You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Ji...@trendmicro.com.cn on 2003/07/15 11:40:34 UTC
[users@httpd]2.0.46 proxy digest auth cannot access https server
Hi,
I compiled and setuped Apache2.0.46 on Win2k server,Redhat7.2 and Solaris9.
I used them as proxy servers.
I configed basic authentication and digest authentication on these proxy.
I can access http website through any of these proxy,I can also access https website through basic auth proxy.
But I cannot access https://* through digest auth proxy on any platform.
Who can help me?If this's a bug in Apache2.0.46?
-------------------
this is access_log
10.9.8.9 - - [15/Jul/2003:11:34:33 -0800] "CONNECT cn-qafs:443 HTTP/1.0" 407 519
10.9.8.9 - tester [15/Jul/2003:11:34:33 -0800] "CONNECT cn-qafs:443 HTTP/1.0" 400 330
10.9.8.9 - - [15/Jul/2003:11:34:36 -0800] "CONNECT cn-qafs:443 HTTP/1.0" 407 519
10.9.8.9 - tester [15/Jul/2003:11:34:36 -0800] "CONNECT cn-qafs:443 HTTP/1.0" 400 330
10.9.8.9 - - [15/Jul/2003:11:34:40 -0800] "CONNECT cn-qafs:443 HTTP/1.0" 407 519
10.9.8.9 - tester [15/Jul/2003:11:34:40 -0800] "CONNECT cn-qafs:443 HTTP/1.0" 400 330
10.9.8.9 - - [15/Jul/2003:11:34:42 -0800] "CONNECT cn-qafs:443 HTTP/1.0" 407 519
10.9.8.9 - tester [15/Jul/2003:11:34:42 -0800] "CONNECT cn-qafs:443 HTTP/1.0" 400 330
and error_log:
[Tue Jul 15 11:34:33 2003] [error] [client 10.9.8.9] Digest: uri mismatch - </> does not match request-uri <76dc2960acd64a5Host>
[Tue Jul 15 11:34:36 2003] [error] [client 10.9.8.9] Digest: uri mismatch - </> does not match request-uri <92ce>
[Tue Jul 15 11:34:40 2003] [error] [client 10.9.8.9] Digest: uri mismatch - </> does not match request-uri <3151>
[Tue Jul 15 11:34:42 2003] [error] [client 10.9.8.9] Digest: uri mismatch - </> does not match request-uri <76dc2960acd64a5Host>
--------------------
below is part config file of a digest auth server:
---------------
<IfModule mod_proxy.c>
ProxyRequests On
<Proxy *>
options indexes followsymlinks
allowoverride authconfig
AuthType Digest
AuthName "digest"
AuthDigestFile /usr/local/apache246/conf/digest
require valid-user
Order allow,deny
Allow from all .example.com
</Proxy>
ProxyVia On
#
# To enable the cache as well, edit and uncomment the following lines:
# (no cacheing without CacheRoot)
#
#CacheRoot "/usr/local/apache246/proxy"
#CacheSize 5
#CacheGcInterval 4
#CacheMaxExpire 24
#CacheLastModifiedFactor 0.1
#CacheDefaultExpire 1
#NoCache a-domain.com another-domain.edu joes.garage-sale.com
</IfModule>
# End of proxy directives.
-----------------
RE: [users@httpd]2.0.46 proxy digest auth cannot access https server
Posted by Jeff Cohen <su...@gej-it.com>.
1. Remove followsymlinks from the Options
2. Add: AllowCONNECT 443
Ref. http://httpd.apache.org/docs-2.0/mod/mod_proxy.html#allowconnect
All the best,
Jeff Cohen
Support@GEJ-IT.com
Tel. (416) 917-2324
www.GEJ-IT.com
GEJ-IT Networks!
-----Original Message-----
From: Jiang_Chang@trendmicro.com.cn [mailto:Jiang_Chang@trendmicro.com.cn]
Sent: Tuesday, July 15, 2003 5:41 AM
To: users@httpd.apache.org
Subject: [users@httpd]2.0.46 proxy digest auth cannot access https server
Hi,
I compiled and setuped Apache2.0.46 on Win2k server,Redhat7.2 and Solaris9.
I used them as proxy servers.
I configed basic authentication and digest authentication on these proxy.
I can access http website through any of these proxy,I can also access https
website through basic auth proxy.
But I cannot access https://* through digest auth proxy on any platform.
Who can help me?If this's a bug in Apache2.0.46?
-------------------
this is access_log
10.9.8.9 - - [15/Jul/2003:11:34:33 -0800] "CONNECT cn-qafs:443 HTTP/1.0" 407
519
10.9.8.9 - tester [15/Jul/2003:11:34:33 -0800] "CONNECT cn-qafs:443
HTTP/1.0" 400 330
10.9.8.9 - - [15/Jul/2003:11:34:36 -0800] "CONNECT cn-qafs:443 HTTP/1.0" 407
519
10.9.8.9 - tester [15/Jul/2003:11:34:36 -0800] "CONNECT cn-qafs:443
HTTP/1.0" 400 330
10.9.8.9 - - [15/Jul/2003:11:34:40 -0800] "CONNECT cn-qafs:443 HTTP/1.0" 407
519
10.9.8.9 - tester [15/Jul/2003:11:34:40 -0800] "CONNECT cn-qafs:443
HTTP/1.0" 400 330
10.9.8.9 - - [15/Jul/2003:11:34:42 -0800] "CONNECT cn-qafs:443 HTTP/1.0" 407
519
10.9.8.9 - tester [15/Jul/2003:11:34:42 -0800] "CONNECT cn-qafs:443
HTTP/1.0" 400 330
and error_log:
[Tue Jul 15 11:34:33 2003] [error] [client 10.9.8.9] Digest: uri mismatch -
</> does not match request-uri <76dc2960acd64a5Host>
[Tue Jul 15 11:34:36 2003] [error] [client 10.9.8.9] Digest: uri mismatch -
</> does not match request-uri <92ce>
[Tue Jul 15 11:34:40 2003] [error] [client 10.9.8.9] Digest: uri mismatch -
</> does not match request-uri <3151>
[Tue Jul 15 11:34:42 2003] [error] [client 10.9.8.9] Digest: uri mismatch -
</> does not match request-uri <76dc2960acd64a5Host>
--------------------
below is part config file of a digest auth server:
---------------
<IfModule mod_proxy.c>
ProxyRequests On
<Proxy *>
options indexes followsymlinks
allowoverride authconfig
AuthType Digest
AuthName "digest"
AuthDigestFile /usr/local/apache246/conf/digest
require valid-user
Order allow,deny
Allow from all .example.com
</Proxy>
ProxyVia On
#
# To enable the cache as well, edit and uncomment the following lines:
# (no cacheing without CacheRoot)
#
#CacheRoot "/usr/local/apache246/proxy"
#CacheSize 5
#CacheGcInterval 4
#CacheMaxExpire 24
#CacheLastModifiedFactor 0.1
#CacheDefaultExpire 1
#NoCache a-domain.com another-domain.edu joes.garage-sale.com
</IfModule>
# End of proxy directives.
-----------------
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org