You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Richard Goerwitz <Ri...@Brown.EDU> on 1998/02/09 07:39:14 UTC
mod_proxy/1785: Proxy-Authenticate code in http_protocol fails with ProxyPass and Netscape
>Number: 1785
>Category: mod_proxy
>Synopsis: Proxy-Authenticate code in http_protocol fails with ProxyPass and Netscape
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: apache
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Sun Feb 8 22:40:00 PST 1998
>Last-Modified:
>Originator: Richard_Goerwitz@Brown.EDU
>Organization:
apache
>Release: 1.2.5 (patched), 1.3.3b
>Environment:
Linux 2.0.31 + GCC 2.7.2.3 + Apache 1.2.5
>Description:
Netscape (v 4.04 and lower; higher?) does not do the right thing when it
receives a 407 Proxy authentication required response from a pass-through
proxy. Presumably this is because a pass-through proxy looks like a reg-
ular server.
>How-To-Repeat:
Turn on ProxyPass, and add a
<proxy: *>
</proxy>
section to your config files to force proxy authentication. Then try to use
the proxy server with Netscape.
>Fix:
Sure. Have yet another set of kludges. Add r->proxypassreq to http.h. Then
in modules/proxy/mod_proxy.c: proxy_trans(), change r->proxyreq to r->proxy-
req = r->proxypassreq = 1;
To the config files, add:
BrowserMatch Mozilla no-407-with-proxypass
To http_protocol.c add the following code; use similar code as needed
elsewhere:
void note_basic_auth_failure(request_rec *r)
{
char *auth_header_string = "WWW-Authenticate";
if (r->proxyreq
&& ! (r->proxypassreq
/* workaround for Netscape, which won't take error
* 407 responses from pass-through proxies */
&& table_get(r->subprocess_env, "no-407-with-proxypass")))
auth_header_string = "Proxy-Authenticate";
etc. You get the idea
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <ap...@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED. This is not done]
[automatically because of the potential for mail loops. ]