>Number: 234
>Category: config
>Synopsis: REMOTE_IDENT not always available to mod_rewrite
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: apache (Apache HTTP Project)
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Sat Mar 15 16:00:01 1997
>Originator: [EMAIL PROTECTED]
>Organization:
apache
>Release: 1.2b7
>Environment:
FreeBSD 2.1.7
gcc 2.6.3
>Description:
REMOTE_IDENT isn't available to a virtual host's rewrite rules under
the following conditions:
* IdentityCheck is "off" by default.
* IdentityCheck is turned "on" inside the <VirtualHost> directive.
REMOTE_IDENT is available later for SSI and CGI, but not for the
rewriting rules in a <VirtualHost> section.
>How-To-Repeat:
1. Set the default IdentityCheck to "off".
2. Add the following lines inside some <VirtualHost> section:
RewriteEngine on
RewriteLogLevel 4
RewriteLog logs/virt-rewrite_log
RewriteCond %{REMOTE_ADDR} 1.2.3.4 # IP of some host running IDENT
RewriteCond %{REMOTE_IDENT} someuser # name of some user on that host
RewriteRule ^/somefile.html /otherfile.html [R,L]
3. Try to retrieve /somefile.html from the specified host as the specified
user. The rewrite will fail; that REMOTE_IDENT is set later can be verified
by printing its value using SSI or CGI.
4. The rewrite log will show something like this for the RewriteCond in
question:
RewriteCond: input='' pattern='someuser' => not-matched
5. Set the default "IdentityCheck" to "on".
6. Try to retrieve /somefile.html again.
7. You should get /otherfile.html (a successful rewrite).
>Fix:
The problem shows itself in get_remote_login(), http_core.c, line 396:
if (dir_conf->do_rfc1413 & 1)
return rfc1413(r->connection, r->server);
else
return NULL;
When get_remote_login() is called from mod_rewrite.c, line 2532, it
always returns NULL. Apparently dir_conf->do_rfc1413 hasn't been set
from the virtual host's IdentityCheck directive yet
>Audit-Trail:
>Unformatted:
