Will the "x." element always be part of the request, or are you looking to constrain the rule to requests where it is present? If it's always present, it might be simpler just to hard-code "x.%1" in your E= flag. (But if so, why do you even need it?)

What's the $ doing in the existing RegEx? Do you need to exclude requests that end in non-numeric content? In any case, it's an anchor, so it doesn't belong in the capture.

By default, based on your examples, you'd be looking at pattern:
(x\.)(?:[a-z]\.)*(\d+)
target:
%1%2

Incidentally, you probably want to constrain this rule to requests for pages, or for some specific filetype (not sure what the rule does, in the broader sense). Otherwise your server's doing a lot of work.

All 4 are dynamic as it's a SSL CN so last.middle.first.###, All I'm looking for is "last.#####"

I would try a pattern like this:

\ ([a-z]+\.)([a-z]+\.)*(\d+)$

and this target:
%1%3

That about got me close enough to where I needed. I don't know why I couldn't see the obvious, it was staring me in the face all along. Appreciate the assist!

So I got the 1st one working where if the CN=last.middle.first.#####, I get the correct result of last.####.

Now I need to figure out what to do if the CN=last.first.#### and use the same ruleset. I'm guessing an 'or' could be used but unsure how to set the target in that case. It has to be the same as above:

RequestHeader set DATA %{USER}e

I want to thank you guys again. I should have probably looked at my own solution from several years ago for the above issue, kind of funny that I forgot about it.

You may be overlooking the (blahblah)* in the middle. Personally I think it's safer with a non-capturing group for this part; then you don't have to worry about how-if-at-all Apache handles null captures. Assuming all lower-case, it's

^([a-z]+\.)(?:[a-z]+\.)*(\d+)$

leading to

%1%2

Thanks! I'll be checking this out tomorrow, I'll let you guys know!

what lucy24 said except I would still anchor it with the backsląsh-escaped leading blank.

phranque, can you point to some place that explains the exact format of the SSL_CLIENT_S_DN_CN variable? Apache and assorted other docs tell me only that the thing exists-- which I could have figured out for myself-- and that it was formerly known as SSL_CLIENT_CN. Does it have just one space in the middle, so the space-anchor is enough to eliminate ambiguity?

hammerite, be sure to remember to escape the space. (Unescaped spaces are probably the easiest lethal Apache error.)

I misread something in the OP so disregard the opening blank anchor comment.

as usual I should defer to lucy24 when it comes to regular expressions.

It worked exactly as hoped, I was so deep in the woods I couldn't think outside the trees. Thanks again everyone!

I should defer to lucy24 when it comes to regular expressions.

And I in turn defer to phranque when it comes to questions that involve actually speaking Apache, which I don't ;)

So I got this to work perfectly, and someone breaks it by inserting a space into the middle name.

last.mid dle.first.123456 ends up with a NULL value. (the space is there as the persons middle name has a hyphen in it but someone decided to create their certificate with a space, how lovely of them.)

Joy of joys!

Eeuw, yuk, you'll need to do some behind-the-scenes rewriting. Change the space to something else-- a hyphen seems the obvious candidate-- and change it back if needed. What about other possible non-alphabetics, like if the person's surname is D'Souza or O'Brien? I can't think of anything besides hyphen and apostrophe, but I'm probably overlooking something embarrassingly obvious.

Yeah the users name used to have a hyphen in it but whomever generated a new cert for them left it out and just used a space. It takes an act of god to have it recreated so I'll probably have to come up with some sort of solution for that. The main problem is what if some other person decides to do that for a hyphenated last name or a first name. good god!