[users@httpd] Reverse Proxy and Authentication problem.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I have a problem which I think might be a bug. I have
setup Apache as a Reverse proxy and it works fine! The
backend Web server is IIS. For some of the web pages a
user has to enter their Windows credentials to reach
the web page. This also works fine!

The Problem: What is required is first a general
authentication so that one can reach the backend
server, which means that one authenticates first at
the proxy and then a second time to access the
protected IIS web pages. The first authenticate to
grant access through the proxy works fine, but the IIS
authentication part doesn't. If I look at the error
log Apache is trying to authenticate the user instead
of passing it through. Why? Is there a simple answer?

The relevant configuration:

<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        ServerName proxy.xxxxxx.com

        SSLEngine On
        SSLProxyEngine on
        SSLCertificateFile   
/etc/ssl/xxxxxxCA/www-cert.pem
        SSLCertificateKeyFile
/etc/ssl/xxxxxCA/www-key.pem

        ProxyRequests Off

        <Location />
        AuthType Basic
        AuthAuthoritative Off
        AuthName "Restricted Area - PharmaPart only"
        AuthLDAPAuthoritative Off
        AuthLDAPURL
ldap://ldap.xxxxx.net/ou=people,dc=xxxxxx,dc=com?mail?sub?(objectClass=*)
        Require valid-user
        ProxyPass http://ppzhsr02.xxxxxxx.net/
        ProxyPassReverse http://ppzhsr02.xxxxxx.net/
        </Location>

        <Proxy *>
        Order deny,allow
        Allow from all
        </Proxy>

Like I've stated - take the Authxxxx part away and the
IIS authentication works fine. It appears to me that
when I put the Authxxxx statements in place that the
Proxy wants to do all authentications rather than just
the first access authentication.

Can anyone help?

Thanx
John

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam
protection around 
http://mail.yahoo.com 

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux