Re: Authentication in Location blocks for reverse proxy seems to take precedence in routes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I forgot to add I'm using Docker image http:2.4.59.

On Fri, Jun 14, 2024 at 11:41 AM M Foster <fostdev@xxxxxxxxx> wrote:
Hello,

I'm struggling a bit with an issue when using Apache as a reverse proxy when needing to use differing Authentication. I've searched for a couple of days now, but nothing matching what I'm seeing has come up.

The scenario is that I am using Apache as a reverse proxy, but sending a sub-path to different backend like so (extremely simplified):

<Location "/foo/bar">
  ProxyPass http://host2:8080/foo/bar
</Location>
<Location "/foo">
  ProxyPass http://host1.example.com/foo
</Location>

This works without issue. However, as soon as I try to put authentication on the second location (or more accurately different authentication directives), any request to "/foo/bar" triggers auth:

Example:
<Location "/foo/bar">
  ProxyPass http://host2:8080/foo/bar
</Location>
<Location "/foo">
  AuthType basic
  AuthName "Restricted"
  AuthUserFile /usr/local/apache2/.htpasswd
  Require valid-user
  ProxyPass http://host1.example.com/foo
</Location>

In the logs, set to trace8, I see that now apache is matching the REQUEST_URI to the wrong proxy handler:

"attempting to match URI path '/foo/bar' against prefix '/foo' for proxying
"URI path /foo/bar' matches proxy handler 'proxy:http://host1.example.com/foo/bar'"
"authorization result of Require valid-user : denied (no authenticated user)"

Without any auth, the logs correctly show the request to `/foo/bar` being routed to the correct proxy handler 'proxy:http://host2:8080/foo/bar'.

If anyone has any ideas on why adding auth completely blows up the proxy routing, I'd appreciate it. Otherwise, I'll have to create two proxy servers, just to handle each case.


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux