[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: PHP4 CGI and HTTP Authorization support



On Thu, Sep 15, 2005 at 09:52:00PM +0200, Marcin Owsiany wrote:
> On Thu, Sep 15, 2005 at 09:26:10PM +0200, Marcin Owsiany wrote:
> > The question is: has anyone worked this around? Or do I need to dig in
> > the apache and/or php code to make them pass the authorization
> > information in some custom environment variable?
> 
> I forgot to mention that I need this to work with any script our users
> upload to their website. So the workarounds on
> http://php.net/features.http-auth which require modifying the scripts
> themselves to work, are not useful for me.

This turned out to be easier than I thought. For the record:

PHP CGI ISAPI already has some code to parse HTTP_AUTHORIZATION
environment variable into what's needed if it's present. It's just that
Apache doesn't pass it by default. To do this, just add:

   RewriteEngine On
   RewriteCond %{HTTP:Authorization} .
   RewriteRule . - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},PT]

Alternatively, one can rebuild apache with
-DSECURITY_HOLE_PASS_AUTHORIZATION as explained in
http://httpd.apache.org/dev/apidoc/apidoc_SECURITY_HOLE_PASS_AUTHORIZATION.html

regards,

Marcin
-- 
Marcin Owsiany <porridge@debian.org>             http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216  FE67 DA2D 0ACA FC5E 3F75  D6F6 3A0D 8AA0 60F4 1216



Reply to: