You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by K Anand <ka...@sail-steel.com> on 2005/06/17 07:51:58 UTC

[users@httpd] Basic Authentication over reverse proxy

I want to do basic authentication with reverse proxy...My relevant config is
as follows :

ProxyRequests Off
<Directory proxy:*>
    Order deny,allow
    Deny from all
    Allow from all
</Directory>

<Directory proxy:/xxx/>
    AuthType Basic
    AuthName "By Invitaion Only"
    AuthUserFile /etc/httpd/conf/passwd/passwords
    Require valid-user
</Directory>

ProxyPass             /xxx/               http://a.b.c.d/xxx
ProxyPassReverse /xxx/               http://a.b.c.d/xxx

File /etc/httpd/conf/passwd/passwords exists with one user name and
password.
When I try basic auth for a normal dir, it works. It asks me for a user id
and password. But when I tried with proxied dir, it does not ask me .

order of loading of modules is as follows :

LoadModule proxy_module       modules/libproxy.so
LoadModule auth_module        modules/mod_auth.so

AddModule mod_proxy.c
AddModule mod_auth.c


Apache/1.3.27 (Unix)  (Red-Hat/Linux)

What could the problem be ?  Any pointers would be appreciated.

Anand


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Basic Authentication over reverse proxy

Posted by Joshua Slive <js...@gmail.com>.

On 6/18/05, K Anand <ka...@sail-steel.com> wrote:
> Josh,
>         here is what the apache 1.3 manual says about Directory and
> Location directives :
> 
> Location Directive :
> " For all origin (non-proxy) requests, the URL to be matched is of the form
> /path/, and you should not include any http://servername prefix. For proxy
> requests, the URL to be matched is of the form scheme://servername/path, and
> you must include the prefix. "  ---- What does this mean ?? I did not
> include the prefix but it still was working...

I believe that excerpt is refering to regular forward-proxies.  For a
reverse, proxy, the URL at the <Location> matching stage does not have
the scheme/hostname/port.

> 
> This is from "  How Directory, Location and Files sections work "
> 
> " But a notable exception is :
> proxy control is done via <Directory>. This is a legacy mistake because the
> proxy existed prior to <Location>. A future version of the config language
> should probably switch this to <Location>. "

And it has long been corrected (in 2.0) by the use of a <Proxy> block.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Basic Authentication over reverse proxy

Posted by K Anand <ka...@sail-steel.com>.

Josh,
         here is what the apache 1.3 manual says about Directory and
Location directives :

Location Directive :
" For all origin (non-proxy) requests, the URL to be matched is of the form
/path/, and you should not include any http://servername prefix. For proxy
requests, the URL to be matched is of the form scheme://servername/path, and
you must include the prefix. "  ---- What does this mean ?? I did not
include the prefix but it still was working...

This is from "  How Directory, Location and Files sections work "

" But a notable exception is :
proxy control is done via <Directory>. This is a legacy mistake because the
proxy existed prior to <Location>. A future version of the config language
should probably switch this to <Location>. "



----- Original Message ----- 
From: "K Anand" <ka...@sail-steel.com>
To: <us...@httpd.apache.org>
Sent: Saturday, June 18, 2005 9:29 AM
Subject: Re: [users@httpd] Basic Authentication over reverse proxy


> Hi Josh,
>                 Think you missed one of my messages...I had managed to get
> it working..yes, you have to give the proxied hostname ie instead of
giving
> <Directory proxy:/xxx/>, it should have been <Directory
> proxy:http://a.b.c.d/xxx/>...I also tried it with Location directive..that
> was also working...
>
> Thanx
>
> Anand
>
----- 
> From: "Joshua Slive" <js...@gmail.com>
> To: <us...@httpd.apache.org>
> Sent: Friday, June 17, 2005 6:22 PM
> Subject: Re: [users@httpd] Basic Authentication over reverse proxy
>
>
> On 6/17/05, K Anand <ka...@sail-steel.com> wrote:
> > <Directory proxy:/xxx/>
>
> > ProxyPass             /xxx/               http://a.b.c.d/xxx
> > ProxyPassReverse /xxx/               http://a.b.c.d/xxx
>
> I believe (though I can't remember testing this much myself) that
> <Directory proxy:> requires a full url including http://hostname/.  An
> easier way to handle this is probably
>
> <Location /xxx/>
> ...
> </Location>
>
> Joshua.
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Basic Authentication over reverse proxy

