httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nicolas Daniels <nicolas.dani...@swing.be>
Subject Re: [users@httpd] Mod_proxy: Authentication-Info header lost in response
Date Wed, 27 Mar 2013 12:23:16 GMT
Ok, I was probably not clear enough ;-)

First I'm using mod_proxy_http and DIGEST authentication. 
Authentication-Info header is part of digest authentication:
http://rfc-ref.org/RFC-TEXTS/2069/chapter2.html

Lets say I've 2 accessed URLs:

http://mydomain.com/index.html
http://mydomain.com/tomcat/index.html

Both are using digest authentication on apache.

Proxy is configured as follow:

ProxyPass  /tomcat http://mytomcat.com/bla
ProxyPassReverse  /tomcathttp://mytomcat.com/bla

So http://mydomain.com/index.html is replied directly by apache and 
http://mydomain.com/tomcat/index.html is proxied to tomcat.

1st case: Authentication-Info replied

 > GET /index.html HTTP/1.1
 > User-Agent: curl/7.29.0
 > Host: mydomain.com
 > Accept: */*

< HTTP/1.1 401 Unauthorized
< Date: Wed, 27 Mar 2013 11:24:18 GMT
< Server: Apache/2.4.4 (Unix)
< WWW-Authenticate: Digest realm="bla", 
nonce="nxteR+bYBAA=9c9e9d4176b1ff722c18122c2a3a9af3d52b6e8a", 
algorithm=MD5, qop="auth"
< Content-Length: 381
< Content-Type: text/html; charset=iso-8859-1

 > GET /index.html HTTP/1.1
 > Authorization: Digest username="username", realm="bla", 
nonce="nxteR+bYBAA=9c9e9d4176b1ff722c18122c2a3a9af3d52b6e8a", 
uri="/index.html", cnonce
="ICAgICAgICAgICAgICAgICAgICAgICAgICAxNDEyNjc=", nc=00000001, qop=auth, 
response="bbfa7dqsdqs2c014d85sqdzaab1", algorithm="MD5"
 > User-Agent: curl/7.29.0
 > Host: mydomain.com
 > Accept: */*

< HTTP/1.1 200 OK
< Date: Wed, 27 Mar 2013 11:24:18 GMT
< Server: Apache/2.4.4 (Unix)
*< Authentication-Info: rspauth="efbdcdsqdsqhiaaazqds4eee3c1", 
cnonce="ICAgICAgICAgICAgICAgICAgICAgICAgICAxNDEyNjc=", nc=00000001, 
qop=auth*
< Last-Modified: Tue, 19 Feb 2013 08:24:06 GMT
< ETag: "22-4d60f909e7580"
< Accept-Ranges: bytes
< Content-Length: 34
< Content-Type: text/plain
....

2nd case: Authentication-Info *not* replied

 > GET /tomcat/index.html HTTP/1.1
 > User-Agent: curl/7.29.0
 > Host: mydomain.com
 > Accept: */*

< HTTP/1.1 401 Unauthorized
< Date: Wed, 27 Mar 2013 12:15:25 GMT
< Server: Apache/2.4.4 (Unix)
< WWW-Authenticate: Digest realm="bla", 
nonce="5X4sqdsqdsqd456sq4dsq4d65sq78zf599bbd478c", algorithm=MD5, qop="auth"
< Content-Length: 381
< Content-Type: text/html; charset=iso-8859-1

 > GET /tomcat/index.html HTTP/1.1
 > Authorization: Digest username="username", realm="bla", 
nonce="5X4sqdsqdsqd456sq4dsq4d65sq78zf599bbd478c", 
uri="/tomcat/index.html", 
cnonce="ICAgICAgICAgICAgICAgICAgICAgICAgICA0NDk5NzM=", nc=00000001, 
qop=auth, response="cf10890c9dsqdsqef3bd248dsqdsqec34", algorithm="MD5"
 > User-Agent: curl/7.29.0
 > Host: mydomain.com
 > Accept: */*

< HTTP/1.1 200 OK
< Date: Wed, 27 Mar 2013 12:15:27 GMT
< Server: Apache-Coyote/1.1
< Content-Type: application/json
< Content-Length: 142
.....

So my question is, is there any way to have Apache reply this 
Authentication-Info in both case ? I guess the reverse proxy should add 
is somehow...

Thanks !

On 27/03/2013 13:00, Nick Kew wrote:
> On 27 Mar 2013, at 11:39, Nicolas Daniels wrote:
>
>> Everything work fine except that when the proxy is used, the Authentication-Info
header is not included in the response. If Apache is replying directly without using the proxy,
it is included.
> There's no such header in HTTP.  Why not tell us exactly what you mean?
>


Mime
View raw message