[users@httpd] Basic Auth with ProxyPass Through SSL
I am setting up a reverse proxy to an internal webserver from an apache server with a public IP. I want to use Basic Auth and SSL on the public apache server which then forwards standard http, non-ssl traffic, to the internal webserver. Basic auth with ProxyPass works perfectly without using ssl but when using ssl the browser prompts me for the credentials but apache never accepts them as valid. Accessing the internal site with ssl and ProxyPass WITHOUT basic auth required works as well. This configuration works great without using ssl: VirtualHost *:80 ProxyPass / http://site.internal/ retry=0 ProxyPassReverse / http://site.internal/ ProxyPreserveHost On Location / AuthType Basic AuthName Restricted Area AuthUserFile /usr/local/apache/access-file Require valid-user /Location /VirtualHost However this configuration does not work, however if I remove basic auth I can get through: VirtualHost *:443 ProxyPass / http://site.interal/ retry=0 ProxyPassReverse / http://site.internal/ ProxyPreserveHost On Location / AuthType Basic AuthName AFC Restricted Access AuthUserFile /user/local/apache/access-file Require valid-user /Location VirtualHost What am I missing? - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Basic Auth with ProxyPass Through SSL
On Thu, Jul 28, 2011 at 1:06 PM, Tim Watts t...@dionic.net wrote: On 28/07/11 19:23, Joel Donahue wrote: I am setting up a reverse proxy to an internal webserver from an apache server with a public IP. I want to use Basic Auth and SSL on the public apache server which then forwards standard http, non-ssl traffic, to the internal webserver. Basic auth with ProxyPass works perfectly without using ssl but when using ssl the browser prompts me for the credentials but apache never accepts them as valid. Accessing the internal site with ssl and ProxyPass WITHOUT basic auth required works as well. This configuration works great without using ssl: VirtualHost *:80 ProxyPass / http://site.internal/ retry=0 ProxyPassReverse / http://site.internal/ ProxyPreserveHost On Location / AuthType Basic AuthName Restricted Area AuthUserFile /usr/local/apache/access-file Require valid-user /Location /VirtualHost However this configuration does not work, however if I remove basic auth I can get through: VirtualHost *:443 ProxyPass / http://site.interal/ retry=0 ProxyPassReverse / http://site.internal/ ProxyPreserveHost On Location / AuthType Basic AuthName AFC Restricted Access AuthUserFile /user/local/apache/access-file Require valid-user /Location VirtualHost What am I missing? - The official User-To-User support forum of the Apache HTTP Server Project. SeeURL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org Anything in the apache logs? I can't see anything straight off that's wrong. Here's the recipe I use which is known to work: http://squiddy.blog.dionic.net/2011/06/apache-22-pam-authentication-and-ssl.html That breaks it down a bit, and does more (always does an SSL redirect for an auth'd location for security) but it should work for you if you change the Auth* lines in /etc/apache2/snippets/auth I tend to dispense with ProxyPass in favour of Rewrite rules with the Proxy flag - just for my sanity, as then I can be sure of the order of execution of the various rewrites. But I do a lot of what you are doing (in my case, proxy through to various tomcat servers) mixed with PAM (ultimately LDAP) auth - but any auth method will work with the recipe above... It looks fiddly, but there is an explanation and the snippets/* files are invariant across sites/servers (unless you need different auth methods or files of course). Sorry - in a rush, supper cooked - I'll come back later if anything doesn;t make sense... Cheers Tim -- Tim Watts Personal Blog: http://www.dionic.net/tim/ - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org I got it working now. I didn't see anything in the logs to start with because I wasn't checking the ssl logs. It was a simple typo. I used 'user' and not 'usr' AuthUserFile /user/local/apache/access-file changed to AuthUserFile /usr/local/apache/access-file Thanks for your help Tim. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Mod_Rewrite and reverse proxy
Is it possible to use Mod_Rewrite and apache in reverse proxy mode simultaneously? I have a web server (server1) that is a mirror of another of another web server (server2) and all requests from the server1 are reverse proxyed to server2. The robots.txt from server2 needs to be changed to disallow crawling when accessed through server1. So I created a robots2.txt, uploaded onto server2 and tried this configuration on server1 but it is not working. Directory / RewriteEngine on RewriteBase / RewriteRule ^robots\.txt$ robots2.txt /Directory ProxyPass / http://www.server2/ retry=0 ProxyPassReverse / http://www.server2/ ProxyPreserveHost On Any recommendations as to how to accomplish this are very much appreciated. Thank you. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Mod_Rewrite and reverse proxy
On Wed, Apr 20, 2011 at 4:58 PM, Mark Montague m...@catseye.org wrote: On April 20, 2011 18:43 , Joel Donahue joel.donahu...@gmail.com wrote: Is it possible to use Mod_Rewrite and apache in reverse proxy mode simultaneously? Directory / RewriteEngine on RewriteBase / RewriteRule ^robots\.txt$ robots2.txt /Directory ProxyPass / http://www.server2/ retry=0 ProxyPassReverse / http://www.server2/ ProxyPreserveHost On Yes, but the Directory stanza applies to files that are being served from the front-end server's filesystem. The rewrite rules you put in the Directory stanza have no effect because the requests are being proxied, not served from the filesystem. Move the RewriteEngine and RewriteRule directives out of the Directory context and into the virtual host context with the ProxyPass directive. You should also get rid of the RewriteBase directive and make the RewriteRule directive operate on absolute (not relative) URLs, like this: RewriteRule ^/robots\.txt$ /robots2.txt -- Mark Montague m...@catseye.org I just realized I wasn't replying to the list Here is the config that got it working thanks to Mark's suggestions VirtualHost *.*.*.*:80 ServerName server1 ServerAlias server1 ProxyPass / server2/ retry=0 ProxyPassReverse / server2/ ProxyPreserveHost On RewriteEngine on RewriteRule ^/robots\.txt$ /robots2.txt [PT] /VirtualHost - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Targeting specific files in reverse proxy mode
I have setup apache2 to run in reverse proxy mode with mod_proxy and ProxyPass. I am trying to target the robots.txt file to modify it with mod_ext_filter and am having no such luck. I have mod_ext_filter working fine changing links on other parts of the site, So I don't believe it's configuration is an issue. ExtFilterDefine robots mode=output cmd=/usr/bin/robots.pl Files robots.txt SetOutputFilter robots /Files Using the Files directive is not working and I read somewhere that it won't work because I am using a reverse proxy and that I should use the Location directive. Is that correct? What would be the proper way to target the robots.txt file so I can process it with mod_ext_filter? - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
