All,
We are testing AuthCookieNTLM to secure our Intranet. We are running Apache 1.3, mod_perl, and AuthCookieNTLM. Our requests are also rewritten using mod_rewrite. If we hit the server quickly enough, and with enough requests, the browsers start to hang. This problem only occurs in our UAT environment, while the module works really well in dev.
Some of our users are logged into a different domain and do get prompted for their credentials on the domain we authenticate against. However, if enough of these users attempt to log in to the intranet at once, the browsers start to hang during the authentication process. Once one browser is hung, I can point a new browser window at our intranet and the first browser window kicks back into life, and the new browser window hangs.
It seems like the lock is getting stuck somewhere. Once the authentication is complete, and the authentication cookie issued, the user can continue to browse the intranet successfully.
Has anybody else experienced a similar problem with this module?
Many thanks,
Brett Beaumont
Relevant KeepAlive and server settings:
ServerType standalone
Timeout 300
#
# Keepalives must be on for NTLM auth
# Unlimited number of keep alive requests, 5 minute timeout
KeepAlive On
MaxKeepAliveRequests 0
KeepAliveTimeout 5
#
StartServers 20
MinSpareServers 10
MaxSpareServers 40
MaxClients 255
MaxRequestsPerChild 1000
#----------------------------------------
# /intranet is NTLM Authenticated
# Unauthenticated access is allowed from
# localhost and 1 remote IP Address
#----------------------------------------
<Location /intranet>
PerlAuthenHandler Apache::AuthCookieNTLM
AuthType ntlm,basic
AuthName DOMAIN
PerlAddVar ntdomain "DOMAIN DC1"
PerlSetVar ntlmauthoritative on
PerlSetVar basicauthoritative on
PerlSetVar defaultdomain DOMAIN
PerlSetVar fallbackdomain DOMAIN
PerlSetVar splitdomainprefix 1
PerlSetVar ntlmdebug 1
Require valid-user
RewriteEngine On
RewriteRule ^/.*/$ /target%{REQUEST_URI} [P]
RewriteRule ^/.*$ /target%{REQUEST_URI} [P]
order Allow,Deny
allow from 127.0.0.1
Satisfy any
</Location>
Important: This electronic mail message and attachments (if any) are confidential and may be legally privileged. If you are not the intended recipient please contact us immediately and destroy this message. You may not legally copy, disclose, disseminate or use the contents in any way. Thank you.
