diff --git a/headers/modsecurity/transaction.h b/headers/modsecurity/transaction.h
index a21e711e..ea202088 100644
--- a/headers/modsecurity/transaction.h
+++ b/headers/modsecurity/transaction.h
@@ -626,8 +626,6 @@ class Transaction : public TransactionAnchoredVariables, public TransactionSecMa
 
     int m_secRuleEngine;
 
-    std::string m_variableRemoteUser;
-
     std::vector<std::shared_ptr<RequestBodyProcessor::MultipartPartTmpFile>> m_multipartPartTmpFiles;
 
  private:
diff --git a/src/transaction.cc b/src/transaction.cc
index 9e768809..91e1c244 100644
--- a/src/transaction.cc
+++ b/src/transaction.cc
@@ -186,7 +186,6 @@ Transaction::Transaction(ModSecurity *ms, RulesSet *rules, void *logCbData)
     m_json(NULL),
 #endif
     m_secRuleEngine(RulesSetProperties::PropertyNotSetRuleEngine),
-    m_variableRemoteUser(""),
     m_logCbData(logCbData),
     TransactionAnchoredVariables(this),
     TransactionRuleMessageManagement(this) {
@@ -252,7 +251,6 @@ Transaction::Transaction(ModSecurity *ms, RulesSet *rules, char *id, void *logCb
     m_json(NULL),
 #endif
     m_secRuleEngine(RulesSetProperties::PropertyNotSetRuleEngine),
-    m_variableRemoteUser(""),
     m_logCbData(logCbData),
     TransactionAnchoredVariables(this),
     TransactionRuleMessageManagement(this) {
@@ -1466,14 +1464,8 @@ std::string Transaction::toOldAuditLogFormatIndex(const std::string &filename,
        m_variableRequestHeaders.resolveFirst("Host").get())
         << " ";
     ss << utils::string::dash_if_empty(this->m_clientIpAddress->c_str()) << " ";
-    /** TODO: Check variable */
-    variables::RemoteUser *r = new variables::RemoteUser("REMOTE_USER");
-    VariableValues l;
-    r->evaluate(this, &l);
-    delete r;
 
-    ss << utils::string::dash_if_empty(
-        m_variableRemoteUser.c_str());
+    ss << utils::string::dash_if_empty(variables::RemoteUser::parserRemoteUser(this).first.c_str());
     ss << " ";
     /** TODO: Check variable */
     //ss << utils::string::dash_if_empty(
diff --git a/src/variables/remote_user.cc b/src/variables/remote_user.cc
index ada1d9da..aac30786 100644
--- a/src/variables/remote_user.cc
+++ b/src/variables/remote_user.cc
@@ -30,45 +30,22 @@
 #include <memory>
 
 #include "modsecurity/transaction.h"
-#include "src/utils/base64.h"
+
 
 namespace modsecurity {
 namespace variables {
 
 
+
 void RemoteUser::evaluate(Transaction *transaction,
     VariableValues *l) {
-    size_t pos;
-    std::string base64;
-    std::string header;
 
-    VariableValues l2;
-    transaction->m_variableRequestHeaders.resolve("authorization", &l2);
+    auto userName = parserRemoteUser(transaction);
+    auto var = std::make_shared<VariableValue>(
+        std::unique_ptr<std::string>(new std::string(userName.first)),
+        &m_retName);
+    var->addOrigin(userName.second);
 
-    if (l2.size() < 1) {
-        return;
-    }
-
-    header = std::string(l2.at(0)->getValue());
-
-    if (header.compare(0, 6, "Basic ") == 0) {
-        base64 = std::string(header, 6, header.length());
-    }
-
-    base64 = Utils::Base64::decode(base64);
-
-    pos = base64.find(":");
-    if (pos == std::string::npos) {
-        return;
-    }
-    transaction->m_variableRemoteUser.assign(std::string(base64, 0, pos));
-
-    const std::string name = l2[0]->getName();
-    auto var = std::make_shared<VariableValue>(&name, &transaction->m_variableRemoteUser);
-
-    for (auto &i : l2[0]->getOrigin()) {
-        var->addOrigin(i);
-    }
     l->push_back(std::move(var));
 }
 
diff --git a/src/variables/remote_user.h b/src/variables/remote_user.h
index f46f00b5..b96c61a7 100644
--- a/src/variables/remote_user.h
+++ b/src/variables/remote_user.h
@@ -23,6 +23,7 @@
 #define SRC_VARIABLES_REMOTE_USER_H_
 
 #include "src/variables/variable.h"
+#include "src/utils/base64.h"
 
 namespace modsecurity {
 
@@ -38,6 +39,38 @@ class RemoteUser : public Variable {
 
     void evaluate(Transaction *transaction,
         VariableValues *l) override;
+
+    static std::pair<std::string, VariableOrigin> parserRemoteUser(Transaction *transaction) {
+        size_t pos;
+        std::string base64;
+        std::string header;
+
+        VariableValues l2;
+        transaction->m_variableRequestHeaders.resolve("authorization", &l2);
+
+        if (l2.size() < 1) {
+            goto err;
+        }
+
+        header = std::string(l2.at(0)->getValue());
+
+        if (header.compare(0, 6, "Basic ") == 0) {
+            base64 = std::string(header, 6, header.length());
+        }
+
+        base64 = Utils::Base64::decode(base64);
+
+        pos = base64.find(":");
+        if (pos == std::string::npos) {
+            goto err;
+        }
+
+        return std::make_pair(std::string(base64, 0, pos), l2[0]->getOrigin()[0]);
+err:
+        return std::make_pair(std::string(""), VariableOrigin());
+
+    }
+
     std::string m_retName;
 };