How do I create a custom header from an existing SSL environment variable?
Solution 1:
Ok -- I figured it out middle of the week but still wanted to give someone a chance to earn the bounty.
Surprisingly, this isn't very well documented anywhere, but as I used mod_headers to do this you can find that documentation here.
What you want to do it set the header, whether you grab it from ssl or the environment. Then you can edit the header in place using regex and capture groups.
Some examples:
RequestHeader set REMOTE_USER "%{SSL_CLIENT_S_DN_CN}s" RequestHeader edit REMOTE_USER (.*\s)(.*) $2 RequestHeader set AUTHENTICATE_CN "%{SSL_CLIENT_S_DN_CN}s" RequestHeader edit AUTHENTICATE_CN (.*\s)(.*) $1 RequestHeader set AUTHENTICATE_MAIL "%{SSL_CLIENT_S_DN_CN}s" RequestHeader edit AUTHENTICATE_MAIL (.*\s)(.*) [email protected]
Solution 2:
I'd use the AuthBasicFake directive which will set the header and then you can do the ProxyPass in the same Location block. It would look something like this:<Location "/blah">
AuthBasicFake %{SSL_CLIENT_S_DN_CN}
ProxyPass http://example.org/blah
</Location>
If you have some other x509 attributes in the subject like the username on its own you could use SSL_CLIENT_S_DN_uid or SSL_CLIENT_S_DN_email.