You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Petr Hracek <ph...@gmail.com> on 2010/06/18 13:32:42 UTC
[users@httpd] Authentication proxy over proprietary module
Hello *,
I have tried to find out any solution how to authenticate/authorized access
to the proxy but I did not found any
good answer to my question.
Let's say that I have my own module which is take care about authentication
to the SSL web pages.
Unfortunatelly I would like to authenticate proxy which is used on
http://127.0.0.1:8000/
I am using following in the apache configuration file.
This section is not written in <VirtualHost _default_:443>
but in HTTP section.
<IfModule mod_proxy.c>
ProxyRequests Off
ProxyVia On
ProxyPass /term/ http://127.0.0.1:8000/
ProxyPass /term/$ http://127.0.0.1:8000/
ProxyPass /term/u$ http://127.0.0.1:8000/u
ProxyPass /term/(.*) http://127.0.0.1/public/ajaxterm/$1
ProxyPassReverse /term/ http://127.0.0.1:8000/
ProxyPassReverse /term/ http://localhost:8000/
<Proxy *>
Order deny,allow
Allow from all
AuthType SEC
AuthName "Password Required"
require valid-user
satisfy Any
</Proxy>
</IfModule>
Unfortunatelly when I write down to the URL of browser
https://<IP_Address>/term
than after authentication I have received
HTTP Error 404 HTTP Not Found (Not Found).
What I have mistake in httpd.conf file?
--
Best Regards / S pozdravem
Petr Hracek
Re: [users@httpd] Authentication proxy over proprietary module
Posted by Petr Hracek <ph...@gmail.com>.
Hello *,
I have forgott to mentioned that proxy setup in my apache2
configuration file is not setup in Browser Proxy setting and it will
not be setup there anymore. It is not required anymore
Best Regards
Petr
2010/6/18 Petr Hracek <ph...@gmail.com>:
> I have requested URL https://<ip_address>/term/
> and I have expected that login page with entering username and
> password will be openned and after enterring valid login info
> ProxyPage will be openned.
>
> From the RewriteLog:
> 10.7.254.18 - - [18/Jun/2010:15:44:08 +0200]
> [10.6.1.135/sid#80176990][rid#801f51a8/initial] (2) init rewrite
> engine with requested uri /term/
> 10.7.254.18 - - [18/Jun/2010:15:44:08 +0200]
> [10.6.1.135/sid#80176990][rid#801f51a8/initial] (3) applying pattern
> '.*' to uri '/term/'
> 10.7.254.18 - - [18/Jun/2010:15:44:08 +0200]
> [10.6.1.135/sid#80176990][rid#801f51a8/initial] (3) applying pattern
> '^/$' to uri '/term/'
> 10.7.254.18 - - [18/Jun/2010:15:44:08 +0200]
> [10.6.1.135/sid#80176990][rid#801f51a8/initial] (3) applying pattern
> '^/term/$' to uri '/term/'
> 10.7.254.18 - - [18/Jun/2010:15:44:08 +0200]
> [10.6.1.135/sid#80176990][rid#801f51a8/initial] (2) rewrite '/term/'
> -> 'http://127.0.0.1:8000/'
> 10.7.254.18 - - [18/Jun/2010:15:44:08 +0200]
> [10.6.1.135/sid#80176990][rid#801f51a8/initial] (2) forcing
> proxy-throughput with http://127.0.0.1:8000/
> 10.7.254.18 - - [18/Jun/2010:15:44:08 +0200]
> [10.6.1.135/sid#80176990][rid#801f51a8/initial] (1) go-ahead with
> proxy request proxy:http://127.0.0.1:8000/ [OK]
> 10.7.254.18 - - [18/Jun/2010:15:44:08 +0200]
> [10.6.1.135/sid#80176990][rid#801f51a8/initial] (2) init rewrite
> engine with requested uri /term/ajaxterm.css
> 10.7.254.18 - - [18/Jun/2010:15:44:08 +0200]
> [10.6.1.135/sid#80176990][rid#801f51a8/initial] (3) applying pattern
> '.*' to uri '/term/ajaxterm.css'
> 10.7.254.18 - - [18/Jun/2010:15:44:08 +0200]
> [10.6.1.135/sid#80176990][rid#801f51a8/initial] (3) applying pattern
> '^/(common|public)/(.*)' to uri '/term/ajaxterm.css'
> 10.7.254.18 - - [18/Jun/2010:15:44:08 +0200]
> [10.6.1.135/sid#80176990][rid#801f51a8/initial] (3) applying pattern
> '^/USSW(.*)' to uri '/term/ajaxterm.css'
> 10.7.254.18 - - [18/Jun/2010:15:44:08 +0200]
> [10.6.1.135/sid#80176990][rid#801f51a8/initial] (3) applying pattern
> '^/SecM/wsm.*' to uri '/term/ajaxterm.css'
>
> Error log from Apache is in the attachement.
