You are viewing a plain text version of this content. The canonical link for it is here.

Posted to apache-bugdb@apache.org by Richard Goerwitz <Ri...@Brown.EDU> on 1998/02/09 07:39:14 UTC

mod_proxy/1785: Proxy-Authenticate code in http_protocol fails with ProxyPass and Netscape

>Number:         1785
>Category:       mod_proxy
>Synopsis:       Proxy-Authenticate code in http_protocol fails with ProxyPass and Netscape
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Sun Feb  8 22:40:00 PST 1998
>Last-Modified:
>Originator:     Richard_Goerwitz@Brown.EDU
>Organization:
apache
>Release:        1.2.5 (patched), 1.3.3b
>Environment:
Linux 2.0.31 + GCC 2.7.2.3 + Apache 1.2.5
>Description:
Netscape (v 4.04 and lower; higher?) does not do the right thing when it
receives a 407 Proxy authentication required response from a pass-through
proxy.  Presumably this is because a pass-through proxy looks like a reg-
ular server.
>How-To-Repeat:
Turn on ProxyPass, and add a
<proxy: *>
</proxy>
section to your config files to force proxy authentication.  Then try to use
the proxy server with Netscape.
>Fix:
Sure.  Have yet another set of kludges.  Add r->proxypassreq to http.h.  Then
in modules/proxy/mod_proxy.c: proxy_trans(), change r->proxyreq to r->proxy-
req = r->proxypassreq = 1;

To the config files, add:

BrowserMatch Mozilla no-407-with-proxypass

To http_protocol.c add the following code; use similar code as needed
elsewhere:

void note_basic_auth_failure(request_rec *r)
{
    char *auth_header_string = "WWW-Authenticate";

    if (r->proxyreq
          && ! (r->proxypassreq
                /* workaround for Netscape, which won't take error
                 * 407 responses from pass-through proxies */
                && table_get(r->subprocess_env, "no-407-with-proxypass")))
        auth_header_string = "Proxy-Authenticate";

etc.  You get the idea
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <ap...@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]