cgi authoriszation
Jan Dries
info at jandries.be
Mon Feb 11 04:26:31 EST 2002
[Robin Becker]
> Is there any way to get the cgi module to do authorization. I can make
> scripts demand authorization by including headers [...]
> but I don't seem to see either 'authorization' or 'http_authorization'
> in the
> client's response. Is apache filtering out the credentials?
Apache indeed filters out the "HTTP_AUTHORIZATION", but you can force it to
pass it to a cgi-script as en environment variable using the following rewrite-
rule (assuming you have mod_rewrite enabled):
RewriteEngine on
RewriteCond %{HTTP:Authorisation} ^(.*)$ [NC]
RewriteRule /.* - [E=HTTP_AUTHORISATION:%1]
But of course beware, after this the information will be available to all
scripts. You could further restrict it by adding extra RewriteCond-lines.
Regards,
Jan
More information about the Python-list
mailing list