Hi, I have an issue with Apache2::AuthenNTLM and mod_rewrite, and seems that nobody else is having this problem. Maybe I missed something very simple, or maybe nobody else is doing this (wich I doubt).
Let's see if I can explain the problem. Our environment is like this: - Debian Etch - Apache 2 (2.2.3-4) - Perl 5.8.8-7 - libapachache2-mod-perl2 - Domain controler uses Windows 2003 Server We have a <Location /> in Apache that require NTLM authentication for all content in Apache using Apache2::AuthenNTLM. Everything works fine for content under DocumentRoot, but we also use some RewriteRules to serve content from a Tomcat app server, and when the rewrite applies, Apache returns a "401 Authorization Required" error. For example, typing these urls in a browser (server is 10.9.133.0) http://10.9.133.0 (File /var/www/index.html) <--- Works fine http://10.9.133.0/example/index.html (File /var/www/example/index.html ) <--- Also fine But with content under "test" wich is rewrited using this rule: RewriteRule ^/test(.*) http://10.9.133.0:9673/$1 [P,L] If you ask for (test is a valid python script in the Tomcat server): http://10.9.133.0/test/test (File http://10.9.133.0:9673/test ) <-- 401 error Those rewrites works fine if you already have a valid authentication (requesting the home with the browser first, for example), but this means that we cannot make a direct link to any file in the rewrited content, because you get the 401 error without the server even asking for username/password. This is the apache error log of the failed request. [20330] AuthenNTLM: Start NTLM Authen handler pid = 20330, connection = 139690552 conn_http_hdr = keep-alive main = cuser = remote_ip = 10.9.236.124 remote_port = 13872 remote_host = <> version = 0.02 smbhandle = [20330] AuthenNTLM: Setup new object [20330] AuthenNTLM: Config Domain = dom_csd1 pdc = sdc1 bdc = [20330] AuthenNTLM: Config Default Domain = Dom_csd1 [20330] AuthenNTLM: Config Fallback Domain = [20330] AuthenNTLM: Config AuthType = basic,ntlm AuthName = Autenticacion bajo NTLM [20330] AuthenNTLM: Config Auth NTLM = 1 Auth Basic = 1 [20330] AuthenNTLM: Config NTLMAuthoritative = on BasicAuthoritative = on [20330] AuthenNTLM: Config Semaphore key = 23754 timeout = 1 [20330] AuthenNTLM: Config SplitDomainPrefix = 1 [20330] AuthenNTLM: Authorization Header <not given> [Tue Jun 12 12:15:09 2007] [error] Bad/Missing NTLM/Basic Authorization Header for /test/test At this point the browser ( both Firefox and IE 6.0) is showing the 401 error. A while after the log shows again: [20332] AuthenNTLM: Start NTLM Authen handler pid = 20332, connection = 138433448 conn_http_hdr = main = cuser = remote_ip = 127.0.0.1 remote_port = 13362 remote_host = <> version = 0.02 smbhandle = [20332] AuthenNTLM: Setup new object [20332] AuthenNTLM: Config Domain = dom_csd1 pdc = sdc1 bdc = [20332] AuthenNTLM: Config Default Domain = Dom_csd1 [20332] AuthenNTLM: Config Fallback Domain = [20332] AuthenNTLM: Config AuthType = basic,ntlm AuthName = Autenticacion bajo NTLM [20332] AuthenNTLM: Config Auth NTLM = 1 Auth Basic = 1 [20332] AuthenNTLM: Config NTLMAuthoritative = on BasicAuthoritative = on [20332] AuthenNTLM: Config Semaphore key = 23754 timeout = 1 [20332] AuthenNTLM: Config SplitDomainPrefix = 1 [20332] AuthenNTLM: Authorization Header <not given> [Tue Jun 12 12:17:54 2007] [error] Bad/Missing NTLM/Basic Authorization Header for / Those logs are exactly the same as when you request any other page and click Cancel when the browser ask for password. This is the apache config file we're using: <VirtualHost *:80> RequestHeader set REMOTE_USER "%{REMOTE_USER}s" DocumentRoot /var/www/ ServerName 10.9.133.0 KeepAlive On <Location /> PerlAuthenHandler Apache2::AuthenNTLM AuthName "Autenticacion bajo NTLM" AuthType basic,ntlm PerlAddVar ntdomain "Dom_csd1 sdc1" PerlSetVar defaultdomain Dom_csd1 PerlSetVar ntlmdebug 1 PerlSetVar splitdomainprefix 1 PerlSetVar ntlmsemtimeout 1 PerlSetVar ntlmauthoritative on PerlSetVar basicauthoritative on require valid-user </Location> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined ServerSignature On <IfModule mod_rewrite.c> RewriteEngine On RewriteLogLevel 3 RewriteLog /var/log/apache2/rewrite.log ### Content running in Tomcat RewriteRule ^/test(.*) http://10.9.133.0:9673/$1 [P,L] </IfModule> </VirtualHost> Any ideas? Why everything is working fine except the rewrite rules? Why the browser dont even ask for credentials? Hope someone could help, cause this is driving me crazy. Thanks -- First they ignore you... Then they laugh at you... Then they fight you... Then you win Mohandas Ghandi Use Linux
