You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Craige McWhirter <cr...@babcockbrown.com> on 2002/04/03 04:16:14 UTC

Apache Auth and ProxyPassReverse

Afternoon peoples. I'm having a little drama with getting Apache/1.3.22 
Ben-SSL/1.44 (Unix) Debian/SPARC to successfully authenticate when used in
conjunction with ProxyPassReverse.

The scenario works like this:

- users hit server-a

- server-a prompts for auth

- server-a then delivers proxy'd data from server-b as though it came
from server-a

Take out the auth and this scenario is working fine. When auth is on 
however, it prompts you forever (literally, it's just keeps prompting). 
When a correct username/password combo is entered it just pops up another 
auth window (no log entries - when you enter an incorrect username/password
is does log that though).

Below are my VirtualHost entries in the hope they shed some light:

<VirtualHost xxx.xxx.xxx.xxx>
  ServerAdmin webmaster@domain
  DocumentRoot /var/www/server-a
  ServerName server-a
  SSLCertificateFile /etc/apache-ssl/virtual/server-a.pem
  ProxyPass / http://server-b/
  ProxyPassReverse / http://server-b/
  <Directory proxy:*>
    AuthName "server-b"
    AuthType Basic                        
    AuthUserFile /var/www/htpasswd.users
    Require valid-user                  
  </Directory>
  ErrorLog /var/log/apache-ssl/server-a-error.log
  TransferLog /var/log/apache-ssl/server-a-access.log
</VirtualHost>

Here also, is my module list:

# LoadModule vhost_alias_module /usr/lib/apache/1.3/mod_vhost_alias.so
# LoadModule env_module /usr/lib/apache/1.3/mod_env.so
LoadModule config_log_module /usr/lib/apache/1.3/mod_log_config_ssl.so
# LoadModule mime_magic_module /usr/lib/apache/1.3/mod_mime_magic.so
LoadModule mime_module /usr/lib/apache/1.3/mod_mime_ssl.so
LoadModule negotiation_module /usr/lib/apache/1.3/mod_negotiation.so
LoadModule status_module /usr/lib/apache/1.3/mod_status.so
# LoadModule info_module /usr/lib/apache/1.3/mod_info.so
# LoadModule includes_module /usr/lib/apache/1.3/mod_include.so
LoadModule autoindex_module /usr/lib/apache/1.3/mod_autoindex.so
LoadModule dir_module /usr/lib/apache/1.3/mod_dir.so
LoadModule cgi_module /usr/lib/apache/1.3/mod_cgi.so
# LoadModule asis_module /usr/lib/apache/1.3/mod_asis.so
# LoadModule imap_module /usr/lib/apache/1.3/mod_imap.so
# LoadModule action_module /usr/lib/apache/1.3/mod_actions.so
# LoadModule speling_module /usr/lib/apache/1.3/mod_speling.so
LoadModule userdir_module /usr/lib/apache/1.3/mod_userdir.so
LoadModule alias_module /usr/lib/apache/1.3/mod_alias.so
# LoadModule rewrite_module /usr/lib/apache/1.3/mod_rewrite.so
LoadModule access_module /usr/lib/apache/1.3/mod_access.so
LoadModule auth_module /usr/lib/apache/1.3/mod_auth_ssl.so
# LoadModule anon_auth_module /usr/lib/apache/1.3/mod_auth_anon.so
# LoadModule dbm_auth_module /usr/lib/apache/1.3/mod_auth_dbm.so
# LoadModule db_auth_module /usr/lib/apache/1.3/mod_auth_db.so
LoadModule proxy_module /usr/lib/apache/1.3/libproxy.so
# LoadModule digest_module /usr/lib/apache/1.3/mod_digest.so
# LoadModule cern_meta_module /usr/lib/apache/1.3/mod_cern_meta.so
LoadModule expires_module /usr/lib/apache/1.3/mod_expires.so
# LoadModule headers_module /usr/lib/apache/1.3/mod_headers.so
# LoadModule usertrack_module /usr/lib/apache/1.3/mod_usertrack.so
LoadModule unique_id_module /usr/lib/apache/1.3/mod_unique_id.so
LoadModule setenvif_module /usr/lib/apache/1.3/mod_setenvif.so
# LoadModule sys_auth_module /usr/lib/apache/1.3/mod_auth_sys.so
# LoadModule put_module /usr/lib/apache/1.3/mod_put.so
# LoadModule throttle_module /usr/lib/apache/1.3/mod_throttle.so
LoadModule apache_ssl_module /usr/lib/apache/1.3/libssl.so
# LoadModule allowdev_module /usr/lib/apache/1.3/mod_allowdev.so
# LoadModule auth_mysql_module /usr/lib/apache/1.3/mod_auth_mysql.so
# LoadModule pgsql_auth_module /usr/lib/apache/1.3/mod_auth_pgsql.so
# LoadModule eaccess_module /usr/lib/apache/1.3/mod_eaccess.so
# LoadModule php4_module /usr/lib/apache/1.3/libphp4.so
# LoadModule roaming_module /usr/lib/apache/1.3/mod_roaming.so

Neither Googling, the docs or the FAQ have helped me resolve this one. 
I'm sure someone has been down this road before and can shed some 
light for me.