>
> 2010/6/18 Eric Covener <co...@gmail.com>:
>> On Fri, Jun 18, 2010 at 9:36 AM, Petr Hracek <ph...@gmail.com> wrote:
>>> Hello,
>>>
>>> when I move ProxyPass to RewriteRule so that now it looks like following:
>>> RewriteRule ^/term/$ http://127.0.0.1:8000/ [P]
>>> RewriteRule ^/term/u$ http://127.0.0.1:8000/u [P]
>>> RewriteRule ^/term/(.*) http://127.0.0.1/public/ajaxterm/$1 [P]
>>> RewriteRule ^/([^/]+)$ ${unity:$1|/$1} [L]
>>> RewriteRule ^/([^/]+)/(.*) ${unity:$1|/opt/apache/htdocs/ssldocs/$1}/$2 [L]
>>>
>>> Then page is shown but unfortunatelly without and
>>> authentication/authorization screen.
>>>
>>> May be I misunderstand your answer.
>>>> Tough to guess why it didn't get proxied without looking at verbatim
>>>> doc. If it doesn't get proxied, it won't match your <Proxy *>.
>>> What do you mean with verbatim doc? Could you please send me reference?
>>>
>>
>> What URL did you request? What got logged? What did the RewriteLog
>> say? What did you expect?
>>
>> --
>> Eric Covener
>> covener@gmail.com
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
>
>
> --
> Best Regards / S pozdravem
> Petr Hracek
>
--
Best Regards / S pozdravem
Petr Hracek
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Authentication proxy over proprietary module
Posted by Petr Hracek <ph...@gmail.com>.
I have requested URL https://<ip_address>/term/
and I have expected that login page with entering username and
password will be openned and after enterring valid login info
ProxyPage will be openned.
>From the RewriteLog:
10.7.254.18 - - [18/Jun/2010:15:44:08 +0200]
[10.6.1.135/sid#80176990][rid#801f51a8/initial] (2) init rewrite
engine with requested uri /term/
10.7.254.18 - - [18/Jun/2010:15:44:08 +0200]
[10.6.1.135/sid#80176990][rid#801f51a8/initial] (3) applying pattern
'.*' to uri '/term/'
10.7.254.18 - - [18/Jun/2010:15:44:08 +0200]
[10.6.1.135/sid#80176990][rid#801f51a8/initial] (3) applying pattern
'^/$' to uri '/term/'
10.7.254.18 - - [18/Jun/2010:15:44:08 +0200]
[10.6.1.135/sid#80176990][rid#801f51a8/initial] (3) applying pattern
'^/term/$' to uri '/term/'
10.7.254.18 - - [18/Jun/2010:15:44:08 +0200]
[10.6.1.135/sid#80176990][rid#801f51a8/initial] (2) rewrite '/term/'
-> 'http://127.0.0.1:8000/'
10.7.254.18 - - [18/Jun/2010:15:44:08 +0200]
[10.6.1.135/sid#80176990][rid#801f51a8/initial] (2) forcing
proxy-throughput with http://127.0.0.1:8000/
10.7.254.18 - - [18/Jun/2010:15:44:08 +0200]
[10.6.1.135/sid#80176990][rid#801f51a8/initial] (1) go-ahead with
proxy request proxy:http://127.0.0.1:8000/ [OK]
10.7.254.18 - - [18/Jun/2010:15:44:08 +0200]
[10.6.1.135/sid#80176990][rid#801f51a8/initial] (2) init rewrite
engine with requested uri /term/ajaxterm.css
10.7.254.18 - - [18/Jun/2010:15:44:08 +0200]
[10.6.1.135/sid#80176990][rid#801f51a8/initial] (3) applying pattern
'.*' to uri '/term/ajaxterm.css'
10.7.254.18 - - [18/Jun/2010:15:44:08 +0200]
[10.6.1.135/sid#80176990][rid#801f51a8/initial] (3) applying pattern
'^/(common|public)/(.*)' to uri '/term/ajaxterm.css'
10.7.254.18 - - [18/Jun/2010:15:44:08 +0200]
[10.6.1.135/sid#80176990][rid#801f51a8/initial] (3) applying pattern
'^/USSW(.*)' to uri '/term/ajaxterm.css'
10.7.254.18 - - [18/Jun/2010:15:44:08 +0200]
[10.6.1.135/sid#80176990][rid#801f51a8/initial] (3) applying pattern
'^/SecM/wsm.*' to uri '/term/ajaxterm.css'
Error log from Apache is in the attachement.
