You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by David Talkington <dt...@u.washington.edu> on 2004/08/13 23:13:44 UTC
[users@httpd] proxy authentication problem
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I've hit a brick wall trying to get apache to require authentication for
reverse-proxied content. Reverse proxying works, and authentication
works; just not both together.
I'm using a port-based virtual host as a gateway. (A simple directory
proxy didn't work, because the (proprietary) application being proxied
returns absolute document paths.) This is what the declaration looks
like:
Listen 40011
<VirtualHost *:40011>
# ssl setup
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eN
ULL
SSLCertificateFile /etc/httpd/conf/storis.crt
SSLCertificateKeyFile /etc/httpd/conf/storis.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# proxy setup, using the main UW web server as an example
ProxyPass / https://www.washington.edu/
ProxyPassReverse / https://www.washington.edu/
# Authentication setup. I have also tried enclosing these
# directives inside a <Proxy> or <Location> container,
# with and without the proxy: prefix, with no luck.
<Proxy *>
# pubcookie used in this example, but basic auth won't
# work either.
AuthType basic
AuthName "Very Secret"
AuthUserFile /etc/httpd/user_file
require user dtalk
</Proxy>
</VirtualHost>
The above will proxy https://www.washington.edu, but won't require
authentication. Basic auth does work on normal directories serverwide,
however, so I know that the correct modules are loaded and working. If
I add a Deny line to the Proxy container, the server denies connections,
indicating that this block is being read, the * is being matched, and
the directives therein are being parsed.
What am I missing?
- -d
- --
David Talkington
Computing and Communications
University of Washington
206-543-2144
- --
dtalk@u.washington.edu
- --
PGP key: http://staff.washington.edu/dtalk/004B8F8B.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)
iD8DBQFBHS8P5FKhdwBLj4sRAkFKAJ4/ynChZ+bfUXBTYBmOVo2uxIxZggCfaTUB
cqGaClwJ0Lv/wpuM8WG6AT4=
=8q6q
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] proxy authentication problem
Posted by suomi <ap...@ayni.com>.
<Directory "xyz">
AllowOverride AuthConfig
</Directory>
to allow .htaccess to become effective.
suomi
David Talkington wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> I've hit a brick wall trying to get apache to require authentication for
> reverse-proxied content. Reverse proxying works, and authentication
> works; just not both together.
>
> I'm using a port-based virtual host as a gateway. (A simple directory
> proxy didn't work, because the (proprietary) application being proxied
> returns absolute document paths.) This is what the declaration looks
> like:
>
> Listen 40011
> <VirtualHost *:40011>
> # ssl setup
> SSLEngine on
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eN
> ULL
> SSLCertificateFile /etc/httpd/conf/storis.crt
> SSLCertificateKeyFile /etc/httpd/conf/storis.key
> <Files ~ "\.(cgi|shtml|phtml|php3?)$">
> SSLOptions +StdEnvVars
> </Files>
> SetEnvIf User-Agent ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
>
> # proxy setup, using the main UW web server as an example
> ProxyPass / https://www.washington.edu/
> ProxyPassReverse / https://www.washington.edu/
>
> # Authentication setup. I have also tried enclosing these
> # directives inside a <Proxy> or <Location> container,
> # with and without the proxy: prefix, with no luck.
> <Proxy *>
> # pubcookie used in this example, but basic auth won't
> # work either.
> AuthType basic
> AuthName "Very Secret"
> AuthUserFile /etc/httpd/user_file
> require user dtalk
> </Proxy>
> </VirtualHost>
>
> The above will proxy https://www.washington.edu, but won't require
> authentication. Basic auth does work on normal directories serverwide,
> however, so I know that the correct modules are loaded and working. If
> I add a Deny line to the Proxy container, the server denies connections,
> indicating that this block is being read, the * is being matched, and
> the directives therein are being parsed.
>
> What am I missing?
>
> - -d
>
> - --
> David Talkington
> Computing and Communications
> University of Washington
> 206-543-2144
> - --
> dtalk@u.washington.edu
> - --
> PGP key: http://staff.washington.edu/dtalk/004B8F8B.asc
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.3 (FreeBSD)
>
> iD8DBQFBHS8P5FKhdwBLj4sRAkFKAJ4/ynChZ+bfUXBTYBmOVo2uxIxZggCfaTUB
> cqGaClwJ0Lv/wpuM8WG6AT4=
> =8q6q
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org