-- 

Cheers,
      Craige,

Re: Apache Auth and ProxyPassReverse

Posted by Irmund Thum <it...@it97.dyn.dhs.org>.

Craige McWhirter wrote:

ng_module /usr/lib/apache/1.3/mod_roaming.so
> 
> Neither Googling, the docs or the FAQ have helped me resolve this one. 
> I'm sure someone has been down this road before and can shed some 
> light for me.

This phenomen I had when chaining Netscape Proxies including ICP 
routing. For those proxies you have to tell the receiving one a list 
with IP-adresses or - if DNS is on - you can use a regular expression.
For Apache you may try the NoProxy directive with the ip-adresses...

-- 
_ ___
|  |  Irmund    Thum
|  |

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Apache Auth and ProxyPassReverse

Posted by Joshua Slive <jo...@slive.ca>.

On Tue, 2 Apr 2002, Craige McWhirter wrote:

> Afternoon peoples. I'm having a little drama with getting Apache/1.3.22
> Ben-SSL/1.44 (Unix) Debian/SPARC to successfully authenticate when used
> in
> conjunction with ProxyPassReverse.
>
> <VirtualHost xxx.xxx.xxx.xxx>
>   ProxyPass / http://server-b/
>   ProxyPassReverse / http://server-b/
>   <Directory proxy:*>
>     AuthName "server-b"
>     AuthType Basic
>     AuthUserFile /var/www/htpasswd.users
>     Require valid-user
>   </Directory>
> </VirtualHost>

My guess (and it is only a guess) is that apache is asking for "proxy
authentication" which is different from normal basic auth.  Why don't you
try putting the auth directives inside a <Location /> rather than inside
the <Directory proxy:*>.

Joshua.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: running out of file descriptors w/ 1.3.12

Posted by Pietro Cagnoni <pc...@mclink.net>.

Sean Proctor wrote:
 > the server my site is hosted on is running Apache/1.3.12 (Unix)
 > mod_perl/1.24 ApacheJServ/1.1.2 on Solaris 8 (according to netcraft).
 > the server tells me it's SunOS 5.8 when I log in, perhaps netcraft
 > is confused.  Anyway, my problem is that ever week or two the server
 > runs out of file descriptors and I have to ask the webmaster to restart
 > the server.  he said he wrote a script to quadruple the number of file
 > descriptors, but the problem persists.  the site is www.psa.neu.edu.
 > He blames it on my page which I believe is the only one using SSI
 > and virtual includes.  Has anyone experienced this problem and know
 > the cause and hopefully a solution?
 >
 > thanks, Sean

if JServ means java, remember the java garbage collector does NOT work
for file descriptors (the memory area the file descriptor written in is 
freed, but the file is NOT guaranteed to be closed).

anything based on cgi can't be involved, because it's a separate process.

mod_perl could be guilty too, but it's more difficult to leave open 
files because of how the garbage collector works.

the quick and dirty solution is decrease MaxRequestsPerChild.

hope it helps.

pietro.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: running out of file descriptors w/ 1.3.12

Posted by Bill -Sx- Jones <sn...@mac.com>.

> Solaris 8 (according to netcraft).  the server tells me it's SunOS 5.8
> when I log in, perhaps netcraft is confused.

BTW -

Solaris 8 and SunOS 5.8 are the same :)

-Sx-  :] 
My new personal quote:
Be alert!  The world needs more Lerts!  :)



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

running out of file descriptors w/ 1.3.12

Posted by Sean Proctor <sp...@ccs.neu.edu>.

the server my site is hosted on is running Apache/1.3.12
(Unix) mod_perl/1.24 ApacheJServ/1.1.2 on Solaris 8 (according to
netcraft).  the server tells me it's SunOS 5.8 when I log in, perhaps
netcraft is confused.  Anyway, my problem is that ever week or two the
server runs out of file descriptors and I have to ask the webmaster to
restart the server.  he said he wrote a script to quadruple the number of
file descriptors, but the problem persists.  the site is
www.psa.neu.edu.  He blames it on my page which I believe is the only one
using SSI and virtual includes.  Has anyone experienced this problem and
know the cause and hopefully a solution?

thanks,
Sean



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org