Question on htaccess

Question on htaccess

Post by adam » Thu, 26 Oct 2000 04:00:00



Do you want the UNIX userid the process is running under or the
authenticated name the web client used to gain access?  The first should
be easily got through what ever programming language you're using (all
have a way to determine what uid they're running as, both real and
effective).  The second should be available in the env variable
REMOTE_USER.  (Note, these may very likely be different.)

You might also find this link helpful:

http://www.apache.org/docs/misc/FAQ.html#remote-user-var

-adam


> Hi all,

> I have just created some secure directories on a website using htaccess. Now
> when i start a CGI from one of those dirs i need to know who is actually
> accessing this directory, i.e. i want to know the userid of the one who
> actually has gained access to the site. Isn't there any environment variable
> that displays this ? Strangely enough, when i run a CGI that shows me the
> available variables, the username is nowhere to be found, or should i
> protect the CGI directory as well to get this ?

> Thanks
> Bob Lefevere

 
 
 

Question on htaccess

Post by Dan Wilg » Thu, 26 Oct 2000 04:00:00




> Hi all,

> I have just created some secure directories on a website using htaccess. Now
> when i start a CGI from one of those dirs i need to know who is actually
> accessing this directory, i.e. i want to know the userid of the one who
> actually has gained access to the site. Isn't there any environment variable
> that displays this ? Strangely enough, when i run a CGI that shows me the
> available variables, the username is nowhere to be found, or should i
> protect the CGI directory as well to get this ?

Yes, the directory containing any CGI script you want to display the env var
of the username must be protected as well. The name of the variable is
HTTP_USER.


** Remove the REMOVE in my address address to reply reply  **

 
 
 

Question on htaccess

Post by Rafael Garcia-Suar » Fri, 27 Oct 2000 04:00:00


Bob Lefevere wrote in comp.infosystems.www.servers.unix:

Quote:>Yep, i just found out i have to protect the cgi-bin as well then.. Which is
>logical if you think about it- if you start a cgi script you go to the
>unprotected cgi-bin directory, so there is no point for Apache to keep the
>REMOTE_USER variable.

>Is there a way to open up the CGI-BIN for all and still have htaccess
>security in place ?

Just a clue: you can make a subdir of cgi-bin and place the .htaccess
and the protected scripts there.

--
# Rafael Garcia-Suarez / http://rgarciasuarez.free.fr/

 
 
 

Question on htaccess

Post by Dan Wilg » Fri, 27 Oct 2000 22:32:37





> > Yes, the directory containing any CGI script you want to display the env
> > var
> > of the username must be protected as well. The name of the variable is
> > HTTP_USER.

> I think you meant to say REMOTE_USER.

D'oh! As usual, you're right, Joshua.


** Remove the REMOVE in my address address to reply reply  **

 
 
 

Question on htaccess

Post by Alan Sincla » Sun, 05 Nov 2000 12:51:46




Quote:>Hi all,

>I have just created some secure directories on a website using htaccess.
>Now when i start a CGI from one of those dirs i need to know who is
>actually accessing this directory, i.e. i want to know the userid of the
>one who actually has gained access to the site. Isn't there any
>environment variable that displays this ? Strangely enough, when i run a
>CGI that shows me the available variables, the username is nowhere to be
>found, or should i protect the CGI directory as well to get this ?

>Thanks
>Bob Lefevere

I think you are referring to REMOTE_USER. You need to place the CGI script
in the secured directory otherwise Apache will not set the REMOTE_USER env
variable.

hth,

 
 
 

1. How to prevent reading of .htaccess in a .htaccess ?

Hello,

I use Apache 1.3.20 on Solaris 2.6 and i want to know how i can prevent
reading of .htaccess IN
a .htaccess (not a <directory> directive).

Basically this is what i want :
http://www/guest/noguest/

In this case i want that the .htaccess in /guest prevent the reading of
the .htaccess in noguest.
(and i all the directories below)

I don't want a <directory> directive because in this case this is the
admin (me) who edit the httpd.conf
and not the user who manage his directory (and put the .htaccess).

Best regards, thanks per advance for your answers,

--
 Ludovic.Maitre at sophia.inria.fr

 INRIA - 2004 route des lucioles - BP 93    Tel: (33/0) 4 92 38 50 41
 06902   SOPHIA-ANTIPOLIS cedex (France)    Fax: (33/0) 4 92 38 76 02
 Free online CSS editor :

http://www-sop.inria.fr/semir/personnel/Ludovic.Maitre/freestyle/free...

2. MonoChrome config for Linux

3. .htaccess's question

4. M68k raw I/O updates

5. Apache: htaccess question

6. scripts, SUID

7. .htaccess question

8. SIS 900 10/100 Integrated Ethernet

9. .htaccess <IP forward> question please (Repost)

10. htaccess question

11. HTACCESS generator question!

12. newbie .htaccess question

13. Apache .htaccess question