2010/6/18 Eric Covener <co...@gmail.com>:
> On Fri, Jun 18, 2010 at 9:36 AM, Petr Hracek <ph...@gmail.com> wrote:
>> Hello,
>>
>> when I move ProxyPass to RewriteRule so that now it looks like following:
>> RewriteRule ^/term/$ http://127.0.0.1:8000/ [P]
>> RewriteRule ^/term/u$ http://127.0.0.1:8000/u [P]
>> RewriteRule ^/term/(.*) http://127.0.0.1/public/ajaxterm/$1 [P]
>> RewriteRule ^/([^/]+)$ ${unity:$1|/$1} [L]
>> RewriteRule ^/([^/]+)/(.*) ${unity:$1|/opt/apache/htdocs/ssldocs/$1}/$2 [L]
>>
>> Then page is shown but unfortunatelly without and
>> authentication/authorization screen.
>>
>> May be I misunderstand your answer.
>>> Tough to guess why it didn't get proxied without looking at verbatim
>>> doc. If it doesn't get proxied, it won't match your <Proxy *>.
>> What do you mean with verbatim doc? Could you please send me reference?
>>
>
> What URL did you request? What got logged? What did the RewriteLog
> say? What did you expect?
>
> --
> Eric Covener
> covener@gmail.com
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
--
Best Regards / S pozdravem
Petr Hracek
Re: [users@httpd] Authentication proxy over proprietary module
Posted by Eric Covener <co...@gmail.com>.
On Fri, Jun 18, 2010 at 9:36 AM, Petr Hracek <ph...@gmail.com> wrote:
> Hello,
>
> when I move ProxyPass to RewriteRule so that now it looks like following:
> RewriteRule ^/term/$ http://127.0.0.1:8000/ [P]
> RewriteRule ^/term/u$ http://127.0.0.1:8000/u [P]
> RewriteRule ^/term/(.*) http://127.0.0.1/public/ajaxterm/$1 [P]
> RewriteRule ^/([^/]+)$ ${unity:$1|/$1} [L]
> RewriteRule ^/([^/]+)/(.*) ${unity:$1|/opt/apache/htdocs/ssldocs/$1}/$2 [L]
>
> Then page is shown but unfortunatelly without and
> authentication/authorization screen.
>
> May be I misunderstand your answer.
>> Tough to guess why it didn't get proxied without looking at verbatim
>> doc. If it doesn't get proxied, it won't match your <Proxy *>.
> What do you mean with verbatim doc? Could you please send me reference?
>
What URL did you request? What got logged? What did the RewriteLog
say? What did you expect?
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Authentication proxy over proprietary module
Posted by Petr Hracek <ph...@gmail.com>.
Hello,
when I move ProxyPass to RewriteRule so that now it looks like following:
RewriteRule ^/term/$ http://127.0.0.1:8000/ [P]
RewriteRule ^/term/u$ http://127.0.0.1:8000/u [P]
RewriteRule ^/term/(.*) http://127.0.0.1/public/ajaxterm/$1 [P]
RewriteRule ^/([^/]+)$ ${unity:$1|/$1} [L]
RewriteRule ^/([^/]+)/(.*) ${unity:$1|/opt/apache/htdocs/ssldocs/$1}/$2 [L]
Then page is shown but unfortunatelly without and
authentication/authorization screen.
May be I misunderstand your answer.
