Log basic authentication username all the time

Using Anonymous basic auth with mod_auth_anon requires an Authorization header, else a 401 response will be generated.

The solution is to revert to basic HTTP auth, and using that recipe to manipulate the authorization header, and ultimately define a new request header that can be logged.

<Location /yourpath>
  # Detaint
  # RequestHeader unset X-User

  # copy incoming header
  RequestHeader set X-User "expr=%{HTTP:Authorization}"

  # Grab the base 64 part
  RequestHeader edit X-User "^Basic (.*)$" $1

  # decode it
  RequestHeader set X-User "expr=%{unbase64:%{HTTP:X-User}}"

  # split on :
  RequestHeader edit X-User "(.*):.*$" $1
</Location>

CustomLog logs/test.log "%{X-User}i"
  • No labels