You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Philippe DEBAT <di...@excite.com> on 1998/09/18 11:51:38 UTC
mod_proxy/3027: ProxyPass whith authentication, use PROXY-Authenticate header, and not WWW-Authenticate
>Number: 3027
>Category: mod_proxy
>Synopsis: ProxyPass whith authentication, use PROXY-Authenticate header, and not WWW-Authenticate
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: apache
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Fri Sep 18 04:10:00 PDT 1998
>Last-Modified:
>Originator: diamondia@excite.com
>Organization:
apache
>Release: 1.3.1
>Environment:
every OS
>Description:
I was using a web server apache 1.2.6 as a reverse proxy, in front of another web server, with directives like 'ProxyPass'.
Some URL's 'proxied' were protected by password (using Basic authentication and 'require' feature). All was working well.
I migrate to version 1.3.1 and it is not working. In fact it returned a '407' error code, in case of accessing a protected URL. It's working only
if you declare my 'reverse proxy' server as your proxy server in your browser.
But it's not working if you access Internet already through a proxy !.
>How-To-Repeat:
Configure 2 apache web servers with one as a reverse proxy, with at least one proxied URL
protected by password.
>Fix:
In the code of Apache 1.3.1 you use only 2 values (0 and 1) with 'r->proxyreq' to distinguish
proxy requests and normal requests. I suggest to use a third value (2 for example) to
identify a 'pseudo proxy request' used by 'ProxyPass', and modify the tests
'r-proxyreq ?' whith 'r->proxyreq == 1' in file http_protocol.c. All the files concerned are
request.c, http_protocol.c, mod_proxy.c (function proxy_trans, r->proxyreq = 2 after (len > 0)), mod_digest.c.
I implement this change and it's working fine.
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <ap...@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED. This is not done]
[automatically because of the potential for mail loops. ]
[If you do not include this Cc, your reply may be ig- ]
[nored unless you are responding to an explicit request ]
[from a developer. ]
[Reply only with text; DO NOT SEND ATTACHMENTS! ]