www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Torbjörn" Carlsson <torbjorn.carls...@mobilitypartner.com>
Subject mod_proxy/7439: BasicAuth protected ProxyPass directive can't handle BasicAuth on "real" server.
Date Tue, 20 Mar 2001 13:50:20 GMT

>Number:         7439
>Category:       mod_proxy
>Synopsis:       BasicAuth protected ProxyPass directive can't handle BasicAuth on "real"
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Tue Mar 20 06:00:05 PST 2001
>Originator:     torbjorn.carlsson@mobilitypartner.com
>Release:        1.3.19
RedHat 6.2 on i686
If the real server is using basic auth, as well as the proxy. the Servers BasicAuth header
is trashed when going through the ProxyPass proxy.

It also looks like the ProxyPass directive passes on it's Basic-Auth header, the one that
is used between the client and the proxy, to the real server.
That probably destroys the Basic-Auth header that the Server sends out.

When using the setup described under the "repeat problem" tag
I'm alternately getting the AuthName from the proxy and from the Server.
Both of them rejects the BasicAuth header that is sent and requests a new one.
= Infinite loop.


Proxy server:
ProxyPass               /basic-auth     http://server/basic-auth
ProxyPassReverse        /basic-auth     http://server/basic-auth
<Location "/basic-auth">
          AuthName        "The Proxy test"
          AuthType        Basic
          AuthUserFile    /etc/httpd/conf/proxy.passwd
          require  valid-user
Real server:
<Location "/basic-auth">
          AuthName        "The Real server"
          AuthType        Basic
          AuthUserFile    /etc/httpd/conf/server.passwd
          require  valid-user

There is no way to get through.

 [In order for any reply to be added to the PR database, you need]
 [to include <apbugs@Apache.Org> in the Cc line and make sure the]
 [subject line starts with the report component and number, with ]
 [or without any 'Re:' prefixes (such as "general/1098:" or      ]
 ["Re: general/1098:").  If the subject doesn't match this       ]
 [pattern, your message will be misfiled and ignored.  The       ]
 ["apbugs" address is not added to the Cc line of messages from  ]
 [the database automatically because of the potential for mail   ]
 [loops.  If you do not include this Cc, your reply may be ig-   ]
 [nored unless you are responding to an explicit request from a  ]
 [developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]

View raw message