Posted by K Anand <ka...@sail-steel.com>.

Hi Josh,
                Think you missed one of my messages...I had managed to get
it working..yes, you have to give the proxied hostname ie instead of giving
<Directory proxy:/xxx/>, it should have been <Directory
proxy:http://a.b.c.d/xxx/>...I also tried it with Location directive..that
was also working...

Thanx

Anand

----- Original Message ----- 
From: "Joshua Slive" <js...@gmail.com>
To: <us...@httpd.apache.org>
Sent: Friday, June 17, 2005 6:22 PM
Subject: Re: [users@httpd] Basic Authentication over reverse proxy


On 6/17/05, K Anand <ka...@sail-steel.com> wrote:
> <Directory proxy:/xxx/>

> ProxyPass             /xxx/               http://a.b.c.d/xxx
> ProxyPassReverse /xxx/               http://a.b.c.d/xxx

I believe (though I can't remember testing this much myself) that
<Directory proxy:> requires a full url including http://hostname/.  An
easier way to handle this is probably

<Location /xxx/>
...
</Location>

Joshua.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Basic Authentication over reverse proxy

Posted by Joshua Slive <js...@gmail.com>.

On 6/17/05, K Anand <ka...@sail-steel.com> wrote:
> <Directory proxy:/xxx/>

> ProxyPass             /xxx/               http://a.b.c.d/xxx
> ProxyPassReverse /xxx/               http://a.b.c.d/xxx

I believe (though I can't remember testing this much myself) that
<Directory proxy:> requires a full url including http://hostname/.  An
easier way to handle this is probably

<Location /xxx/>
...
</Location>

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Basic Authentication over reverse proxy SOLVED

Posted by K Anand <ka...@sail-steel.com>.

I managed to get it working...What I had to put in was not <Directory
proxy:/xxx/> but
<Directory proxy:http://a.b.c.d/>

Anand

----- Original Message ----- 
From: "K Anand" <ka...@sail-steel.com>
To: <us...@httpd.apache.org>
Sent: Friday, June 17, 2005 11:21 AM
Subject: [users@httpd] Basic Authentication over reverse proxy


> I want to do basic authentication with reverse proxy...My relevant config
is
> as follows :
>
> ProxyRequests Off
> <Directory proxy:*>
>     Order deny,allow
>     Deny from all
>     Allow from all
> </Directory>
>
> <Directory proxy:/xxx/>
>     AuthType Basic
>     AuthName "By Invitaion Only"
>     AuthUserFile /etc/httpd/conf/passwd/passwords
>     Require valid-user
> </Directory>
>
> ProxyPass             /xxx/               http://a.b.c.d/xxx
> ProxyPassReverse /xxx/               http://a.b.c.d/xxx
>
> File /etc/httpd/conf/passwd/passwords exists with one user name and
> password.
> When I try basic auth for a normal dir, it works. It asks me for a user id
> and password. But when I tried with proxied dir, it does not ask me .
>
> order of loading of modules is as follows :
>
> LoadModule proxy_module       modules/libproxy.so
> LoadModule auth_module        modules/mod_auth.so
>
> AddModule mod_proxy.c
> AddModule mod_auth.c
>
>
> Apache/1.3.27 (Unix)  (Red-Hat/Linux)
>
> What could the problem be ?  Any pointers would be appreciated.
>
> Anand
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org