httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nicolas Daniels <nicolas.dani...@swing.be>
Subject Re: [users@httpd] Mod_proxy: Authentication-Info header lost in response
Date Thu, 28 Mar 2013 15:21:56 GMT
Hi,

I finally solved the problem myself by modifying the source code of 
mod_proxy_http.c:
Line 1697:
apr_table_do(addit_dammit, save_table, r->headers_out, "Set-Cookie", NULL);
-->
apr_table_do(addit_dammit, save_table, r->headers_out, "Set-Cookie", 
"Authentication-Info", NULL);

Cheers


On 27/03/2013 13:23, Nicolas Daniels wrote:
> Ok, I was probably not clear enough ;-)
>
> First I'm using mod_proxy_http and DIGEST authentication. 
> Authentication-Info header is part of digest authentication:
> http://rfc-ref.org/RFC-TEXTS/2069/chapter2.html
>
> Lets say I've 2 accessed URLs:
>
> http://mydomain.com/index.html
> http://mydomain.com/tomcat/index.html
>
> Both are using digest authentication on apache.
>
> Proxy is configured as follow:
> ProxyPass  /tomcat http://mytomcat.com/bla
> ProxyPassReverse  /tomcathttp://mytomcat.com/bla
> So http://mydomain.com/index.html is replied directly by apache and 
> http://mydomain.com/tomcat/index.html is proxied to tomcat.
>
> 1st case: Authentication-Info replied
>
> > GET /index.html HTTP/1.1
> > User-Agent: curl/7.29.0
> > Host: mydomain.com
> > Accept: */*
>
> < HTTP/1.1 401 Unauthorized
> < Date: Wed, 27 Mar 2013 11:24:18 GMT
> < Server: Apache/2.4.4 (Unix)
> < WWW-Authenticate: Digest realm="bla", 
> nonce="nxteR+bYBAA=9c9e9d4176b1ff722c18122c2a3a9af3d52b6e8a", 
> algorithm=MD5, qop="auth"
> < Content-Length: 381
> < Content-Type: text/html; charset=iso-8859-1
>
> > GET /index.html HTTP/1.1
> > Authorization: Digest username="username", realm="bla", 
> nonce="nxteR+bYBAA=9c9e9d4176b1ff722c18122c2a3a9af3d52b6e8a", 
> uri="/index.html", cnonce
> ="ICAgICAgICAgICAgICAgICAgICAgICAgICAxNDEyNjc=", nc=00000001, 
> qop=auth, response="bbfa7dqsdqs2c014d85sqdzaab1", algorithm="MD5"
> > User-Agent: curl/7.29.0
> > Host: mydomain.com
> > Accept: */*
>
> < HTTP/1.1 200 OK
> < Date: Wed, 27 Mar 2013 11:24:18 GMT
> < Server: Apache/2.4.4 (Unix)
> *< Authentication-Info: rspauth="efbdcdsqdsqhiaaazqds4eee3c1", 
> cnonce="ICAgICAgICAgICAgICAgICAgICAgICAgICAxNDEyNjc=", nc=00000001, 
> qop=auth*
> < Last-Modified: Tue, 19 Feb 2013 08:24:06 GMT
> < ETag: "22-4d60f909e7580"
> < Accept-Ranges: bytes
> < Content-Length: 34
> < Content-Type: text/plain
> ....
>
> 2nd case: Authentication-Info *not* replied
>
> > GET /tomcat/index.html HTTP/1.1
> > User-Agent: curl/7.29.0
> > Host: mydomain.com
> > Accept: */*
>
> < HTTP/1.1 401 Unauthorized
> < Date: Wed, 27 Mar 2013 12:15:25 GMT
> < Server: Apache/2.4.4 (Unix)
> < WWW-Authenticate: Digest realm="bla", 
> nonce="5X4sqdsqdsqd456sq4dsq4d65sq78zf599bbd478c", algorithm=MD5, 
> qop="auth"
> < Content-Length: 381
> < Content-Type: text/html; charset=iso-8859-1
>
> > GET /tomcat/index.html HTTP/1.1
> > Authorization: Digest username="username", realm="bla", 
> nonce="5X4sqdsqdsqd456sq4dsq4d65sq78zf599bbd478c", 
> uri="/tomcat/index.html", 
> cnonce="ICAgICAgICAgICAgICAgICAgICAgICAgICA0NDk5NzM=", nc=00000001, 
> qop=auth, response="cf10890c9dsqdsqef3bd248dsqdsqec34", algorithm="MD5"
> > User-Agent: curl/7.29.0
> > Host: mydomain.com
> > Accept: */*
>
> < HTTP/1.1 200 OK
> < Date: Wed, 27 Mar 2013 12:15:27 GMT
> < Server: Apache-Coyote/1.1
> < Content-Type: application/json
> < Content-Length: 142
> .....
>
> So my question is, is there any way to have Apache reply this 
> Authentication-Info in both case ? I guess the reverse proxy should 
> add is somehow...
>
> Thanks !
>
> On 27/03/2013 13:00, Nick Kew wrote:
>> On 27 Mar 2013, at 11:39, Nicolas Daniels wrote:
>>
>>> Everything work fine except that when the proxy is used, the Authentication-Info
header is not included in the response. If Apache is replying directly without using the proxy,
it is included.
>> There's no such header in HTTP.  Why not tell us exactly what you mean?
>>
>


Mime
View raw message