diff options
| -rw-r--r-- | Docker/FreshRSS.Apache.conf | 6 | ||||
| -rw-r--r-- | p/.htaccess | 9 | ||||
| -rw-r--r-- | p/api/.htaccess | 3 |
3 files changed, 17 insertions, 1 deletions
diff --git a/Docker/FreshRSS.Apache.conf b/Docker/FreshRSS.Apache.conf index 5868fae40..5db17e91a 100644 --- a/Docker/FreshRSS.Apache.conf +++ b/Docker/FreshRSS.Apache.conf @@ -14,7 +14,11 @@ ErrorLog /dev/stderr RemoteIPInternalProxy 10.0.0.1/8 172.16.0.1/12 192.168.0.1/16 </IfModule> -LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined_proxy +# Default, will be overridden by p/.htaccess and p/api/.htaccess +SetEnvIfExpr "reqenv('LOG_REMOTE_USER') == ''" LOG_REMOTE_USER=- +SetEnvIfExpr "reqenv('LOG_REMOTE_USER') == '-' && reqenv('REMOTE_USER') =~ /(.+)/" LOG_REMOTE_USER=$1 + +LogFormat "%a %l %{LOG_REMOTE_USER}e %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined_proxy CustomLog "|/var/www/FreshRSS/cli/sensitive-log.sh" combined_proxy <IfDefine OIDC_ENABLED> diff --git a/p/.htaccess b/p/.htaccess index 4d2c6e52b..06790616b 100644 --- a/p/.htaccess +++ b/p/.htaccess @@ -57,3 +57,12 @@ AddDefaultCharset UTF-8 SetEnvIfExpr "%{CONN_REMOTE_ADDR} =~ /(.*)/" CONN_REMOTE_ADDR=$1 </IfModule> </IfModule> + +# Log remote user with same priority as FreshRSS_http_Util::httpAuthUser(). See also api/.htaccess +<IfModule mod_setenvif.c> + SetEnvIfExpr "reqenv('LOG_REMOTE_USER') == ''" LOG_REMOTE_USER=- + SetEnvIfExpr "reqenv('LOG_REMOTE_USER') == '-' && reqenv('REMOTE_USER') =~ /(.+)/" LOG_REMOTE_USER=$1 + SetEnvIfExpr "reqenv('LOG_REMOTE_USER') == '-' && reqenv('REDIRECT_REMOTE_USER') =~ /(.+)/" LOG_REMOTE_USER=$1 + SetEnvIfExpr "reqenv('LOG_REMOTE_USER') == '-' && req('Remote-User') =~ /(.+)/" LOG_REMOTE_USER=$1 + SetEnvIfExpr "reqenv('LOG_REMOTE_USER') == '-' && req('X-WebAuth-User') =~ /(.+)/" LOG_REMOTE_USER=$1 +</IfModule> diff --git a/p/api/.htaccess b/p/api/.htaccess index dd3df0b4f..3597751f6 100644 --- a/p/api/.htaccess +++ b/p/api/.htaccess @@ -1,9 +1,12 @@ <IfModule mod_setenvif.c> SetEnvIfNoCase "Authorization" "(.*)" HTTP_AUTHORIZATION=$1 + SetEnvIfNoCase "Authorization" "^GoogleLogin auth=([^/]+)" REMOTE_USER=$1 LOG_REMOTE_USER=$1 </IfModule> <IfModule !mod_setenvif.c> <IfModule mod_rewrite.c> RewriteEngine on RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] + RewriteCond %{HTTP:Authorization} "^GoogleLogin auth=([^/]+)" [NC] + RewriteRule .* - [E=REMOTE_USER:%1,E=LOG_REMOTE_USER:%1] </IfModule> </IfModule> |