That helps. Through some more troubleshooting, I removed the authproxy line from the reverse map and it is mostly working. The remaining error I have is in one application that uses a json PUT. The app work until the user uses that function, and ATS returns a 500 method not allowed. Going directly to the source server works though.
I'm wondering if it has anything to do with every single request getting forwarded to the http auth server first. Thank you for the tip on debug flags, I will continue to play with that and see what I can find. On Oct 12, 2016, James Peach <jpe...@apache.org> wrote: > >> On Sep 30, 2016, at 10:08 AM, Josh North <josh.no...@point808.com> >wrote: >> >> Hello, >> >> I am using ATS as a reverse proxy. I have been requested to set up >> some URL's to use LDAP authentication with a directory server. I >> found the authproxy plugin and configured it, and it successfully >> authenticates/denies, but then returns a 404(or if I add an internal >> map to the auth server, the browser tries to take me there). I feel >I >> am missing a very basic concept so I apologize. >> >> Here is my expectation based on how I have remap.config set up: >> 1. Browser requests https://test.point808.com/ >> 2. ATS uses auth.internal.point808.com to authenticate if the >request >> is allowed >> 3. If not allowed, just fail however it wants to, don;t care >> 4. if allowed, reverse proxy to privateserver.internal.point808.com >> >> Instead, at step 4, after a successful user/pass, I just get a >> redirect to auth.internal.point808.com, which fails because that >> server is not publicly available and does not have the content that >> privateserver has. >> >> remap.config >> -------------------------- >> # LDAP Auth Server >> map http://auth.internal.point808.com/ >http://auth.internal.point808.com/ >> >> # Private Server >> map https://test.point808.com/ >> http://privateserver.internal.point808.com/ @plugin=authproxy.so >> @pparam=--auth-transform=redirect >> @pparam=--auth-host=auth.internal.point808.com @pparam=--auth-port=80 > >This looks reasonable. > >> reverse_map http://privateserver.internal.point808.com/ >> https://test.point808.com/ @plugin=authproxy.so >> @pparam=--auth-transform=redirect >> @pparam=--auth-host=auth.internal.point808.com @pparam=--auth-port=80 > >reverse_map is used to rewrite response headers, so it is might not be >what you want. If it is what you want, I’m not sure that you want to >attach the authproxy plugin to it. > >Generally, authproxy will need a map to use for the auth server, so >maybe something like this: > >map http://privateserver.internal.point808.com/ \ > http://privateserver.internal.point808.com/ \ > @internal > >If you need to debug authproxy itself, try traffic_server -T >‘authproxy|http_hdrs’. > >J
