You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Michael Dean <Mi...@dtir.qld.gov.au> on 1998/08/20 04:21:00 UTC

mod_proxy/2879: Proxy passwd isn't being passed to parent proxy

>Number:         2879
>Category:       mod_proxy
>Synopsis:       Proxy passwd isn't being passed to parent proxy
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Wed Aug 19 19:30:00 PDT 1998
>Last-Modified:
>Originator:     Michael.Dean@dtir.qld.gov.au
>Organization:
apache
>Release:        1.3.1
>Environment:
SunOS atlas 5.5.1 Generic_103640-09 sun4u sparc SUNW,Ultra-2

Reading specs from /usr/local/lib/gcc-lib/sparc-sun-solaris2.5.1/2.7.2.3/specs
gcc version 2.7.2.3
>Description:
OK .. here's my situation ..

I'm currently in the process of replacing our netscape proxy/cache server
which is a little outdated with the latest version of squid.. 

now the netscape proxy is running on port 8080 and it also serves as an proxy
auto config server as well. ie. all web browsers can use ns-proxy:8080 to act
as their proxy server or get their auto proxy config information from it.

now what I thought I could do was set up a virtual webserver with apache 
acting as a proxy and as a proxy auto config server (see 'how can we repeat
this problem' section for my virtual web server config) .. Now this worked
brilliantly for web browsers that downloaded their proxy auto config information
from this server (which is running port 9090) and it also worked well for web
sites in out local domain plus a few other domains we would normally allow
our 600+ internet users through to without a password .. *but* for other sites
say in the .com or .net domains we have our ns-proxy to request authentication
before that user can get to those sites (I've also set up my squid proxy to do 
the same) .. now this isn't a problem for browsers that have had their proxy
auto config'd by downloading the proxy auto config because those browsers are
told to go directly to the squid/ns-proxy directly *but* (and this is what
appears to be the bug) when browsers go thru the apacheproxy to go to the 
parent squid/ns-proxy, which is asking for the authentication information,
for some reason the authentication information isn't being passed on?!?!
>How-To-Repeat:
Set up a virtual proxy like so

<VirtualHost _default_:9090>
DocumentRoot    /web/apache/proxy-config
DirectoryIndex  proxy.pac

ProxyRequests   On
ProxyRemote     *              http://squid-proxy:3128
NoProxy         .some.domain   123.123.0.0/16
NoCache         *
</VirtualHost>

you must have the upstream proxy server configured to request a password to
allow access to web documents beyond the local domain .. I'm testing a squid 
proxy but have also tried our netscape proxy with the same result inability
to authenticate thru the apache proxy on port 9090, although they have no
dramas connecting directly to the squid-proxy:3128 ..
>Fix:
No, I'm sorry I don't, but I've done some snooping of the actual network traffic
coming into the proxy on port 9090 and the browser doesn't appear to be sending
the authentication ?!?! maybe it's a bug in every browser? have tried IE3/4
and Netscape 4 ...
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <ap...@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]
[If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request ]
[from a developer.                                      ]
[Reply only with text; DO NOT SEND ATTACHMENTS!         ]