> Tough to guess why it didn't get proxied without looking at verbatim
> doc. If it doesn't get proxied, it won't match your <Proxy *>.
What do you mean with verbatim doc? Could you please send me reference?
Thank you in advance
Best regards
Petr
2010/6/18 Eric Covener <co...@gmail.com>:
> On Fri, Jun 18, 2010 at 8:13 AM, Petr Hracek <ph...@gmail.com> wrote:
>> satisfy any was deleted and with slash is also not working.
>> The same error 404.
>
> Tough to guess why it didn't get proxied without looking at verbatim
> doc. If it doesn't get proxied, it won't match your <Proxy *>.
>
>>
>> in the Virtual Host section I have RewriteRule section as well and at
>> the and is mentioned:
>> RewriteRule ^/([^/]+)$ ${unity:$1|/$1} [L]
>> RewriteRule ^/([^/]+)/(.*) ${unity:$1|/opt/apache/htdocs/ssldocs/$1}/$2 [L]
>>
>> which is used for my proprietary module.
>> In the handler in that module is not any redirecting to the proxy and
>> when the authentication/authorization is done succesfully then each
>> functon return is OK.
>
> Can't such a rewrite short-circuit ProxyPass? Try moving your
> Proxypass directives to rewrite so you can make sense of / control
> the relationship.
>
>> Could there be a problem that handlers like post_read_request are not
>> mentioned for handling Proxy Request?
>>
>
> No. But you could simply add a logging call to your module to debunk
> such a thing.
> --
> Eric Covener
> covener@gmail.com
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
--
Best Regards / S pozdravem
Petr Hracek
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Authentication proxy over proprietary module
Posted by Eric Covener <co...@gmail.com>.
On Fri, Jun 18, 2010 at 8:13 AM, Petr Hracek <ph...@gmail.com> wrote:
> satisfy any was deleted and with slash is also not working.
> The same error 404.
Tough to guess why it didn't get proxied without looking at verbatim
doc. If it doesn't get proxied, it won't match your <Proxy *>.
>
> in the Virtual Host section I have RewriteRule section as well and at
> the and is mentioned:
> RewriteRule ^/([^/]+)$ ${unity:$1|/$1} [L]
> RewriteRule ^/([^/]+)/(.*) ${unity:$1|/opt/apache/htdocs/ssldocs/$1}/$2 [L]
>
> which is used for my proprietary module.
> In the handler in that module is not any redirecting to the proxy and
> when the authentication/authorization is done succesfully then each
> functon return is OK.
Can't such a rewrite short-circuit ProxyPass? Try moving your
Proxypass directives to rewrite so you can make sense of / control
the relationship.
> Could there be a problem that handlers like post_read_request are not
> mentioned for handling Proxy Request?
>
No. But you could simply add a logging call to your module to debunk
such a thing.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Authentication proxy over proprietary module
Posted by Petr Hracek <ph...@gmail.com>.
satisfy any was deleted and with slash is also not working.
The same error 404.
in the Virtual Host section I have RewriteRule section as well and at
the and is mentioned:
RewriteRule ^/([^/]+)$ ${unity:$1|/$1} [L]
RewriteRule ^/([^/]+)/(.*) ${unity:$1|/opt/apache/htdocs/ssldocs/$1}/$2 [L]
which is used for my proprietary module.
In the handler in that module is not any redirecting to the proxy and
when the authentication/authorization is done succesfully then each
functon return is OK.
Functions in module are:
ap_hook_post_config(udsc_init_Module,NULL,NULL,APR_HOOK_MIDDLE);
ap_hook_auth_checker(udsc_access_handler,NULL,NULL,APR_HOOK_MIDDLE);
ap_hook_check_user_id(udsc_auth_handler,NULL,NULL,APR_HOOK_MIDDLE);
ap_hook_handler(udsc_notification_handler,NULL,NULL,APR_HOOK_MIDDLE);
ap_hook_fixups(udsc_fixups,NULL,NULL,APR_HOOK_MIDDLE);
ap_hook_child_init(udsc_init_Child,NULL,NULL,APR_HOOK_MIDDLE);
ap_hook_handler(udsc_secmcj_handler,NULL,NULL,APR_HOOK_MIDDLE);
ap_hook_handler(udsc_login_handler,NULL,NULL,APR_HOOK_MIDDLE);
ap_hook_handler(udsc_single_login_handler,NULL,NULL,APR_HOOK_MIDDLE);
ap_hook_handler(udsc_logout_handler,NULL,NULL,APR_HOOK_MIDDLE);
ap_hook_handler(udsc_wsm_handler,NULL,NULL,APR_HOOK_MIDDLE);
ap_hook_handler(udsc_mulsess_tab_handler,NULL,NULL,APR_HOOK_MIDDLE);
There is not anything about Proxy.
