you need to be ENV: as a prefix. 

<Directory />
  AuthType basic
  AuthUserFile $my_file
  require valid-user
  RewriteEngine on
  RewriteCond %{ENV:REMOTE_USER} (.+)
  RequestHeader set X-Forwarded-User %{ENV:REMOTE_USER}e
</Directory>
Cameron Kerr
  • 3,919
  • 18
  • 24
  • I'm afraid this doesn't work neither; the authentication is still correctly provided, but the variable is not sent to the backend server. I don't know if there is an other way to see it without using a network sniffer such as tcpdump; But in tcpdump trace, I see X-forwarded-For for instance but not the X-Forwarded-User I set Thanks for your reply anyway – philippe May 19 '14 at 12:51
  • What if you set a different header (in case X-Forwarded-User is a bit special; although I don't think it is.) – Cameron Kerr May 19 '14 at 19:24
  • What is the RewriteCond for, anyway? – Cameron Kerr May 19 '14 at 19:26
  • Cameron Kerr, thanks for your help; what I want to do is forward the REMOTE_USER variable IF this one is getting set by apache (when apache authentication succeeds). As the application will redirect anyway for authentication if transmitted variable is empty, this is not necessary. Same result occurs when changing X-Forwarded-User with HTTP_REMOTE_USER – philippe May 19 '14 at 20:44