You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Ben Laurie <be...@algroup.co.uk> on 1999/12/04 18:05:19 UTC
[PATCH] Send right type of "auth required"
When mod_proxy is configured to do a ProxyPass but the location requires
auth, the error code is erroneously converted to "proxy auth required".
Here's a patch to fix that. Comments?
Cheers,
Ben.
--
SECURE HOSTING AT THE BUNKER! http://www.thebunker.net/hosting.htm
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
Re: [PATCH] Send right type of "auth required"
Posted by Ben Laurie <be...@algroup.co.uk>.
Martin Kraemer wrote:
>
> On Sat, Dec 04, 1999 at 05:05:19PM +0000, Ben Laurie wrote:
> > When mod_proxy is configured to do a ProxyPass but the location requires
> > auth, the error code is erroneously converted to "proxy auth required".
> > Here's a patch to fix that. Comments?
>
> I think this solves the request situation you described. It also
> makes it more clear in what state the proxy engine is.
OK, I'll commit soon.
> Another proxy authorization problem remains, however:
> It does not fix the case where a proxy server further up in the
> proxy chain requires proxy authentication. We pass the 407 back
> to the client, but when she re-requests with a proxy-auth header,
> we strip it out (being a proxy) because we assume it's for us,
> and as we don't want to pass auth info to the origin server. We
> should only do that if we really know it was us who required
> the proxy authorization.
Yep, but I don't have a test case so I'm not going to fix it.
Cheers,
Ben.
--
SECURE HOSTING AT THE BUNKER! http://www.thebunker.net/hosting.htm
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
Re: [PATCH] Send right type of "auth required"
Posted by Martin Kraemer <Ma...@mch.sni.de>.
On Sat, Dec 04, 1999 at 05:05:19PM +0000, Ben Laurie wrote:
> When mod_proxy is configured to do a ProxyPass but the location requires
> auth, the error code is erroneously converted to "proxy auth required".
> Here's a patch to fix that. Comments?
I think this solves the request situation you described. It also
makes it more clear in what state the proxy engine is.
Another proxy authorization problem remains, however:
It does not fix the case where a proxy server further up in the
proxy chain requires proxy authentication. We pass the 407 back
to the client, but when she re-requests with a proxy-auth header,
we strip it out (being a proxy) because we assume it's for us,
and as we don't want to pass auth info to the origin server. We
should only do that if we really know it was us who required
the proxy authorization.
Martin
--
<Ma...@MchP.Siemens.De> | Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-41143 | 81730 Munich, Germany
Re: [PATCH] Send right type of "auth required"
Posted by Ben Laurie <be...@algroup.co.uk>.
Mark J Cox wrote:
>
> > When mod_proxy is configured to do a ProxyPass but the location requires
> > auth, the error code is erroneously converted to "proxy auth required".
> > Here's a patch to fix that. Comments?
>
> Testing the latest CVS head I still get a problem with mod_rewrite;
Are you going to say what the problem is, or are we going to play luser
guessing games?
Cheers,
Ben.
--
SECURE HOSTING AT THE BUNKER! http://www.thebunker.net/hosting.htm
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
Re: [PATCH] Send right type of "auth required"
Posted by Mark J Cox <ma...@awe.com>.
Hmmm, where did the bottom of my message go? anyway the point was that you
still get the "Proxy Auth required" error coming through when using
mod_rewrite to do the mirror proxying. I'll work on this tommorrow.
Mark
> > When mod_proxy is configured to do a ProxyPass but the location requires
> > auth, the error code is erroneously converted to "proxy auth required".
> > Here's a patch to fix that. Comments?
>
> Testing the latest CVS head I still get a problem with mod_rewrite;
>
> ---
> RewriteRule ^/test/(.*) http://blob.localnet/protected/$1 [P]
>
> <Location /test>
> ....Basic auth stuff here
> </Location>
> ---
Re: [PATCH] Send right type of "auth required"
Posted by Mark J Cox <ma...@awe.com>.
> When mod_proxy is configured to do a ProxyPass but the location requires
> auth, the error code is erroneously converted to "proxy auth required".
> Here's a patch to fix that. Comments?
Testing the latest CVS head I still get a problem with mod_rewrite;
---
RewriteRule ^/test/(.*) http://blob.localnet/protected/$1 [P]
<Location /test>
....Basic auth stuff here
</Location>
---
Re: [PATCH] Send right type of "auth required"
Posted by Mark J Cox <ma...@awe.com>.
I had meant to give comments earlier than this. Yes, it is a bug in
Apache and I've tested Ben's patch and it fixes the problem. +1
> When mod_proxy is configured to do a ProxyPass but the location requires
> auth, the error code is erroneously converted to "proxy auth required".
> Here's a patch to fix that. Comments?
Mark