Created attachment 23769 [details] make remote_user appear in apache access_log Apache 2.2 (with no mo_auth_* compiled) does not log remote_user in its logifles if authentication is done by tomcat only. JkEnvVar REMOTE_USER does only forward usernames from apache to tomcat but not the other way round. For audit reasons, it's wothwile to have username in the primarily logile, because '-' is logged otherwise which implies missconfiguration of tomcat. The attached patch decoeds authentication header (http basic only!) itself if it's not already done by apache, because jk_ws_service_t->remote_user is not set by tomcat to inform mod_jk likewise. But actually, I would like to have mod_jk logging the user tomcat sees, so the patch is only some kind of workaround!
This would be a protocol enhancement for AJP. You can work around the issue by using a filter that returns the user id as a response header. Response headers can be logged with mod_log_config using the %{headername}o syntax in the LogFormat. Note that a response header is sent to the client. Usually there should be no security issue in passing the user name back to the client, but in special cases it might be.