This is my final Version. It runs perfect after some changes. Thank you.
RewriteEngine on
RewriteLog /var/log/apache/rewrite_log
RewriteLogLevel 2
# Initialise an environment variable with some stuff
RewriteCond %{ENV:DN} =""
RewriteRule .* - [E=DN:%{LA-
U:SSL_CLIENT_S_DN}]
# Substitute a / in DN with _ and start over again (N-flag) until
there are no more /
RewriteCond %{ENV:DN} (.*)/(.*)
RewriteRule .* - [N,E=DN:%1_%2]
# The INDEX script shows all available files for a license/
certificate (stored in /data/licenseserver/PRODUCT/DN/*)
RewriteRule ^/licenseserver/(.*[^/])/INDEX /data/licenseserver/$1/
INDEX.cgi [L]
# Put DN into URL
RewriteCond %{ENV:DN} [^/]
RewriteRule ^/licenseserver/(.*[^/])/(.*) /data/licenseserver/$1/%
{ENV:DN}/$2
<LocationMatch /licenseserver/.*>
# Oly trust our signed certs
SSLVerifyClient require
SSLVerifyDepth 1
SSLRequireSSL
SSLRequire %{SSL_CLIENT_S_DN_O} eq "Pyramid Computer
GmbH"
SSLRequire %{SSL_CLIENT_S_DN_CN} ne "default"
SSLOptions +StdEnvVars +StrictRequire
Options +ExecCGI
AuthPAM_Enabled Off
Order allow,deny
Allow from all
</LocationMatch>
Am 09.06.2005 um 15:39 schrieb Axel-Stéphane SMORGRAV:
Here it goes:
# Initialise an environment variable with some stuff
RewriteCond %{ENV:DN} =""
RewriteRule .* - [E=DN:/A/B/C/D]
# Substitute a / in DN with _ and start over again (N-flag)
until there are no more /
RewriteCond %{ENV:DN} (.*)/(.*)
RewriteRule .* - [N,E=DN:%1_%2]
# Insert other rules to rewrite the URI using %{ENV:DN} below
You will need to modify the initialisation of DN in order for %
{ENV:SSL_CLIENT_S_DN} to be the initial value, and write the rules
that rewrite the URI...
-ascs
-----Original Message-----
From: Tilman Baumann [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 09, 2005 2:18 PM
To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] how to alter and use environmanet vaaiables
with mod_rewrite
Hi,
i have a problem which is seem to be swamped with.
I want to make a substitute on a variable for later use in
mod_rewrite.
I have users which are Authorizing themselves via ssl cleint auth
(mod_ssl and +FakeBasicAuth)
These users access all the same url (they are relatively dump
scripts) and each has to get a file which is specialy stored for him.
My plan was to make each user a directory which is constructet out of
the DN of his certificate. It would be easy to map a request from /
licenses/ to /licenses/%{ENV:SSL_CLIENT_S_DN}/
But unfortunately a DN contains slashes like this:
/C=DE/L=Freiburg/O=Pyramid Computer GmbH/OU=Solutions Update Service/
CN=6281
Well, so i have to change the slashes in %{ENV:SSL_CLIENT_S_DN} to
something different.
Maybe underlines.
I have no idea to change the slashes in this variable (or better a
copy of it) and then use it in mod_rewrite.
Any ideas how to make this?
I also tried a rewrite_program, but all happens is that apache does
not accept any connection after that. :)
But i am verry unhappy with the idea to call a programm each request.
So i like to do it in another way.
Here my buggy script:
#!/usr/bin/perl
# disable buffered I/O which would lead
# to deadloops for the Apache server
$| = 1;
# read URLs one per line from stdin and
# generate substitution URL on stdout
while (<>) {
my $dn = $ENV{'SSL_CLIENT_S_DN'};
$dn =~ s|/|\\|;
s|(.*)|$1/$dn|;
print $_;
}
Thanks for any help.
--
Tilman Baumann
Pyramid Computer
Tel: +49 (7 61) 46 14-837
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Tilman Baumann
Pyramid Computer
Tel: +49 (7 61) 46 14-837
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]