>Number: 2879 >Category: mod_proxy >Synopsis: Proxy passwd isn't being passed to parent proxy >Confidential: no >Severity: serious >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Wed Aug 19 19:30:00 PDT 1998 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3.1 >Environment: SunOS atlas 5.5.1 Generic_103640-09 sun4u sparc SUNW,Ultra-2
Reading specs from /usr/local/lib/gcc-lib/sparc-sun-solaris2.5.1/2.7.2.3/specs gcc version 2.7.2.3 >Description: OK .. here's my situation .. I'm currently in the process of replacing our netscape proxy/cache server which is a little outdated with the latest version of squid.. now the netscape proxy is running on port 8080 and it also serves as an proxy auto config server as well. ie. all web browsers can use ns-proxy:8080 to act as their proxy server or get their auto proxy config information from it. now what I thought I could do was set up a virtual webserver with apache acting as a proxy and as a proxy auto config server (see 'how can we repeat this problem' section for my virtual web server config) .. Now this worked brilliantly for web browsers that downloaded their proxy auto config information from this server (which is running port 9090) and it also worked well for web sites in out local domain plus a few other domains we would normally allow our 600+ internet users through to without a password .. *but* for other sites say in the .com or .net domains we have our ns-proxy to request authentication before that user can get to those sites (I've also set up my squid proxy to do the same) .. now this isn't a problem for browsers that have had their proxy auto config'd by downloading the proxy auto config because those browsers are told to go directly to the squid/ns-proxy directly *but* (and this is what appears to be the bug) when browsers go thru the apacheproxy to go to the parent squid/ns-proxy, which is asking for the authentication information, for some reason the authentication information isn't being passed on?!?! >How-To-Repeat: Set up a virtual proxy like so <VirtualHost _default_:9090> DocumentRoot /web/apache/proxy-config DirectoryIndex proxy.pac ProxyRequests On ProxyRemote * http://squid-proxy:3128 NoProxy .some.domain 123.123.0.0/16 NoCache * </VirtualHost> you must have the upstream proxy server configured to request a password to allow access to web documents beyond the local domain .. I'm testing a squid proxy but have also tried our netscape proxy with the same result inability to authenticate thru the apache proxy on port 9090, although they have no dramas connecting directly to the squid-proxy:3128 .. >Fix: No, I'm sorry I don't, but I've done some snooping of the actual network traffic coming into the proxy on port 9090 and the browser doesn't appear to be sending the authentication ?!?! maybe it's a bug in every browser? have tried IE3/4 and Netscape 4 ... >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] [If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request ] [from a developer. ] [Reply only with text; DO NOT SEND ATTACHMENTS! ]
