cgi authoriszation

[Jan Dries]

[Robin Becker]
> Is there any way to get the cgi module to do authorization. I can make
> scripts demand authorization by including headers [...]
> but I don't seem to see either 'authorization' or 'http_authorization'
> in the
> client's response. Is apache filtering out the credentials?

Apache indeed filters out the "HTTP_AUTHORIZATION", but you can force it to 
pass it to a cgi-script as en environment variable using the following rewrite-
rule (assuming you have mod_rewrite enabled):

 RewriteEngine on
 RewriteCond %{HTTP:Authorisation} ^(.*)$ [NC]
 RewriteRule /.* - [E=HTTP_AUTHORISATION:%1]

But of course beware, after this the information will be available to all 
scripts. You could further restrict it by adding extra RewriteCond-lines.

Regards,
Jan