You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Jeff Cohen <su...@gej-it.com> on 2003/07/16 14:01:25 UTC

RE: [users@httpd] ??: [users@httpd]2.0.46 proxy digest auth cannot access https server

Not sure that it would help but try it:
Replace AuthDigestFile /usr/local/apache246/conf/digest
With AuthUsertFile /usr/local/apache246/conf/digest

All the best,
Jeff Cohen
Support@GEJ-IT.com
Tel. (416) 917-2324
www.GEJ-IT.com
GEJ-IT Networks!



> -----Original Message-----
> From: Jiang_Chang@trendmicro.com.cn [mailto:Jiang_Chang@trendmicro.com.cn]
> Sent: Wednesday, July 16, 2003 2:07 AM
> To: users@httpd.apache.org
> Subject: [users@httpd] ??: [users@httpd]2.0.46 proxy digest auth cannot access
> https server
> 
> Thanks Jeff,
> I tried it,changed my config as below:
> ---------------------------
> <IfModule mod_proxy.c>
> ProxyRequests On
> AllowCONNECT 443 2443
> <Proxy *>
> allowoverride authconfig
> AuthType Digest
> AuthName "digest"
> AuthDigestFile /usr/local/apache246/conf/digest
> require valid-user
>     Order allow,deny
>     Allow from all .example.com
> </Proxy>
> ProxyVia On
> </IfModule>
> ---------------------------
> But error still there.
> When I use basic auth, I can access any website,
> but when I use digest auth,I cannot access any https website.
> BTW,this is my config cmd before compile it:
>  ./configure --prefix=/usr/local/apache246 --enable-auth-anon --enable-auth-
> digest --enable-proxy --enable-proxy-connect --enable-proxy-ftp --enable-proxy-
> http --enable-ssl --enable-cache --enable-disk-cache --enable-file-cache
> Is it anything wrong?
> 
> Thanks.
> 
> 
> -----原始邮件-----
> 发件人: Jeff Cohen [mailto:support@gej-it.com]
> 发送时间: 2003年7月15日 21:41
> 收件人: users@httpd.apache.org
> 主题: RE: [users@httpd]2.0.46 proxy digest auth cannot access https server
> 
> 
> 1. Remove followsymlinks from the Options
> 2. Add: AllowCONNECT 443
> Ref. http://httpd.apache.org/docs-2.0/mod/mod_proxy.html#allowconnect
> 
> All the best,
> Jeff Cohen
> Support@GEJ-IT.com
> Tel. (416) 917-2324
> www.GEJ-IT.com
> GEJ-IT Networks!
> 
> 
> -----Original Message-----
> From: Jiang_Chang@trendmicro.com.cn [mailto:Jiang_Chang@trendmicro.com.cn]
> Sent: Tuesday, July 15, 2003 5:41 AM
> To: users@httpd.apache.org
> Subject: [users@httpd]2.0.46 proxy digest auth cannot access https server
> 
> Hi,
> I compiled and setuped Apache2.0.46 on Win2k server,Redhat7.2 and Solaris9.
> I used them as proxy servers.
> I configed basic authentication and digest authentication on these proxy.
> I can access http website through any of these proxy,I can also access https
> website through basic auth proxy.
> But I cannot access https://* through digest auth proxy on any platform.
> Who can help me?If this's a bug in Apache2.0.46?
> 
> -------------------
> this is access_log
> 10.9.8.9 - - [15/Jul/2003:11:34:33 -0800] "CONNECT cn-qafs:443 HTTP/1.0" 407
> 519
> 10.9.8.9 - tester [15/Jul/2003:11:34:33 -0800] "CONNECT cn-qafs:443
> HTTP/1.0" 400 330
> 10.9.8.9 - - [15/Jul/2003:11:34:36 -0800] "CONNECT cn-qafs:443 HTTP/1.0" 407
> 519
> 10.9.8.9 - tester [15/Jul/2003:11:34:36 -0800] "CONNECT cn-qafs:443
> HTTP/1.0" 400 330
> 10.9.8.9 - - [15/Jul/2003:11:34:40 -0800] "CONNECT cn-qafs:443 HTTP/1.0" 407
> 519
> 10.9.8.9 - tester [15/Jul/2003:11:34:40 -0800] "CONNECT cn-qafs:443
> HTTP/1.0" 400 330
> 10.9.8.9 - - [15/Jul/2003:11:34:42 -0800] "CONNECT cn-qafs:443 HTTP/1.0" 407
> 519
> 10.9.8.9 - tester [15/Jul/2003:11:34:42 -0800] "CONNECT cn-qafs:443
> HTTP/1.0" 400 330
> 
> 
> and error_log:
> [Tue Jul 15 11:34:33 2003] [error] [client 10.9.8.9] Digest: uri mismatch -
> </> does not match request-uri <76dc2960acd64a5Host>
> [Tue Jul 15 11:34:36 2003] [error] [client 10.9.8.9] Digest: uri mismatch -
> </> does not match request-uri <92ce>
> [Tue Jul 15 11:34:40 2003] [error] [client 10.9.8.9] Digest: uri mismatch -
> </> does not match request-uri <3151>
> [Tue Jul 15 11:34:42 2003] [error] [client 10.9.8.9] Digest: uri mismatch -
> </> does not match request-uri <76dc2960acd64a5Host>
> --------------------
> 
> below is part config file of a digest auth server:
> ---------------
> <IfModule mod_proxy.c>
> ProxyRequests On
> <Proxy *>
> options indexes followsymlinks
> allowoverride authconfig
> AuthType Digest
> AuthName "digest"
> AuthDigestFile /usr/local/apache246/conf/digest
> require valid-user
>     Order allow,deny
>     Allow from all .example.com
> </Proxy>
> 
> ProxyVia On
> 
> #
> # To enable the cache as well, edit and uncomment the following lines:
> # (no cacheing without CacheRoot)
> #
> #CacheRoot "/usr/local/apache246/proxy"
> #CacheSize 5
> #CacheGcInterval 4
> #CacheMaxExpire 24
> #CacheLastModifiedFactor 0.1
> #CacheDefaultExpire 1
> #NoCache a-domain.com another-domain.edu joes.garage-sale.com
> 
> </IfModule>
> # End of proxy directives.
> -----------------
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org