You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by K Anand <ka...@sail-steel.com> on 2005/06/17 07:51:58 UTC
[users@httpd] Basic Authentication over reverse proxy
I want to do basic authentication with reverse proxy...My relevant config is
as follows :
ProxyRequests Off
<Directory proxy:*>
Order deny,allow
Deny from all
Allow from all
</Directory>
<Directory proxy:/xxx/>
AuthType Basic
AuthName "By Invitaion Only"
AuthUserFile /etc/httpd/conf/passwd/passwords
Require valid-user
</Directory>
ProxyPass /xxx/ http://a.b.c.d/xxx
ProxyPassReverse /xxx/ http://a.b.c.d/xxx
File /etc/httpd/conf/passwd/passwords exists with one user name and
password.
When I try basic auth for a normal dir, it works. It asks me for a user id
and password. But when I tried with proxied dir, it does not ask me .
order of loading of modules is as follows :
LoadModule proxy_module modules/libproxy.so
LoadModule auth_module modules/mod_auth.so
AddModule mod_proxy.c
AddModule mod_auth.c
Apache/1.3.27 (Unix) (Red-Hat/Linux)
What could the problem be ? Any pointers would be appreciated.
Anand
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Basic Authentication over reverse proxy
Posted by Joshua Slive <js...@gmail.com>.
On 6/18/05, K Anand <ka...@sail-steel.com> wrote:
> Josh,
> here is what the apache 1.3 manual says about Directory and
> Location directives :
>
> Location Directive :
> " For all origin (non-proxy) requests, the URL to be matched is of the form
> /path/, and you should not include any http://servername prefix. For proxy
> requests, the URL to be matched is of the form scheme://servername/path, and
> you must include the prefix. " ---- What does this mean ?? I did not
> include the prefix but it still was working...
I believe that excerpt is refering to regular forward-proxies. For a
reverse, proxy, the URL at the <Location> matching stage does not have
the scheme/hostname/port.
>
> This is from " How Directory, Location and Files sections work "
>
> " But a notable exception is :
> proxy control is done via <Directory>. This is a legacy mistake because the
> proxy existed prior to <Location>. A future version of the config language
> should probably switch this to <Location>. "
And it has long been corrected (in 2.0) by the use of a <Proxy> block.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Basic Authentication over reverse proxy
Posted by K Anand <ka...@sail-steel.com>.
Josh,
here is what the apache 1.3 manual says about Directory and
Location directives :
Location Directive :
" For all origin (non-proxy) requests, the URL to be matched is of the form
/path/, and you should not include any http://servername prefix. For proxy
requests, the URL to be matched is of the form scheme://servername/path, and
you must include the prefix. " ---- What does this mean ?? I did not
include the prefix but it still was working...
This is from " How Directory, Location and Files sections work "
" But a notable exception is :
proxy control is done via <Directory>. This is a legacy mistake because the
proxy existed prior to <Location>. A future version of the config language
should probably switch this to <Location>. "
----- Original Message -----
From: "K Anand" <ka...@sail-steel.com>
To: <us...@httpd.apache.org>
Sent: Saturday, June 18, 2005 9:29 AM
Subject: Re: [users@httpd] Basic Authentication over reverse proxy
> Hi Josh,
> Think you missed one of my messages...I had managed to get
> it working..yes, you have to give the proxied hostname ie instead of
giving
> <Directory proxy:/xxx/>, it should have been <Directory
> proxy:http://a.b.c.d/xxx/>...I also tried it with Location directive..that
> was also working...
>
> Thanx
>
> Anand
>
-----
> From: "Joshua Slive" <js...@gmail.com>
> To: <us...@httpd.apache.org>
> Sent: Friday, June 17, 2005 6:22 PM
> Subject: Re: [users@httpd] Basic Authentication over reverse proxy
>
>
> On 6/17/05, K Anand <ka...@sail-steel.com> wrote:
> > <Directory proxy:/xxx/>
>
> > ProxyPass /xxx/ http://a.b.c.d/xxx
> > ProxyPassReverse /xxx/ http://a.b.c.d/xxx
>
> I believe (though I can't remember testing this much myself) that
> <Directory proxy:> requires a full url including http://hostname/. An
> easier way to handle this is probably
>
> <Location /xxx/>
> ...
> </Location>
>
> Joshua.
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Basic Authentication over reverse proxy
Posted by K Anand <ka...@sail-steel.com>.
Hi Josh,
Think you missed one of my messages...I had managed to get
it working..yes, you have to give the proxied hostname ie instead of giving
<Directory proxy:/xxx/>, it should have been <Directory
proxy:http://a.b.c.d/xxx/>...I also tried it with Location directive..that
was also working...
Thanx
Anand
----- Original Message -----
From: "Joshua Slive" <js...@gmail.com>
To: <us...@httpd.apache.org>
Sent: Friday, June 17, 2005 6:22 PM
Subject: Re: [users@httpd] Basic Authentication over reverse proxy
On 6/17/05, K Anand <ka...@sail-steel.com> wrote:
> <Directory proxy:/xxx/>
> ProxyPass /xxx/ http://a.b.c.d/xxx
> ProxyPassReverse /xxx/ http://a.b.c.d/xxx
I believe (though I can't remember testing this much myself) that
<Directory proxy:> requires a full url including http://hostname/. An
easier way to handle this is probably
<Location /xxx/>
...
</Location>
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Basic Authentication over reverse proxy
Posted by Joshua Slive <js...@gmail.com>.
On 6/17/05, K Anand <ka...@sail-steel.com> wrote:
> <Directory proxy:/xxx/>
> ProxyPass /xxx/ http://a.b.c.d/xxx
> ProxyPassReverse /xxx/ http://a.b.c.d/xxx
I believe (though I can't remember testing this much myself) that
<Directory proxy:> requires a full url including http://hostname/. An
easier way to handle this is probably
<Location /xxx/>
...
</Location>
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Basic Authentication over reverse proxy SOLVED
Posted by K Anand <ka...@sail-steel.com>.
I managed to get it working...What I had to put in was not <Directory
proxy:/xxx/> but
<Directory proxy:http://a.b.c.d/>
Anand
----- Original Message -----
From: "K Anand" <ka...@sail-steel.com>
To: <us...@httpd.apache.org>
Sent: Friday, June 17, 2005 11:21 AM
Subject: [users@httpd] Basic Authentication over reverse proxy
> I want to do basic authentication with reverse proxy...My relevant config
is
> as follows :
>
> ProxyRequests Off
> <Directory proxy:*>
> Order deny,allow
> Deny from all
> Allow from all
> </Directory>
>
> <Directory proxy:/xxx/>
> AuthType Basic
> AuthName "By Invitaion Only"
> AuthUserFile /etc/httpd/conf/passwd/passwords
> Require valid-user
> </Directory>
>
> ProxyPass /xxx/ http://a.b.c.d/xxx
> ProxyPassReverse /xxx/ http://a.b.c.d/xxx
>
> File /etc/httpd/conf/passwd/passwords exists with one user name and
> password.
> When I try basic auth for a normal dir, it works. It asks me for a user id
> and password. But when I tried with proxied dir, it does not ask me .
>
> order of loading of modules is as follows :
>
> LoadModule proxy_module modules/libproxy.so
> LoadModule auth_module modules/mod_auth.so
>
> AddModule mod_proxy.c
> AddModule mod_auth.c
>
>
> Apache/1.3.27 (Unix) (Red-Hat/Linux)
>
> What could the problem be ? Any pointers would be appreciated.
>
> Anand
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org