How do I pass the HTTP username from Apache to Mongrel/Rails?

Question

The goal: running a Rails application on Mongrels, allowing access through Apache after doing basic HTTP Authentication

The problem: reading the supplied username from within Rails

Apache:

<Proxy balancer://mongrel_cluster>
 BalancerMember http://127.0.0.1:4001
 # ...

 Order deny,allow
 Deny from all

 AuthType Basic
 AuthName "<realm>"
 AuthUserFile "<users-file>"
 AuthGroupFile "<groups-file>"
 Require group <group>

 Satisfy Any
</Proxy>

RewriteEngine On
# ...
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule ^/(.*)$ balancer://mongrel_cluster%{REQUEST_URI} [P,QSA,L]

That works just fine, Apache forces the user to authenticate and forwards to Rails if successful. I omitted a few lines for handling static files and such, and triggering authentication for them as well.

The environment variables from Rails' perspective contain the usual entries and additionally HTTP_X_FORWARDED_HOST, HTTP_X_FORWARDED_SERVER and HTTP_X_FORWARDED_FOR. I was unable to pass custom environment variables by adding them to the rewrite rule:

RewriteRule ... [P,QSA,L,E=foo:bar]

Any thoughts?

Answer 1

Try using the RequestHeader directive to put REMOTE_USER in an HTTP header. This seems to have worked for the folks in this thread:

RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule . - [E=RU:%1]
RequestHeader add X-Forwarded-User %{RU}e