Rails - Sep 2006 - Apache, REMOTE_USER, and Mongrel

I use mod_auth_sspi with Apache to authenticate requests to my Rails 
application. This means that Apache performs an NTLM challenge-response 
with the client on request, then sets its REMOTE_USER variable to the 
username of the authenticated user. I then use that REMOTE_USER value to 
load (or create) the correct User record in my application. Until now, I 
have been using FCGI to host Rails, and this has been working great.

Today, I have been working on upgrading to Apache 2.2.3 + mod_proxy + 
Mongrel to improve reliability and make some maintenance easier. 
However, I''ve discovered that Mongrel does not inherit the REMOTE_USER 
variable from Apache. Is there some way I can get this value to my Rails 
app through Mongrel?

It''s important for my purposes that users not have to log in. I am in a
corporate environment with a Windows domain, so using mod_auth_sspi to 
transparently authenticate users through their browsers is the perfect 
solution. If there''s some way I can get this to work with Mongrel and 
not have to stick with FCGI, I''d love to hear about it :)

Thanks,

- Will

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---

Take a look at the mod proxy RequestHeader set directive.  Assuming
the remote user is in an environment variable somewhere, you can use
this directive to pass it on to mongrel.  I use it to pass along a
bunch of mod ssl env variables.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---

snacktime wrote:
> Take a look at the mod proxy RequestHeader set directive.  Assuming
> the remote user is in an environment variable somewhere, you can use
> this directive to pass it on to mongrel.  I use it to pass along a
> bunch of mod ssl env variables.
Hi snacktime,

I actually just spent the rest of the afternoon since I posted this 
message messing with the RequestHeader directive. No matter where I put 
it, %{REMOTE_USER}e returns null. Unfortunately I just came home from 
work, so I don''t have my Apache configuration in front of me, but it 
goes something like this:

<VirtualHost *>
   ServerName blah

   RequestHeader add X_FORWARDED_USER %{REMOTE_USER}e

   ProxyPass / http://my.host.name:8000/
   ProxyPassReverse / http://my.host.name:8000
   ProxyPreserveHost On

   <Proxy *>
       AuthType SSPI
       SSPIAuth On
       # etc...
   </Proxy>
</VirtualHost>

Any insights?

Thanks,

- Will

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---

I forgot, mongrel prefixes all the env variables with HTTP_.  So check
HTTP_REMOTE_USER and see if that''s it.  Took me a bit to notice that
myself.

Chris

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---

snacktime wrote:
> I forgot, mongrel prefixes all the env variables with HTTP_.  So check
> HTTP_REMOTE_USER and see if that''s it.  Took me a bit to notice
that
> myself.
Chris,

Apache does not send REMOTE_USER as an HTTP header to mongrel. The 
variables that mongrel prefixes with "HTTP_" are the HTTP request 
headers. REMOTE_USER is usually made available to child processes via 
CGI, but in this case we are not using CGI.

What I''m trying to do is explicitly inject a request header containing 
the value of REMOTE_USER in Apache, before the proxy module sends the 
request along to mongrel. For some reason, REMOTE_USER seems to always 
be (null). This is before mongrel even gets involved. See my 
configuration I posted on Friday for details.

If anyone knows why my attempts to read REMOTE_USER return (null), I''m 
all ears.

- Will

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---

Will Rogers wrote:
>
> If anyone knows why my attempts to read REMOTE_USER return (null),
I''m
> all ears.
After many hours trying to solve the same problem I found this post:
http://www.nabble.com/Forcing-a-proxied-host-to-generate-REMOTE_USER-tf1114364.html#a2914465

and can confirm that the following works for me when put in the Proxy
directive on Apache 2:
    RewriteEngine On
    RewriteCond %{LA-U:REMOTE_USER} (.+)
    RewriteRule . - [E=RU:%1]
    RequestHeader add X-Forwarded-User %{RU}e

Jon.


