On Jun 29, 2011, at 12:21 PM, Nate Coraor wrote:

Leandro Hermida wrote:
Hi Shantanu,

In your Apache configuration exactly how did you set up an anonymous
REMOTE_USER just for specific locations like the /datasets/ path?  I'm just
looking at the Apache docs and the RequestHeader directive has a context of
the entire VirtualHost and cannot be put into a Location container so I'm
not sure how to do it.

Hi Leandro,

See the optional 'env=' argument and docs on the same for ways to make
RequestHeader conditional:

   http://httpd.apache.org/docs/current/mod/mod_headers.html#requestheader

So, depending on the path accessed, you should be able to have
mod_rewrite set an environment variable specifying which REMOTE_USER
(real username or fake anonymouse user) should be set.

You could also just set it as the anonymous user to start with and then
use 'RequestHeader set' to overwrite it with the real username in the
case that a real username is available.

This is all just from glancing at the docs, though, I have not tried any
of it out, and this sort of Apache trickery is always difficult to get
right.

--nate



Leandro,

The RequestHeader has a context of 'directory' as well, which includes <Directory>, <Location>, <Files>, and <Proxy> containers [1]. So you should be able to use it in Location directive.  

Following is a configuration snippet related to what Nate described in his earlier response. We are setting REMOTE_USER variable to anonymous when it's not set/empty. 
        <Location ~ "/(datasets|history)/">
                AuthType shibboleth
                ShibRequireSession off
                Require shibboleth
                RewriteCond %{LA-U:REMOTE_USER} =""
                RequestHeader set REMOTE_USER "anonymous"
        </Location>

Hope this helps.


1. http://httpd.apache.org/docs/current/mod/directive-dict.html#Context 

--
Shantanu.