httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@arctic.org>
Subject Re: Something broke on the way to 1.3 ...
Date Sun, 29 Mar 1998 08:59:42 GMT
Personally I think ProxyPass and mod_rewrite's proxy rewrite stuff should
not be subject to proxy authentication, but rather to normal auth. 
They're just magic ways of making part of an origin server be served from
elsewhere... they're not supposed to be used for true proxies at all.

i.e. yeah I think this is a bug.  No I don't have an immediate fix for it. 
I suspect the fix is non-trivial... and one of those cases where the proxy
is going to continue to pollute the core in a non-general way. 

Dean

On Fri, 27 Mar 1998, Marc Slemko wrote:

> On Fri, 27 Mar 1998, sameer wrote:
> 
> > 	In all seriousness I think that the 1.3 behavior is correct
> > and the 1.2 beehavior is broken. I wish I could think of some way for
> > you to do what you want to do though. Perhaps the master of rewriting
> > (Dean?) will have some insight.
> 
> Neither behaviour is correct.  There are... issues when considering
> exactly what sort of access control should be applied to such requests.
> In this case, the concept would be that you should figure out if it is a
> proxy request from the client or an internal mumble and handle it
> accordingly.
> 
> Also consider the case where there is an access restriction stopping
> outside people from using the proxy, but you still want them to be able to
> use ProxyPass things, etc.
> 
> > 
> > > Just upgraded most of our servers from 1.2.6 to 1.3b6-dev.  This went
> > > smoothly with just one little  exception.  To try to cut a long
> > > httpd.conf short I had something like the following
> > > 
> > > ProxyPass /proxy/foo http://foo/
> > > <Location ~ "/register|/admin">
> > >   require valid-user
> > > </Location>
> > > 
> > > A user asking for
> > > 
> > > /proxy/foo/register
> > > 
> > > would need to authenticate themself before the proxy request took
> > > place.  This all worked fine!
> > > 
> > > Under 1.3 however, a user asking for the same URL gets a 407 (Proxy
> > > authentication required) error - which the browser (Communicator in this
> > > case) doesn't take to mean that it should pop up a username/password
> > > box.  Hence the request never gets to the proxy server
> > > 
> > > I'm not sure what behaviour is "correct", but figured it was worth
> > > reporting.
> > > 
> > > Mike
> > > 
> > > 
> > 
> > 
> > -- 
> > Sameer Parekh					Voice:   510-986-8770
> > President					FAX:     510-986-8777
> > C2Net
> > http://www.c2.net/				sameer@c2.net
> > 
> 
> 


Mime
View raw message