> On Oct 12, 2016, at 9:19 PM, Josh North <[email protected]> wrote: > > That helps. Through some more troubleshooting, I removed the authproxy line > from the reverse map and it is mostly working. The remaining error I have is > in one application that uses a json PUT. The app work until the user uses > that function, and ATS returns a 500 method not allowed.
It comes from ATS itself? I don’t see authproxy doing that, so must be something else. The --auth-transform=redirect is designed for the case where you have a separate service that can tell whether a request should be allowed. If you are doing the auth redirect to the upstream service, maybe —auth-transform=head is a better choice? > Going directly to the source server works though. > > I'm wondering if it has anything to do with every single request getting > forwarded to the http auth server first. > > Thank you for the tip on debug flags, I will continue to play with that and > see what I can find. > > On Oct 12, 2016, James Peach <[email protected]> wrote: > > On Sep 30, 2016, at 10:08 AM, Josh North <[email protected]> wrote: > > Hello, > > I am using ATS as a reverse proxy. I have been requested to set up > some URL's to use LDAP authentication with a directory server. I > found the authproxy plugin and configured it, and it successfully > authenticates/denies, but then returns a 404(or if I add an internal > map to the auth server, the browser tries to take me there). I feel I > am missing a very basic concept so I apologize. > > Here is my expectation based on how I have remap.config set up: > 1. Browser requests https://test.point808.com/ > 2. ATS uses auth.internal.point808.com to authenticate if the request > is allowed > 3. If not allowed, just fail however it wants to, don;t care > 4. if allowed, reverse proxy to privateserver.internal.point808.com > > Instead, at step 4, after a successful user/pass, I just get a > redirect to auth.internal.point808.com, which fails because that > server is not publicly available and does not have the content that > privateserver has. > > remap.config > -------------------------- > # LDAP Auth Server > map http://auth.internal.point808.com/ http://auth.internal.point808.com/ > > # Private Server > map https://test.point808.com/ > http://privateserver.internal.point808.com/ @plugin=authproxy.so > @pparam=--auth-transform=redirect > @pparam=--auth-host=auth.internal.point808.com @pparam=--auth-port=80 > > This looks reasonable. > > reverse_map http://privateserver.internal.point808.com/ > https://test.point808.com/ @plugin=authproxy.so > @pparam=--auth-transform=redirect > @pparam=--auth-host=auth.internal.point808.com @pparam=--auth-port=80 > > reverse_map is used to rewrite response headers, so it is might not be what > you want. If it is what you want, I’m not sure that you want to attach the > authproxy plugin to it. > > Generally, authproxy will need a map to use for the auth server, so maybe > something like this: > > map http://privateserver.internal.point808.com/ \ > http://privateserver.internal.point808.com/ \ > @internal > > If you need to debug authproxy itself, try traffic_server -T > ‘authproxy|http_hdrs’. > > J >