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---

Will Rogers wrote:
> ...
> If anyone knows why my attempts to read REMOTE_USER return (null),
I''m
> all ears.
> 
> - Will
have you tried PassEnv in your apache config (
http://httpd.apache.org/docs/2.0/env.html )

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---

jon wrote:
> After many hours trying to solve the same problem I found this post:
>
http://www.nabble.com/Forcing-a-proxied-host-to-generate-REMOTE_USER-tf1114364.html#a2914465
> 
> and can confirm that the following works for me when put in the Proxy
> directive on Apache 2:
>     RewriteEngine On
>     RewriteCond %{LA-U:REMOTE_USER} (.+)
>     RewriteRule . - [E=RU:%1]
>     RequestHeader add X-Forwarded-User %{RU}e
THANK YOU. That works for me, as well. I tried all sorts of combinations 
of those commands, but not that particular one. :)

- Will

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---

Bump

Sorry for bumping such an old post. I''m having trouble trying to
execute
something similar. I am using the Apache::AuthenNTLM perl module for 
NTLM authentication (mod_auth_sspi is windows-only, correct?). Below are 
three configurations and my results. I appreciate any guidance anyone 
might be able to provide.

c.


The following works and provides me with authentication, I have 
REMOTE_USER and X_FORWARDED_USER available to my Rails application. The 
site is running straight through Apache, however, so performance is 
sub-optimal.

<VirtualHost *:80>
  ServerName demo.jaxfc401
  DocumentRoot /usr/local/apache2/htdocs/demo
  <Directory /usr/local/apache2/htdocs/demo>
    Options FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all
    PerlAuthenHandler Apache2::AuthenNTLM
    AuthType ntlm,basic
    AuthName Crowley
    require valid-user
    PerlAddVar ntdomain "CROWLEY crowleypdc jaxbdc01"
    PerlSetVar defaultdomain CROWLEY
    PerlSetVar splitdomainprefix 1
    PerlSetVar ntlmdebug 0
    PerlSetVar ntlmauthoritative off
    RewriteCond %{LA-U:REMOTE_USER} (.+)
    RewriteRule . - [E=RU:%1]
    RequestHeader add X-Forwarded-User %{RU}e
  </Directory>
</VirtualHost>


The following works and provides me with proxying through Mongrel, 
peformance is excellent but no authentication occurs and as such 
REMOTE_USER is not available to my application.

<VirtualHost *:80>
  ServerName demo.jaxfc401
  ProxyRequests Off
  ProxyPass / http://jaxfc401:8000
  ProxyPassReverse / http://jaxfc401:8000
  ProxyPreserveHost on
</VirtualHost>


This does not work.

<VirtualHost *:80>
  ServerName demo.jaxfc401
  ProxyRequests Off
  ProxyPass / http://jaxfc401:8000
  ProxyPassReverse / http://jaxfc401:8000
  ProxyPreserveHost on
  <Proxy *>
    PerlAuthenHandler Apache2::AuthenNTLM
    AuthType ntlm,basic
    AuthName Crowley
    require valid-user
    PerlAddVar ntdomain "CROWLEY crowleypdc jaxbdc01"
    PerlSetVar defaultdomain CROWLEY
    PerlSetVar splitdomainprefix 1
    PerlSetVar ntlmdebug 0
    PerlSetVar ntlmauthoritative off
    RewriteCond %{LA-U:REMOTE_USER} (.+)
    RewriteRule . - [E=RU:%1]
    RequestHeader add X-Forwarded-User %{RU}e
  </Proxy>
</VirtualHost>

I get the following error with this configuration:

Authorization Required
This server could not verify that you are authorized to access the 
document requested. Either you supplied the wrong credentials (e.g., bad 
password), or your browser doesn''t understand how to supply the 
credentials required.

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
 You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Hey folks... one more bump and then I''ll give it up, got caught behind
that wave of posts.

Thanks.
c.

