You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Fr...@ruv.de on 2003/10/21 18:35:27 UTC
[users@httpd] mod_proxy: problem with basic auth to backend server
Hello,
I run two servers, a public server and a restricted
server. I want the public server to act as
proxy for parts of the restricted server and
the public server to "authenticate" via
a technical user. I configured mod_proxy
on the public server as follows:
ProxyPass /test http://user:pass@restriced.server.com
ProxyPassReverse /test http://user:pass@restriced.server.com
However, when I access http://public/test I
get an basic authentication popup window.
What am I doing wrong? Any suggestions?
Regards
Frederik
--
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] mod_proxy: problem with basic auth to backend server
Posted by Joshua Slive <jo...@slive.ca>.
On Fri, 24 Oct 2003, Robert Andersson wrote:
> Yet, I am reluctant to call it a browser hack, as it is seems valid in an
> absolute URI, while it is the client's responsibility to parse and translate
> it for the scheme at hand.
Perhaps browser "hack" is a little strong. But it is something that must
be resolved at the browser. Since mod_proxy is acting as a client, it
could theoretically do that resolution. But I can't imagine any real
situations were it would be useful.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Re: {SPAM 03.1} [users@httpd] mod_proxy: problem with basic auth to backend server
Posted by Robert Andersson <ro...@profundis.nu>.
Joshua Slive wrote:
> > I used to think so myself, but it is indeed "defined" in RFC 2396:
>
> RFC2396 defines the general format for the URI. How it is applied to HTTP
> is defined in RFC 2616.
I stand corrected. I see now that it was a somewhat hasty conclusion,
triggered by someone (on this list, I think), claiming successful use of the
http://user:pass@host/ format in a Location header, and a quick (and
incomplete) glance at RFC 2616 where it said it "adopts the definitions of
[...] 'absoluteURI' [...] from [RFC 2396]".
If I would have bothered reading the following section, 3.2.2 http URL, I
would have found:
http_URL = "http:" "//" host [ ":" port ] [ abs_path [ "?" query ]]
Which, obviously, does not include any userinfo part.
Yet, I am reluctant to call it a browser hack, as it is seems valid in an
absolute URI, while it is the client's responsibility to parse and translate
it for the scheme at hand.
Regards,
Robert Andersson
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Re: {SPAM 03.1} [users@httpd] mod_proxy: problem
with basic auth to backend server
Posted by Joshua Slive <jo...@slive.ca>.
On Thu, 23 Oct 2003, Robert Andersson wrote:
> Joshua Slive wrote:
> > Putting user/pass in the URL is a browser hack. The apache proxy won't
> > support it.
>
> I used to think so myself, but it is indeed "defined" in RFC 2396:
RFC2396 defines the general format for the URI. How it is applied to HTTP
is defined in RFC 2616.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Re: {SPAM 03.1} [users@httpd] mod_proxy: problem with basic auth to backend server
Posted by Robert Andersson <ro...@profundis.nu>.
Joshua Slive wrote:
> Putting user/pass in the URL is a browser hack. The apache proxy won't
> support it.
I used to think so myself, but it is indeed "defined" in RFC 2396:
absoluteURI = scheme ":" ( hier_part | opaque_part )
hier_part = ( net_path | abs_path ) [ "?" query ]
net_path = "//" authority [ abs_path ]
authority = server | reg_name
server = [ [ userinfo "@" ] hostport ]
userinfo = *( unreserved | escaped |
";" | ":" | "&" | "=" | "+" | "$" | "," )
Granted, the format and semantics of userinfo isn't defined here.
This part is also included in the apr_uri_t structure, as the user and
password members, which in turn is used in the request_rec structure.
However, I am very sceptic about (ab)using this the way the OP wanted, as it
would introduce inconsistency.
Regards,
Robert Andersson
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Re: {SPAM 03.1} [users@httpd] mod_proxy: problem with basic auth to
backend server
Posted by Joshua Slive <jo...@slive.ca>.
On Tue, 21 Oct 2003 Frederik.Dahlke@ruv.de wrote:
> ProxyPass /test http://user:pass@restriced.server.com
> ProxyPassReverse /test http://user:pass@restriced.server.com
Putting user/pass in the URL is a browser hack. The apache proxy won't
support it.
But this really shouldn't be necessary. You can use IP-based restrictions
to allow any request from the proxy's IP address.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org