>Number: 3027 >Category: mod_proxy >Synopsis: ProxyPass whith authentication, use PROXY-Authenticate header, >and not WWW-Authenticate >Confidential: no >Severity: serious >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Fri Sep 18 04:10:00 PDT 1998 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3.1 >Environment: every OS >Description: I was using a web server apache 1.2.6 as a reverse proxy, in front of another web server, with directives like 'ProxyPass'. Some URL's 'proxied' were protected by password (using Basic authentication and 'require' feature). All was working well. I migrate to version 1.3.1 and it is not working. In fact it returned a '407' error code, in case of accessing a protected URL. It's working only if you declare my 'reverse proxy' server as your proxy server in your browser. But it's not working if you access Internet already through a proxy !. >How-To-Repeat: Configure 2 apache web servers with one as a reverse proxy, with at least one proxied URL protected by password. >Fix: In the code of Apache 1.3.1 you use only 2 values (0 and 1) with 'r->proxyreq' to distinguish proxy requests and normal requests. I suggest to use a third value (2 for example) to identify a 'pseudo proxy request' used by 'ProxyPass', and modify the tests 'r-proxyreq ?' whith 'r->proxyreq == 1' in file http_protocol.c. All the files concerned are request.c, http_protocol.c, mod_proxy.c (function proxy_trans, r->proxyreq = 2 after (len > 0)), mod_digest.c. I implement this change and it's working fine. >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] [If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request ] [from a developer. ] [Reply only with text; DO NOT SEND ATTACHMENTS! ]
