httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sameer <sam...@c2.net>
Subject Re: proxy auth
Date Thu, 17 Jul 1997 19:32:53 GMT
> S14.34 in RFC2068 says ... "When multiple proxies are used in a
>    chain, the Proxy-Authorization header field is consumed by the first
>    outbound proxy that was expecting to receive credentials. A proxy MAY
>    relay the credentials from the client request to the next proxy if
>    that is the mechanism by which the proxies cooperatively authenticate
>    a given request."
> 
> You strip it categorically here.  Which is the safest thing to do I
> suppose.  There should probably be a PassProxyAuthorization option, but
> not something worth holding this on.

	Actually I prefer a ProxyBlockHeader directive, which blocks
specified headers. (We have a customer using ProxyPass, and
authenticating at the proxy using normal 401 auth, but doesn't want
the Authorization header to pass through.)

> 
> Other than that it looks fine according to rfc2068.  (1945 does not
> specify proxy auth.) 
> 
> I don't know what to do about all the ?: things.  I'd like it if we could
> just continue to use AUTH_REQUIRED and do the change to
> HTTP_PROXY_AUTHENTICATION_REQUIRED when generating the response.  I wonder
> if it breaks anything.  I don't think the auth modules should care if
> they're authenticating a proxy request or a regular request.

	Hm.. maybe that would do it.

-- 
Sameer Parekh					Voice:   510-986-8770
President					FAX:     510-986-8777
C2Net
http://www.c2.net/				sameer@c2.net

Mime
View raw message