Could there be a problem that handlers like post_read_request are not
mentioned for handling Proxy Request?
Best regards
Petr
2010/6/18, Eric Covener <co...@gmail.com>:
> On Fri, Jun 18, 2010 at 7:32 AM, Petr Hracek <ph...@gmail.com> wrote:
>> Hello *,
>>
>> I have tried to find out any solution how to authenticate/authorized
>> access
>> to the proxy but I did not found any
>> good answer to my question.
>>
>> Let's say that I have my own module which is take care about
>> authentication
>> to the SSL web pages.
>> Unfortunatelly I would like to authenticate proxy which is used on
>> http://127.0.0.1:8000/
>> I am using following in the apache configuration file.
>> This section is not written in <VirtualHost _default_:443>
>> but in HTTP section.
>>
>> <IfModule mod_proxy.c>
>> ProxyRequests Off
>> ProxyVia On
>> ProxyPass /term/ http://127.0.0.1:8000/
>> ProxyPass /term/$ http://127.0.0.1:8000/
>> ProxyPass /term/u$ http://127.0.0.1:8000/u
>> ProxyPass /term/(.*)
>> http://127.0.0.1/public/ajaxterm/$1
>> ProxyPassReverse /term/ http://127.0.0.1:8000/
>> ProxyPassReverse /term/ http://localhost:8000/
>> <Proxy *>
>> Order deny,allow
>> Allow from all
>> AuthType SEC
>> AuthName "Password Required"
>> require valid-user
>> satisfy Any
>> </Proxy>
>> </IfModule>
>>
>> Unfortunatelly when I write down to the URL of browser
>> https://<IP_Address>/term than after authentication I have received
>> HTTP Error 404 HTTP Not Found (Not Found).
>>
>> What I have mistake in httpd.conf file?
>
> satisfy any means only the host-based access control was required, so
> no other auth ran.
>
> your proxy rules only proxy URL's with a trailing slash after "/term",
> so you got a 404.
>
> Eric Covener
> covener@gmail.com
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
--
Best Regards / S pozdravem
Petr Hracek
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Authentication proxy over proprietary module
Posted by Eric Covener <co...@gmail.com>.
On Fri, Jun 18, 2010 at 7:32 AM, Petr Hracek <ph...@gmail.com> wrote:
> Hello *,
>
> I have tried to find out any solution how to authenticate/authorized access
> to the proxy but I did not found any
> good answer to my question.
>
> Let's say that I have my own module which is take care about authentication
> to the SSL web pages.
> Unfortunatelly I would like to authenticate proxy which is used on
> http://127.0.0.1:8000/
> I am using following in the apache configuration file.
> This section is not written in <VirtualHost _default_:443>
> but in HTTP section.
>
> <IfModule mod_proxy.c>
> ProxyRequests Off
> ProxyVia On
> ProxyPass /term/ http://127.0.0.1:8000/
> ProxyPass /term/$ http://127.0.0.1:8000/
> ProxyPass /term/u$ http://127.0.0.1:8000/u
> ProxyPass /term/(.*) http://127.0.0.1/public/ajaxterm/$1
> ProxyPassReverse /term/ http://127.0.0.1:8000/
> ProxyPassReverse /term/ http://localhost:8000/
> <Proxy *>
> Order deny,allow
> Allow from all
> AuthType SEC
> AuthName "Password Required"
> require valid-user
> satisfy Any
> </Proxy>
> </IfModule>
>
> Unfortunatelly when I write down to the URL of browser
> https://<IP_Address>/term than after authentication I have received
> HTTP Error 404 HTTP Not Found (Not Found).
>
> What I have mistake in httpd.conf file?
satisfy any means only the host-based access control was required, so
no other auth ran.
your proxy rules only proxy URL's with a trailing slash after "/term",
so you got a 404.
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org