Apache module doesn't set "header" variant of REMOTE_USER.
Basics
Technical
Logistics
Basics
Technical
Logistics
Description
Modules are intended to set HTTP_REMOTE_USER when headers are used, for compatibility with certain legacy scenarios. The header was "protected", so there's no security issue, but the Apache module wasn't mirroring REMOTE_USER into the header.
Modules are intended to set HTTP_REMOTE_USER when headers are used, for compatibility with certain legacy scenarios. The header was "protected", so there's no security issue, but the Apache module wasn't mirroring REMOTE_USER into the header.