httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yann Ylavic <ylavic....@gmail.com>
Subject Re: [users@httpd] Apache Reverse Proxy and NTLM Authentication Help!
Date Thu, 09 Nov 2017 22:07:45 GMT
Hi Deanna,

On Thu, Nov 9, 2017 at 6:24 PM, Deanna Stevenson <dstevensone@gmail.com> wrote:
>
> After researching it turned out to be related with maintaining persistent
> connections.

For NTLM to work through a reverse proxy, client connections need to
be associated with backend ones (1:1), that is the proxy must (re)use
the same backend connection for the requests arriving on the same
client connection (NTLM authenticates connections, not requests...).

> So, I added "KeepAlive On" to the virtual hosts config file,
> but this doesn't seem to have helped.
>
> I see many posts talking about these issues, but nothing recent. Could
> anybody please help/advise?

The only way (I'm aware of) to let NTLM pass through Apache httpd is
to use MPM prefork, to indeed set "KeepAlive on" (globally), and
finally to add "SetEnv proxy-initial-not-pooled" in the reverse proxy
VirtualHost (if any, otherwise globally).

There were patches proposed to make it work with other MPMs, but they
are not up to date (while the above should work with vanilla httpd).


Regards,
Yann.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message