You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Ji...@trendmicro.com.cn on 2003/07/16 08:06:38 UTC
[users@httpd] 答复: [users@httpd]2.0.46 proxy digest auth cannot access https server
Thanks Jeff,
I tried it,changed my config as below:
---------------------------
<IfModule mod_proxy.c>
ProxyRequests On
AllowCONNECT 443 2443
<Proxy *>
allowoverride authconfig
AuthType Digest
AuthName "digest"
AuthDigestFile /usr/local/apache246/conf/digest
require valid-user
Order allow,deny
Allow from all .example.com
</Proxy>
ProxyVia On
</IfModule>
---------------------------
But error still there.
When I use basic auth, I can access any website,
but when I use digest auth,I cannot access any https website.
BTW,this is my config cmd before compile it:
./configure --prefix=/usr/local/apache246 --enable-auth-anon --enable-auth-digest --enable-proxy --enable-proxy-connect --enable-proxy-ftp --enable-proxy-http --enable-ssl --enable-cache --enable-disk-cache --enable-file-cache
Is it anything wrong?
Thanks.
-----原始邮件-----
发件人: Jeff Cohen [mailto:support@gej-it.com]
发送时间: 2003年7月15日 21:41
收件人: users@httpd.apache.org
主题: RE: [users@httpd]2.0.46 proxy digest auth cannot access https server
1. Remove followsymlinks from the Options
2. Add: AllowCONNECT 443
Ref. http://httpd.apache.org/docs-2.0/mod/mod_proxy.html#allowconnect
All the best,
Jeff Cohen
Support@GEJ-IT.com
Tel. (416) 917-2324
www.GEJ-IT.com
GEJ-IT Networks!
-----Original Message-----
From: Jiang_Chang@trendmicro.com.cn [mailto:Jiang_Chang@trendmicro.com.cn]
Sent: Tuesday, July 15, 2003 5:41 AM
To: users@httpd.apache.org
Subject: [users@httpd]2.0.46 proxy digest auth cannot access https server
Hi,
I compiled and setuped Apache2.0.46 on Win2k server,Redhat7.2 and Solaris9.
I used them as proxy servers.
I configed basic authentication and digest authentication on these proxy.
I can access http website through any of these proxy,I can also access https
website through basic auth proxy.
But I cannot access https://* through digest auth proxy on any platform.
Who can help me?If this's a bug in Apache2.0.46?
-------------------
this is access_log
10.9.8.9 - - [15/Jul/2003:11:34:33 -0800] "CONNECT cn-qafs:443 HTTP/1.0" 407
519
10.9.8.9 - tester [15/Jul/2003:11:34:33 -0800] "CONNECT cn-qafs:443
HTTP/1.0" 400 330
10.9.8.9 - - [15/Jul/2003:11:34:36 -0800] "CONNECT cn-qafs:443 HTTP/1.0" 407
519
10.9.8.9 - tester [15/Jul/2003:11:34:36 -0800] "CONNECT cn-qafs:443
HTTP/1.0" 400 330
10.9.8.9 - - [15/Jul/2003:11:34:40 -0800] "CONNECT cn-qafs:443 HTTP/1.0" 407
519
10.9.8.9 - tester [15/Jul/2003:11:34:40 -0800] "CONNECT cn-qafs:443
HTTP/1.0" 400 330
10.9.8.9 - - [15/Jul/2003:11:34:42 -0800] "CONNECT cn-qafs:443 HTTP/1.0" 407
519
10.9.8.9 - tester [15/Jul/2003:11:34:42 -0800] "CONNECT cn-qafs:443
HTTP/1.0" 400 330
and error_log:
[Tue Jul 15 11:34:33 2003] [error] [client 10.9.8.9] Digest: uri mismatch -
</> does not match request-uri <76dc2960acd64a5Host>
[Tue Jul 15 11:34:36 2003] [error] [client 10.9.8.9] Digest: uri mismatch -
</> does not match request-uri <92ce>
[Tue Jul 15 11:34:40 2003] [error] [client 10.9.8.9] Digest: uri mismatch -
</> does not match request-uri <3151>
[Tue Jul 15 11:34:42 2003] [error] [client 10.9.8.9] Digest: uri mismatch -
</> does not match request-uri <76dc2960acd64a5Host>
--------------------
below is part config file of a digest auth server:
---------------
<IfModule mod_proxy.c>
ProxyRequests On
<Proxy *>
options indexes followsymlinks
allowoverride authconfig
AuthType Digest
AuthName "digest"
AuthDigestFile /usr/local/apache246/conf/digest
require valid-user
Order allow,deny
Allow from all .example.com
</Proxy>
ProxyVia On
#
# To enable the cache as well, edit and uncomment the following lines:
# (no cacheing without CacheRoot)
#
#CacheRoot "/usr/local/apache246/proxy"
#CacheSize 5
#CacheGcInterval 4
#CacheMaxExpire 24
#CacheLastModifiedFactor 0.1
#CacheDefaultExpire 1
#NoCache a-domain.com another-domain.edu joes.garage-sale.com
</IfModule>
# End of proxy directives.
-----------------
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] ??: [users@httpd]2.0.46 proxy digest auth cannot access https server
Posted by Jeff Cohen <su...@gej-it.com>.
Not sure that it would help but try it:
Replace AuthDigestFile /usr/local/apache246/conf/digest
With AuthUsertFile /usr/local/apache246/conf/digest
All the best,
Jeff Cohen
Support@GEJ-IT.com
Tel. (416) 917-2324
www.GEJ-IT.com
GEJ-IT Networks!
