httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pieter Vanmeerbeek" <>
Subject [users@httpd] Header set & WWW-Authenticate
Date Wed, 26 Sep 2007 10:00:09 GMT

I'm working with the following setup : 

Client <-- internet--> apache reverse proxy <--lan--> owa 2003 with NTLM &
basic  authenticaton activated

When using this setup the NTLM authentication is chosen by a browser on the
client instead of the basic authentication.
My goal is to use basic authentication and to disable NTLM authentication.
Unfortunalty due to circumstances I cannot disable it on the owa server
Hence I was searching for a way to achief the same result using the reverse

In the apache doc I found the Header directive which allows modification of
headers if they exist.
So I'm getting the following headers from  the IIS :

WWW-Authenticate: Negotiate 
WWW-Authenticate: NTLM 
WWW-Authenticate: Basic realm="x.x.x.x"

And I want to only comminicate the basic one to the client.

When using Header unset WWW-Authenticate all headers are removed resulting
in an error since no authentication is performed.
So I wanted to use the Header edit option which allows modification in the
header exists

Header edit WWW-Authenticate: ^NTLM dummy

Unfortunatly doing this results in removal of all WWW-Authenticate headers
except for the Negotiate instead of modification of the headers.
Headers sent to client : 
WWW-Authenticate: Negotiate

Can anyone help me and tell me what I'm doing wrong?

Kind regards

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message