You are viewing a plain text version of this content. The canonical link for it is here.

Posted to apache-bugdb@apache.org by Philippe DEBAT <di...@excite.com> on 1998/09/18 11:51:38 UTC

mod_proxy/3027: ProxyPass whith authentication, use PROXY-Authenticate header, and not WWW-Authenticate

>Number:         3027
>Category:       mod_proxy
>Synopsis:       ProxyPass whith authentication, use PROXY-Authenticate header, and not WWW-Authenticate
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Fri Sep 18 04:10:00 PDT 1998
>Last-Modified:
>Originator:     diamondia@excite.com
>Organization:
apache
>Release:        1.3.1
>Environment:
every OS
>Description:
I was using a web server apache 1.2.6 as a reverse proxy, in front of another web server, with directives like 'ProxyPass'.
Some URL's 'proxied' were protected by password (using Basic authentication and 'require' feature). All was working well.
I migrate to version 1.3.1 and it is not working. In fact it returned a '407' error code, in case of accessing a protected URL. It's working only 
if you declare my 'reverse proxy' server as your proxy server in your browser.
But it's not working if you access Internet already through a proxy !.
>How-To-Repeat:
Configure 2 apache web servers with one as a reverse proxy, with at least one proxied URL 
protected by password.
>Fix:
In the code of Apache 1.3.1 you use only 2 values (0 and 1) with 'r->proxyreq' to distinguish
proxy requests and normal requests. I suggest to use a third value (2 for example) to 
identify a 'pseudo proxy request' used by 'ProxyPass', and modify the tests
'r-proxyreq ?' whith 'r->proxyreq == 1' in file http_protocol.c. All the files concerned are
request.c, http_protocol.c, mod_proxy.c (function proxy_trans, r->proxyreq = 2 after (len > 0)), mod_digest.c.
I implement this change and it's working fine.
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <ap...@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]
[If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request ]
[from a developer.                                      ]
[Reply only with text; DO NOT SEND ATTACHMENTS!         ]