Re: PHP4 CGI and HTTP Authorization support
On Thu, Sep 15, 2005 at 09:52:00PM +0200, Marcin Owsiany wrote:
> On Thu, Sep 15, 2005 at 09:26:10PM +0200, Marcin Owsiany wrote:
> > The question is: has anyone worked this around? Or do I need to dig in
> > the apache and/or php code to make them pass the authorization
> > information in some custom environment variable?
>
> I forgot to mention that I need this to work with any script our users
> upload to their website. So the workarounds on
> http://php.net/features.http-auth which require modifying the scripts
> themselves to work, are not useful for me.
This turned out to be easier than I thought. For the record:
PHP CGI ISAPI already has some code to parse HTTP_AUTHORIZATION
environment variable into what's needed if it's present. It's just that
Apache doesn't pass it by default. To do this, just add:
RewriteEngine On
RewriteCond %{HTTP:Authorization} .
RewriteRule . - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},PT]
Alternatively, one can rebuild apache with
-DSECURITY_HOLE_PASS_AUTHORIZATION as explained in
http://httpd.apache.org/dev/apidoc/apidoc_SECURITY_HOLE_PASS_AUTHORIZATION.html
regards,
Marcin
--
Marcin Owsiany <porridge@debian.org> http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216
Reply to: