Proxy authentication

[Petr Hracek]

Dear users,

I have problems with proxy authorization and I could not image where
is a problem.

Configuration in my :


SSLEngine on
SSLProxyEngine on
ProxyRequests off

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteMap pages txt:/opt/httpd2/conf/pages.txt
RewriteRule ^/([^/]+)${pages:$1|/$1} $
RewriteRule ^/([^/]+)/(.*)${pages:$1|/opt/httpd2/htdocs/ssldocs/$1}/$2 [L]


   Options Includes Multiviews FollowSymLinks
   AllowOverride None
   Order deny,allow
   Deny from all


AuthType SECURE_USER
require valid-user
Satisfy Any



  
  Options + Indexes +Multiviews
  AuthType SECURE_USER
  require valid-user
  satisfy Any
  

   AuthType SECURE_USER
   require valid-user
   ProxyPass http://192.2.0.25:8080/ATSAdmin
   ProxyPassReverse http://192.2.0.25:8080/ATSAdmin
   satisfy Any






In the module is mentioned:
r->ap_auth_type = SECURE_USER;
Format of the file pages.txt is:

App1   /opt/App1/htdocs App1
App2   /opt/App2/htdocs App2
App3   /opt/App3/htdocs App3

https:///ATS/ I want to authorized over
my module and when the authorization is done the it is proxied to the
http://192.2.0.25:8080/ATSAdmin.

Could you please let me know where I have made a mistake?

My module have following hooks:
static void register_hooks(apr_pool_t *p)
{
ap_hook_post_config(init_Module,NULL,NULL,APR_HOOK_MIDDLE);
ap_hook_auth_checker(auth_handler,NULL,NULL,APR_HOOK_MIDDLE);
ap_hook_check_user_id(access_handler,NULL,NULL,APR_HOOK_MIDDLE);
ap_hook_handler(notification_handler,NULL,NULL,APR_HOOK_MIDDLE);
ap_hook_fixups(fixups,NULL,NULL,APR_HOOK_MIDDLE);
ap_hook_child_init(init_Child,NULL,NULL,APR_HOOK_MIDDLE);
ap_hook_handler(secure_handler,NULL,NULL,APR_HOOK_MIDDLE);
ap_hook_handler(login_handler,NULL,NULL,APR_HOOK_MIDDLE);
ap_hook_handler(single_login_handler,NULL,NULL,APR_HOOK_MIDDLE);
ap_hook_handler(logout_handler,NULL,NULL,APR_HOOK_MIDDLE);
}

When the access_checker return value is OK than it shown me page 404.
When the access_checker return value is DECLINED that it shown me page
unauthorized access.
Shal I use some http redirection to the proxy pages?

When I will do that so that configuration is:

ProxyPass http://192.2.0.25/
Order deny,allow
Allow from all
AuthType Basic
AuthName "Password Required"
AuthUserFile password.file
AuthGroupFile group.file
Require group usergroup


Than all works fine.
-- 
Best Regards / S pozdravem
Petr Hracek

Proxy authentication bypassed when serving cached content

[Laurent Tu]

Hi,


>From my understanding of mod_cache, proxy authentication (header
Proxy-Authenticate) is not asked when serving cached content in a forward
proxy configuration: mod_cache operates on the quick_handler hook whereas
authentication operates later in the request process. I have tried it on a
real case as well:

   AuthType Basic
   ...
   Require valid-user


Content not available in cache goes through the authentication, but not the
cached one. As a result, a user does not need to be authenticated to access
a cached result.

So, here we are:
- Am I wrong?
- Is it a normal behavior?
- If not: is it addressed by someone?
- If not: what about I do it: is checking user information in the quick
handler hook before mod_cache (in case it fails, we send 407,
Proxy-Authenticate, return OK) a good solution?


Thanks
Laurent