diff --git a/src/Makefile.am b/src/Makefile.am
index 0a468a23..d4a9529a 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -44,6 +44,7 @@ VARIABLES = \
 	variables/env.cc \
 	variables/highest_severity.cc \
 	variables/modsec_build.cc \
+	variables/remote_user.cc \
 	variables/time.cc \
 	variables/time_day.cc \
 	variables/time_epoch.cc \
diff --git a/src/parser/seclang-parser.yy b/src/parser/seclang-parser.yy
index 2a48e773..dd80bd34 100644
--- a/src/parser/seclang-parser.yy
+++ b/src/parser/seclang-parser.yy
@@ -53,6 +53,7 @@ class Driver;
 #include "variables/env.h"
 #include "variables/highest_severity.h"
 #include "variables/modsec_build.h"
+#include "variables/remote_user.h"
 #include "variables/time_day.h"
 #include "variables/time_epoch.h"
 #include "variables/time.h"
@@ -96,6 +97,7 @@ using modsecurity::Variables::Duration;
 using modsecurity::Variables::Env;
 using modsecurity::Variables::HighestSeverity;
 using modsecurity::Variables::ModsecBuild;
+using modsecurity::Variables::RemoteUser;
 using modsecurity::Variables::Time;
 using modsecurity::Variables::TimeDay;
 using modsecurity::Variables::TimeEpoch;
@@ -227,6 +229,8 @@ using modsecurity::Variables::XML;
 %token <std::string> RUN_TIME_VAR_BLD
 %token <std::string> RUN_TIME_VAR_HSV
 
+%token <std::string> RUN_TIME_VAR_REMOTE_USER
+
 %token <std::string> RUN_TIME_VAR_TIME
 %token <std::string> RUN_TIME_VAR_TIME_DAY
 %token <std::string> RUN_TIME_VAR_TIME_EPOCH
@@ -752,6 +756,15 @@ var:
         if (!var) { var = new HighestSeverity(name); }
         $$ = var;
       }
+    | RUN_TIME_VAR_REMOTE_USER
+      {
+        std::string name($1);
+        CHECK_VARIATION_DECL
+        CHECK_VARIATION(&) { var = new Count(new RemoteUser(name)); }
+        CHECK_VARIATION(!) { var = new Exclusion(new RemoteUser(name)); }
+        if (!var) { var = new RemoteUser(name); }
+        $$ = var;
+      }
     | RUN_TIME_VAR_TIME
       {
         std::string name($1);
diff --git a/src/parser/seclang-scanner.ll b/src/parser/seclang-scanner.ll
index 8040dde6..616c8bcf 100755
--- a/src/parser/seclang-scanner.ll
+++ b/src/parser/seclang-scanner.ll
@@ -124,6 +124,7 @@ VARIABLE_COL (?i:(SESSION|GLOBAL|ARGS_POST|ARGS_GET|ARGS|FILES_SIZES|FILES_NAMES
 VARIABLE_TX (?i:TX)
 VARIABLE_WEBSERVER_ERROR_LOG (?:WEBSERVER_ERROR_LOG)
 
+RUN_TIME_VAR_REMOTE_USER  (?i:REMOTE_USER)
 RUN_TIME_VAR_DUR  (?i:DURATION)
 RUN_TIME_VAR_ENV  (?i:ENV)
 RUN_TIME_VAR_BLD  (?i:MODSEC_BUILD)
@@ -235,6 +236,7 @@ CONFIG_DIR_UNICODE_MAP_FILE (?i:SecUnicodeMapFile)
 [!&]?{VARIABLE_TX}(\:{DICT_ELEMENT})?     { BEGIN(EXPECTING_OPERATOR); return yy::seclang_parser::make_VARIABLE_TX(yytext, *driver.loc.back()); }
 [!&]?{VARIABLE_TX}(\:[\']{FREE_TEXT_QUOTE}[\'])?     { BEGIN(EXPECTING_OPERATOR); return yy::seclang_parser::make_VARIABLE_TX(yytext, *driver.loc.back()); }
 [!&]?{RUN_TIME_VAR_DUR}                      { BEGIN(EXPECTING_OPERATOR); return yy::seclang_parser::make_RUN_TIME_VAR_DUR(yytext, *driver.loc.back()); }
+[!&]?{RUN_TIME_VAR_REMOTE_USER}                      { BEGIN(EXPECTING_OPERATOR); return yy::seclang_parser::make_RUN_TIME_VAR_REMOTE_USER(yytext, *driver.loc.back()); }
 [!&]?{RUN_TIME_VAR_ENV}(\:{DICT_ELEMENT})?     { BEGIN(EXPECTING_OPERATOR); return yy::seclang_parser::make_RUN_TIME_VAR_ENV(yytext, *driver.loc.back()); }
 [!&]?{RUN_TIME_VAR_ENV}(\:[\']{FREE_TEXT_QUOTE}[\'])?     { BEGIN(EXPECTING_OPERATOR); return yy::seclang_parser::make_RUN_TIME_VAR_ENV(yytext, *driver.loc.back()); }
 [!&]?{RUN_TIME_VAR_BLD}                      { BEGIN(EXPECTING_OPERATOR); return yy::seclang_parser::make_RUN_TIME_VAR_BLD(yytext, *driver.loc.back()); }