You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Yungwei Chen <yu...@resolvity.com> on 2009/11/13 17:00:05 UTC
[users@httpd] Authenticate each user once for multiple applications
Hi,
I have a reverse proxy server that forwards to requests to an internal apache server. Here's the configuration on how the reverse proxy server works.
<Location /rpt >
Order Deny,Allow
Deny from all
Allow from ...
ProxyPass https://111.111.111.111/rpt
ProxyPassReverse https://111.111.111.111/rpt
ProxyPassReverseCookieDomain 111.111.111.111 100.100.100.100
AuthName "Restricted Access"
AuthType Basic
AuthUserFile /etc/httpd/passwd/htpasswd.users
Require valid-user
</Location>
Then I added the following to the same conf file on the reverse proxy server for another application.
I first accessed the rpt application in a web browser, and then I was asked to enter id and password as expected.
Then I hit rpt2 in the same browser session, and then I was asked to enter id and password again.
My question is: How can I tell the reverse proxy server to authenticate each user just once in this case?
<Location /rpt2 >
Order Deny,Allow
Deny from all
Allow from ...
ProxyPass https://111.111.111.111/rpt2
ProxyPassReverse https://111.111.111.111/rpt2
ProxyPassReverseCookieDomain 111.111.111.111 100.100.100.100
AuthName "Restricted Access"
AuthType Basic
AuthUserFile /etc/httpd/passwd/htpasswd.users
Require valid-user
</Location>
Thanks.
[users@httpd] RE: Authenticate each user once for multiple applications
Posted by Yungwei Chen <yu...@resolvity.com>.
I just found that using the same value of AuthName for each application seems to solve my problem. Is it the right way to go?
From: Yungwei Chen [mailto:yungwei@resolvity.com]
Sent: Friday, November 13, 2009 10:00 AM
To: users@httpd.apache.org
Subject: [users@httpd] Authenticate each user once for multiple applications
Hi,
I have a reverse proxy server that forwards to requests to an internal apache server. Here's the configuration on how the reverse proxy server works.
<Location /rpt >
Order Deny,Allow
Deny from all
Allow from ...
ProxyPass https://111.111.111.111/rpt
ProxyPassReverse https://111.111.111.111/rpt
ProxyPassReverseCookieDomain 111.111.111.111 100.100.100.100
AuthName "Restricted Access"
AuthType Basic
AuthUserFile /etc/httpd/passwd/htpasswd.users
Require valid-user
</Location>
Then I added the following to the same conf file on the reverse proxy server for another application.
I first accessed the rpt application in a web browser, and then I was asked to enter id and password as expected.
Then I hit rpt2 in the same browser session, and then I was asked to enter id and password again.
My question is: How can I tell the reverse proxy server to authenticate each user just once in this case?
<Location /rpt2 >
Order Deny,Allow
Deny from all
Allow from ...
ProxyPass https://111.111.111.111/rpt2
ProxyPassReverse https://111.111.111.111/rpt2
ProxyPassReverseCookieDomain 111.111.111.111 100.100.100.100
AuthName "Restricted Access"
AuthType Basic
AuthUserFile /etc/httpd/passwd/htpasswd.users
Require valid-user
</Location>
Thanks.
Re: [users@httpd] Authenticate each user once for multiple
applications
Posted by Peter Schober <pe...@univie.ac.at>.
* Yungwei Chen <yu...@resolvity.com> [2009-11-13 17:39]:
> The proxy server also needs to forward some requests (/nagios) to
> another internal apache server. Any suggestions in this case?
Exclude those from the proxy pass?
-peter
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Authenticate each user once for multiple
applications
Posted by Yungwei Chen <yu...@resolvity.com>.
The proxy server also needs to forward some requests (/nagios) to another internal apache server. Any suggestions in this case?
-----Original Message-----
From: Peter Schober [mailto:peter.schober@univie.ac.at]
Sent: Friday, November 13, 2009 10:18 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Authenticate each user once for multiple applications
* Yungwei Chen <yu...@resolvity.com> [2009-11-13 17:00]:
> <Location /rpt >
> Order Deny,Allow
> Deny from all
> Allow from ...
> ProxyPass https://111.111.111.111/rpt
> ProxyPassReverse https://111.111.111.111/rpt
> ProxyPassReverseCookieDomain 111.111.111.111 100.100.100.100
> AuthName "Restricted Access"
> AuthType Basic
> AuthUserFile /etc/httpd/passwd/htpasswd.users
> Require valid-user
> </Location>
[...]
> <Location /rpt2 >
> Order Deny,Allow
> Deny from all
> Allow from ...
> ProxyPass https://111.111.111.111/rpt2
> ProxyPassReverse https://111.111.111.111/rpt2
> ProxyPassReverseCookieDomain 111.111.111.111 100.100.100.100
> AuthName "Restricted Access"
> AuthType Basic
> AuthUserFile /etc/httpd/passwd/htpasswd.users
> Require valid-user
> </Location>
If this indeed is representative of your site's structure you could
simply have one <Location /foo> (or just '/') proxying to
https://111.111.111.111/ and you should be able to access /foo/rpt,
/foo/rpt2. etc.
-peter
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Authenticate each user once for multiple
applications
Posted by Peter Schober <pe...@univie.ac.at>.
* Yungwei Chen <yu...@resolvity.com> [2009-11-13 17:00]:
> <Location /rpt >
> Order Deny,Allow
> Deny from all
> Allow from ...
> ProxyPass https://111.111.111.111/rpt
> ProxyPassReverse https://111.111.111.111/rpt
> ProxyPassReverseCookieDomain 111.111.111.111 100.100.100.100
> AuthName "Restricted Access"
> AuthType Basic
> AuthUserFile /etc/httpd/passwd/htpasswd.users
> Require valid-user
> </Location>
[...]
> <Location /rpt2 >
> Order Deny,Allow
> Deny from all
> Allow from ...
> ProxyPass https://111.111.111.111/rpt2
> ProxyPassReverse https://111.111.111.111/rpt2
> ProxyPassReverseCookieDomain 111.111.111.111 100.100.100.100
> AuthName "Restricted Access"
> AuthType Basic
> AuthUserFile /etc/httpd/passwd/htpasswd.users
> Require valid-user
> </Location>
If this indeed is representative of your site's structure you could
simply have one <Location /foo> (or just '/') proxying to
https://111.111.111.111/ and you should be able to access /foo/rpt,
/foo/rpt2. etc.
-peter
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Authenticate each user once for multiple
applications
Posted by Eric Covener <co...@gmail.com>.
On Fri, Nov 13, 2009 at 11:00 AM, Yungwei Chen <yu...@resolvity.com> wrote:
> My question is: How can I tell the reverse proxy server to authenticate each
> user just once in this case?
It authenticates you on every request, but your browser doesn't bother
to prompt you when something is a sub-location of where you previously
authenticated. Can you put these two URL's under a common root? Your
browser would stop prompting.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org