Cayce Balara wrote:
 Bump

 Sorry for bumping such an old post. I''m having trouble trying to 
execute
 something similar. I am using the Apache::AuthenNTLM perl module for
 NTLM authentication (mod_auth_sspi is windows-only, correct?). Below 
are
 three configurations and my results. I appreciate any guidance anyone
 might be able to provide.

 c.

> The following works and provides me with authentication, I have 
> REMOTE_USER and X_FORWARDED_USER available to my Rails application. The 
> site is running straight through Apache, however, so performance is 
> sub-optimal.
> 
> <VirtualHost *:80>
>   ServerName demo.jaxfc401
>   DocumentRoot /usr/local/apache2/htdocs/demo
>   <Directory /usr/local/apache2/htdocs/demo>
>     Options FollowSymLinks
>     AllowOverride All
>     Order allow,deny
>     Allow from all
>     PerlAuthenHandler Apache2::AuthenNTLM
>     AuthType ntlm,basic
>     AuthName Crowley
>     require valid-user
>     PerlAddVar ntdomain "CROWLEY crowleypdc jaxbdc01"
>     PerlSetVar defaultdomain CROWLEY
>     PerlSetVar splitdomainprefix 1
>     PerlSetVar ntlmdebug 0
>     PerlSetVar ntlmauthoritative off
>     RewriteCond %{LA-U:REMOTE_USER} (.+)
>     RewriteRule . - [E=RU:%1]
>     RequestHeader add X-Forwarded-User %{RU}e
>   </Directory>
> </VirtualHost>
> 
> 
> The following works and provides me with proxying through Mongrel, 
> peformance is excellent but no authentication occurs and as such 
> REMOTE_USER is not available to my application.
> 
> <VirtualHost *:80>
>   ServerName demo.jaxfc401
>   ProxyRequests Off
>   ProxyPass / http://jaxfc401:8000
>   ProxyPassReverse / http://jaxfc401:8000
>   ProxyPreserveHost on
> </VirtualHost>
> 
> 
> This does not work.
> 
> <VirtualHost *:80>
>   ServerName demo.jaxfc401
>   ProxyRequests Off
>   ProxyPass / http://jaxfc401:8000
>   ProxyPassReverse / http://jaxfc401:8000
>   ProxyPreserveHost on
>   <Proxy *>
>     PerlAuthenHandler Apache2::AuthenNTLM
>     AuthType ntlm,basic
>     AuthName Crowley
>     require valid-user
>     PerlAddVar ntdomain "CROWLEY crowleypdc jaxbdc01"
>     PerlSetVar defaultdomain CROWLEY
>     PerlSetVar splitdomainprefix 1
>     PerlSetVar ntlmdebug 0
>     PerlSetVar ntlmauthoritative off
>     RewriteCond %{LA-U:REMOTE_USER} (.+)
>     RewriteRule . - [E=RU:%1]
>     RequestHeader add X-Forwarded-User %{RU}e
>   </Proxy>
> </VirtualHost>
> 
> I get the following error with this configuration:
> 
> Authorization Required
> This server could not verify that you are authorized to access the 
> document requested. Either you supplied the wrong credentials (e.g., bad 
> password), or your browser doesn''t understand how to supply the 
> credentials required.
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
 You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

I never figured out how to do any of apache''s auth schemes on anything
other than directories.  Your mileage doesn''t look to vary on this.

I know in lighttpd you could auth the entire site, but for alas, I
always balk and toss my secret stuff on really high, random ports or
just lock down to IPs.  I know, not the most secure, but it works.

Sorry for the non-help.

