httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <>
Subject [PATCH] Reverse proxy and authentication
Date Tue, 04 May 1999 08:49:47 GMT
Hi all,

This is the patch that fixes authetication when used with a reverse

Currently if an attempt is made using a <Location> structure to password
protect a URL that has been reverse proxied, Apache sends a
"Proxy-authenticate" header instead of an "WWW-authenticate" header.
This confuses the browser, which thinks the Apache webserver is a
website and not a proxy, and the authentication fails.

In the code currently a variable request_rec->proxyreq is set non-zero
if the request is a proxy request. This patch extends that variable to
three states, NONE, PROXY and REVERSE with the values 0, 1 and 2
respectively. This is backward compatible with the "non-zero" behaviour,
and allows the authenticate code to distinguish between the requests.

This patch does not yet fix the case where a website is reverse proxied
through another proxy, still working on it.

The src/CHANGES file:

  *) Fixed proxy/www authentication mixup when authenticating reverse
     URLs. [Graham Leggett <>]

No PR's outstanding.

-----------------------------------------		"There's a moon
					over Bourbon Street
View raw message