logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: mod_headers
Author
haze



Joined: 06 Jun 2007
Posts: 4

PostPosted: Wed 06 Jun '07 22:46    Post subject: mod_headers Reply with quote

Is it possible to modify incoming headers of a location protected by

<LocationMatch "/*">
AuthType Auth
require valid-user
</LocationMatch>

How do I make use of the RequestHeader directive?

All I want to do is change the headers before the 'require valid-user' prompts for authentication.

Here Auth is an external security module.
Back to top
tdonovan
Moderator


Joined: 17 Dec 2005
Posts: 611
Location: Milford, MA, USA

PostPosted: Thu 07 Jun '07 3:04    Post subject: Reply with quote

It isn't clear which version of Apache you are running, or exactly what you are trying to accomplish.
Maybe you are trying to change or add an Authorization or Proxy-Authorization header?

With Apache 2.0: no.
    RequestHeader happens after authentication is done.
With Apache 2.2: maybe, using early-mode.
    See the RequestHeader docs for Apache 2.2, especially the warnings in the early-mode section.
    One problem is that you will need to set RequestHeader for the whole server, or at least for an entire virtual host, because early-mode can't work inside a <Location> or <Directory> block.

-tom-

p.s. Your <LocationMatch "/*"> seems odd. Do you really mean "zero or more slashes"
- or did you intend <LocationMatch "/.*"> which would be "a slash followed by zero or more characters"?
Back to top
haze



Joined: 06 Jun 2007
Posts: 4

PostPosted: Thu 07 Jun '07 17:02    Post subject: Reply with quote

I was also thinking of the early mode but sadly, I have to use Apache 2.0.

Is there any other way of manipulating these headers?
Will it be possible to through a custom module?


Thanks for the help.
Back to top
tdonovan
Moderator


Joined: 17 Dec 2005
Posts: 611
Location: Milford, MA, USA

PostPosted: Thu 07 Jun '07 17:44    Post subject: Reply with quote

re: "Will it be possible to through a custom module? "

It certainly looks possible.
Instead of a new module, perhaps you could simply change Apache 2.0 mod_headers to always make RequestHeader work in early mode by changing one line in modules/metadata/mod_headers.c

from:
Code:
ap_hook_fixups(ap_headers_fixup, NULL, NULL, APR_HOOK_LAST);

to:
Code:
ap_hook_post_read_request(ap_headers_fixup, NULL, NULL, APR_HOOK_FIRST);


Just a guess, I didn't actually try it (I don't use Apache 2.0). If this works, the restrictions should be the same as with Apache 2.2 because RequestHeader will now execute immediately for each new request, before <Location> or <Directory> are determined.

-tom-
Back to top
haze



Joined: 06 Jun 2007
Posts: 4

PostPosted: Mon 18 Jun '07 20:01    Post subject: Reply with quote

Shocked
I really don't know how to thank you.
You are my hero. This works perfectly.
Back to top


Reply to topic   Topic: mod_headers View previous topic :: View next topic
Post new topic   Forum Index -> Apache