> -----Original Message-----
> From: Jiang_Chang@trendmicro.com.cn [mailto:Jiang_Chang@trendmicro.com.cn]
> Sent: Wednesday, July 16, 2003 2:07 AM
> To: users@httpd.apache.org
> Subject: [users@httpd] ??: [users@httpd]2.0.46 proxy digest auth cannot access
> https server
>
> Thanks Jeff,
> I tried it,changed my config as below:
> ---------------------------
> <IfModule mod_proxy.c>
> ProxyRequests On
> AllowCONNECT 443 2443
> <Proxy *>
> allowoverride authconfig
> AuthType Digest
> AuthName "digest"
> AuthDigestFile /usr/local/apache246/conf/digest
> require valid-user
> Order allow,deny
> Allow from all .example.com
> </Proxy>
> ProxyVia On
> </IfModule>
> ---------------------------
> But error still there.
> When I use basic auth, I can access any website,
> but when I use digest auth,I cannot access any https website.
> BTW,this is my config cmd before compile it:
> ./configure --prefix=/usr/local/apache246 --enable-auth-anon --enable-auth-
> digest --enable-proxy --enable-proxy-connect --enable-proxy-ftp --enable-proxy-
> http --enable-ssl --enable-cache --enable-disk-cache --enable-file-cache
> Is it anything wrong?
>
> Thanks.
>
>
> -----原始邮件-----
> 发件人: Jeff Cohen [mailto:support@gej-it.com]
> 发送时间: 2003年7月15日 21:41
> 收件人: users@httpd.apache.org
> 主题: RE: [users@httpd]2.0.46 proxy digest auth cannot access https server
>
>
> 1. Remove followsymlinks from the Options
> 2. Add: AllowCONNECT 443
> Ref. http://httpd.apache.org/docs-2.0/mod/mod_proxy.html#allowconnect
>
> All the best,
> Jeff Cohen
> Support@GEJ-IT.com
> Tel. (416) 917-2324
> www.GEJ-IT.com
> GEJ-IT Networks!
>
>
> -----Original Message-----
> From: Jiang_Chang@trendmicro.com.cn [mailto:Jiang_Chang@trendmicro.com.cn]
> Sent: Tuesday, July 15, 2003 5:41 AM
> To: users@httpd.apache.org
> Subject: [users@httpd]2.0.46 proxy digest auth cannot access https server
>
> Hi,
> I compiled and setuped Apache2.0.46 on Win2k server,Redhat7.2 and Solaris9.
> I used them as proxy servers.
> I configed basic authentication and digest authentication on these proxy.
> I can access http website through any of these proxy,I can also access https
> website through basic auth proxy.
> But I cannot access https://* through digest auth proxy on any platform.
> Who can help me?If this's a bug in Apache2.0.46?
>
> -------------------
> this is access_log
> 10.9.8.9 - - [15/Jul/2003:11:34:33 -0800] "CONNECT cn-qafs:443 HTTP/1.0" 407
> 519
> 10.9.8.9 - tester [15/Jul/2003:11:34:33 -0800] "CONNECT cn-qafs:443
> HTTP/1.0" 400 330
> 10.9.8.9 - - [15/Jul/2003:11:34:36 -0800] "CONNECT cn-qafs:443 HTTP/1.0" 407
> 519
> 10.9.8.9 - tester [15/Jul/2003:11:34:36 -0800] "CONNECT cn-qafs:443
> HTTP/1.0" 400 330
> 10.9.8.9 - - [15/Jul/2003:11:34:40 -0800] "CONNECT cn-qafs:443 HTTP/1.0" 407
> 519
> 10.9.8.9 - tester [15/Jul/2003:11:34:40 -0800] "CONNECT cn-qafs:443
> HTTP/1.0" 400 330
> 10.9.8.9 - - [15/Jul/2003:11:34:42 -0800] "CONNECT cn-qafs:443 HTTP/1.0" 407
> 519
> 10.9.8.9 - tester [15/Jul/2003:11:34:42 -0800] "CONNECT cn-qafs:443
> HTTP/1.0" 400 330
>
>
> and error_log:
> [Tue Jul 15 11:34:33 2003] [error] [client 10.9.8.9] Digest: uri mismatch -
> </> does not match request-uri <76dc2960acd64a5Host>
> [Tue Jul 15 11:34:36 2003] [error] [client 10.9.8.9] Digest: uri mismatch -
> </> does not match request-uri <92ce>
> [Tue Jul 15 11:34:40 2003] [error] [client 10.9.8.9] Digest: uri mismatch -
> </> does not match request-uri <3151>
> [Tue Jul 15 11:34:42 2003] [error] [client 10.9.8.9] Digest: uri mismatch -
> </> does not match request-uri <76dc2960acd64a5Host>
> --------------------
>
> below is part config file of a digest auth server:
> ---------------
> <IfModule mod_proxy.c>
> ProxyRequests On
> <Proxy *>
> options indexes followsymlinks
> allowoverride authconfig
> AuthType Digest
> AuthName "digest"
> AuthDigestFile /usr/local/apache246/conf/digest
> require valid-user
> Order allow,deny
> Allow from all .example.com
> </Proxy>
>
> ProxyVia On
>
> #
> # To enable the cache as well, edit and uncomment the following lines:
> # (no cacheing without CacheRoot)
> #
> #CacheRoot "/usr/local/apache246/proxy"
> #CacheSize 5
> #CacheGcInterval 4
> #CacheMaxExpire 24
> #CacheLastModifiedFactor 0.1
> #CacheDefaultExpire 1
> #NoCache a-domain.com another-domain.edu joes.garage-sale.com
>
> </IfModule>
> # End of proxy directives.
> -----------------
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org