On 11/8/06, Cayce Balara
<rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org>
wrote:
>
> Hey folks... one more bump and then I''ll give it up, got caught
behind
> that wave of posts.
>
> Thanks.
> c.
>
> Cayce Balara wrote:
>  Bump
>
>  Sorry for bumping such an old post. I''m having trouble trying to
> execute
>  something similar. I am using the Apache::AuthenNTLM perl module for
>  NTLM authentication (mod_auth_sspi is windows-only, correct?). Below
> are
>  three configurations and my results. I appreciate any guidance anyone
>  might be able to provide.
>
>  c.
>
>
> > The following works and provides me with authentication, I have
> > REMOTE_USER and X_FORWARDED_USER available to my Rails application.
The
> > site is running straight through Apache, however, so performance is
> > sub-optimal.
> >
> > <VirtualHost *:80>
> >   ServerName demo.jaxfc401
> >   DocumentRoot /usr/local/apache2/htdocs/demo
> >   <Directory /usr/local/apache2/htdocs/demo>
> >     Options FollowSymLinks
> >     AllowOverride All
> >     Order allow,deny
> >     Allow from all
> >     PerlAuthenHandler Apache2::AuthenNTLM
> >     AuthType ntlm,basic
> >     AuthName Crowley
> >     require valid-user
> >     PerlAddVar ntdomain "CROWLEY crowleypdc jaxbdc01"
> >     PerlSetVar defaultdomain CROWLEY
> >     PerlSetVar splitdomainprefix 1
> >     PerlSetVar ntlmdebug 0
> >     PerlSetVar ntlmauthoritative off
> >     RewriteCond %{LA-U:REMOTE_USER} (.+)
> >     RewriteRule . - [E=RU:%1]
> >     RequestHeader add X-Forwarded-User %{RU}e
> >   </Directory>
> > </VirtualHost>
> >
> >
> > The following works and provides me with proxying through Mongrel,
> > peformance is excellent but no authentication occurs and as such
> > REMOTE_USER is not available to my application.
> >
> > <VirtualHost *:80>
> >   ServerName demo.jaxfc401
> >   ProxyRequests Off
> >   ProxyPass / http://jaxfc401:8000
> >   ProxyPassReverse / http://jaxfc401:8000
> >   ProxyPreserveHost on
> > </VirtualHost>
> >
> >
> > This does not work.
> >
> > <VirtualHost *:80>
> >   ServerName demo.jaxfc401
> >   ProxyRequests Off
> >   ProxyPass / http://jaxfc401:8000
> >   ProxyPassReverse / http://jaxfc401:8000
> >   ProxyPreserveHost on
> >   <Proxy *>
> >     PerlAuthenHandler Apache2::AuthenNTLM
> >     AuthType ntlm,basic
> >     AuthName Crowley
> >     require valid-user
> >     PerlAddVar ntdomain "CROWLEY crowleypdc jaxbdc01"
> >     PerlSetVar defaultdomain CROWLEY
> >     PerlSetVar splitdomainprefix 1
> >     PerlSetVar ntlmdebug 0
> >     PerlSetVar ntlmauthoritative off
> >     RewriteCond %{LA-U:REMOTE_USER} (.+)
> >     RewriteRule . - [E=RU:%1]
> >     RequestHeader add X-Forwarded-User %{RU}e
> >   </Proxy>
> > </VirtualHost>
> >
> > I get the following error with this configuration:
> >
> > Authorization Required
> > This server could not verify that you are authorized to access the
> > document requested. Either you supplied the wrong credentials (e.g.,
bad
> > password), or your browser doesn''t understand how to supply
the
> > credentials required.
>
> --
> Posted via http://www.ruby-forum.com/.
>
> >
>

-- 
Charles Brian Quinn
self-promotion: www.seebq.com
highgroove studios: www.highgroove.com
slingshot hosting: www.slingshothosting.com

--~--~---------~--~----~------------~-------~--~----~
 You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Even non-help helps, at least I can move on to other options and stop 
banging my head against this mad bugger''s wall.

thanks for the info.

c.


