> On Oct 12, 2016, at 9:19 PM, Josh North <josh.no...@point808.com> wrote:
> That helps. Through some more troubleshooting, I removed the authproxy line 
> from the reverse map and it is mostly working. The remaining error I have is 
> in one application that uses a json PUT. The app work until the user uses 
> that function, and ATS returns a 500 method not allowed.

It comes from ATS itself? I don’t see authproxy doing that, so must be 
something else. The --auth-transform=redirect is designed for the case where 
you have a separate service that can tell whether a request should be allowed. 
If you are doing the auth redirect to the upstream service, maybe 
—auth-transform=head is a better choice?

> Going directly to the source server works though. 
> I'm wondering if it has anything to do with every single request getting 
> forwarded to the http auth server first. 
> Thank you for the tip on debug flags, I will continue to play with that and 
> see what I can find. 
> On Oct 12, 2016, James Peach <jpe...@apache.org> wrote:
> On Sep 30, 2016, at 10:08 AM, Josh North <josh.no...@point808.com> wrote:
> Hello,
> I am using ATS as a reverse proxy. I have been requested to set up
> some URL's to use LDAP authentication with a directory server. I
> found the authproxy plugin and configured it, and it successfully
> authenticates/denies, but then returns a 404(or if I add an internal
> map to the auth server, the browser tries to take me there). I feel I
> am missing a very basic concept so I apologize.
> Here is my expectation based on how I have remap.config set up:
> 1. Browser requests https://test.point808.com/
> 2. ATS uses auth.internal.point808.com to authenticate if the request
> is allowed
> 3. If not allowed, just fail however it wants to, don;t care
> 4. if allowed, reverse proxy to privateserver.internal.point808.com
> Instead, at step 4, after a successful user/pass, I just get a
> redirect to auth.internal.point808.com, which fails because that
> server is not publicly available and does not have the content that
> privateserver has.
> remap.config
> --------------------------
> # LDAP Auth Server
> map http://auth.internal.point808.com/ http://auth.internal.point808.com/
> # Private Server
> map https://test.point808.com/
> http://privateserver.internal.point808.com/ @plugin=authproxy.so
> @pparam=--auth-transform=redirect
> @pparam=--auth-host=auth.internal.point808.com @pparam=--auth-port=80
> This looks reasonable.
> reverse_map http://privateserver.internal.point808.com/
> https://test.point808.com/ @plugin=authproxy.so
> @pparam=--auth-transform=redirect
> @pparam=--auth-host=auth.internal.point808.com @pparam=--auth-port=80
> reverse_map is used to rewrite response headers, so it is might not be what 
> you want. If it is what you want, I’m not sure that you want to attach the 
> authproxy plugin to it.
> Generally, authproxy will need a map to use for the auth server, so maybe 
> something like this:
> map http://privateserver.internal.point808.com/ \
> http://privateserver.internal.point808.com/ \
> @internal
> If you need to debug authproxy itself, try traffic_server -T 
> ‘authproxy|http_hdrs’.
> J

Reply via email to