Charles Brian Quinn wrote:
> I never figured out how to do any of apache''s auth schemes on
anything
> other than directories.  Your mileage doesn''t look to vary on
this.
> 
> I know in lighttpd you could auth the entire site, but for alas, I
> always balk and toss my secret stuff on really high, random ports or
> just lock down to IPs.  I know, not the most secure, but it works.
> 
> Sorry for the non-help.
> 
> On 11/8/06, Cayce Balara
<rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:
>>  Sorry for bumping such an old post. I''m having trouble trying
to
>> > The following works and provides me with authentication, I have
>> >     Order allow,deny
>> >     RewriteCond %{LA-U:REMOTE_USER} (.+)
>> > <VirtualHost *:80>
>> > <VirtualHost *:80>
>> >     PerlAddVar ntdomain "CROWLEY crowleypdc jaxbdc01"
>> > I get the following error with this configuration:
>> >
>>
> 
> 
> --
> Charles Brian Quinn
> self-promotion: www.seebq.com
> highgroove studios: www.highgroove.com
> slingshot hosting: www.slingshothosting.com

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
 You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Cayce Balara wrote:
> Even non-help helps, at least I can move on to other options and stop 
> banging my head against this mad bugger''s wall.
> 
> thanks for the info.
> 
> c.
> 
> 
> Charles Brian Quinn wrote:
>> I never figured out how to do any of apache''s auth schemes on
anything
>> other than directories.  Your mileage doesn''t look to vary on
this.
>> 
>> I know in lighttpd you could auth the entire site, but for alas, I
>> always balk and toss my secret stuff on really high, random ports or
>> just lock down to IPs.  I know, not the most secure, but it works.
>> 
>> Sorry for the non-help.
>> 
>> On 11/8/06, Cayce Balara
<rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:
>>>  Sorry for bumping such an old post. I''m having trouble
trying to
>>> > The following works and provides me with authentication, I
have
>>> >     Order allow,deny
>>> >     RewriteCond %{LA-U:REMOTE_USER} (.+)
>>> > <VirtualHost *:80>
>>> > <VirtualHost *:80>
>>> >     PerlAddVar ntdomain "CROWLEY crowleypdc
jaxbdc01"
>>> > I get the following error with this configuration:
>>> >
>>>
>> 
>> 
>> --
>> Charles Brian Quinn
>> self-promotion: www.seebq.com
>> highgroove studios: www.highgroove.com
>> slingshot hosting: www.slingshothosting.com

HI,

 I am facing problem to get the authenticated user using mod_auth_sspi. 
my httpd.conf file has follwoing.


VirtualHost *:80>
  ServerAdmin adminemailid
  ServerName Portal
  DocumentRoot rootpath
  <Directory Z:/web/appname/public/ >
      AllowOverride All
      Order allow,deny
      allow from all

  </Directory>

  #Rewrite stuff
  RewriteEngine On

  RewriteCond %{LA-U:REMOTE_USER} (.+)
  RewriteRule . - [E=RU:%1]
  RequestHeader add X-Forwarded-User %{RU}e


  # Check for maintenance file and redirect all requests
  RewriteCond %{DOCUMENT_ROOT}/system/maintenance.html -f
  RewriteCond %{SCRIPT_FILENAME} !maintenance.html
  RewriteRule ^.*$ /system/maintenance.html [L]

  # Rewrite index to check for static
  #RewriteRule ^/$ /index.html [QSA]

  # Rewrite to check for Rails cached page
  #RewriteRule ^([^.]+)$ $1.html [QSA]

  # Redirect all non-static requests to cluster
  #RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME !-f
  RewriteRule ^/(.*)$ balancer://SSDEIPortal_cluster%{REQUEST_URI} 
[P,QSA,L]

  </VirtualHost>


In the above config i am using same config dicussed in this post as

  RewriteCond %{LA-U:REMOTE_USER} (.+)
  RewriteRule . - [E=RU:%1]
  RequestHeader add X-Forwarded-User %{RU}e


but still i am not getting the result.

Thanks in advance.


-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---