[us...@httpd] Protocol transistion between Basic Auth anh Kerberos.
Hi, I want to use Apapche as reverse proxy against MS SharePoint with negotiate (Kerberos) enabled from Internet. I can't set the client to support Windows Integrated secuity, so Apache need to be able to translate basic authentication into a Kerberos ticket on behalf of the user. (This is possible in MS ISA server) Is it possible with Apache web server? Thanks, Dag Efjestad - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [us...@httpd] REMOTE_USER and PROXY request
Thanks Tom,
I think I got it now.
It was about the + sign. If I did match against "RewriteCond
%{LA-U:REMOTE_USER} (.*)" - the condition was true even if the REMOTE_USER was
empty. The result was that the proxy request was done before there was a value.
As our log shows the REMOTE_USER is filled out in the third run.
Thanks for all help,
Cheers Dag
-Opprinnelig melding-
Fra: Tom Evans [mailto:tevans...@googlemail.com]
Sendt: 28. mai 2009 15:23
Til: users@httpd.apache.org
Emne: RE: [us...@httpd] REMOTE_USER and PROXY request
On Thu, 2009-05-28 at 13:58 +0200, Efjestad, Dag wrote:
> No, when I do this the value in RewriteCond is null.
>
> From logfile:
> lookahead: path=/kongsberg/ var=REMOTE_USER -> val=
> RewriteCond: input='' pattern='(.*)' => matched
>
> -Opprinnelig melding-
> Fra: Tom Evans [mailto:tevans...@googlemail.com]
> Sendt: 28. mai 2009 11:49
> Til: users@httpd.apache.org
> Emne: Re: [us...@httpd] REMOTE_USER and PROXY request
>
> On Thu, 2009-05-28 at 10:52 +0200, Efjestad, Dag wrote:
> > Hi.
> >
> > I can't get access to the REMOTE_USER value when I do a proxy request. The
> > value is empty.
> > RewriteRule ^/kongsberg(.*) http://aeoas02/kongsberg/%{LA-U:REMOTE_USER}$1
> > [P,L]
> >
> > For rewrite against directory URL's I get the value.
> > RewriteRule ^/kongsberg(.*) /kongsberg/%{LA-U:REMOTE_USER}$1 [L]
> >
> > and for redirect it works:
> > RewriteRule ^/kongsberg(.*) http://aeoas02/kongsberg/%{LA-U:REMOTE_USER}$1
> > [R,L]
> >
> >
> > I also tried this syntaks with same result - no value in REMOTE_USER env.
> > var.:
> >RewriteCond %{LA-U:REMOTE_USER} (.+)
> >RewriteRule . - [E=RU:%1]
> >
> >ProxyRequestsOff
> >ProxyPassInterpolateEnv On
> >ProxyPass/kongsberg/ http://aeoas02/kongsberg/${RU}/ interpolate
> >ProxyPassReverse /kongsberg/ http://aeoas02/kongsberg/${RU}/ interpolate
> >
> >
> > I also noticed that I can see the username value in the access logfile but
> > not in the rewrite logfile.
> >
> > Suggestions anyone?
> >
> >
> > Kind regards, Dag
> >
>
> Does this not work?
>
> RewriteCond %{LA-U:REMOTE_USER} (.+)
> RewriteRule /kongsberg/ http://aeoas02/kongsberg/%1/ [P]
>
> Cheers
>
> Tom
>
>
>From my testing, that config works fine:
ServerName ssoauth
DocumentRoot /usr/local/www/ssoauth/htdocs
Order allow,deny
Allow from all
KeepAlive Off
RewriteEngine On
RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule /kongsberg/ http://ssoauth:8081/kongsberg/%1/ [P]
RewriteLog /var/log/rwrite.log
RewriteLogLevel 5
Include auth/ldap_group_it.conf
The log then shows this: (cat /var/log/rwrite.log | sed 's:.*] ::')
(2) init rewrite engine with requested uri /kongsberg/
(3) applying pattern '/kongsberg/' to uri '/kongsberg/'
(2) init rewrite engine with requested uri /kongsberg/
(3) applying pattern '/kongsberg/' to uri '/kongsberg/'
(4) RewriteCond: input='' pattern='(.+)' => not-matched
(1) pass through /kongsberg/
(2) init rewrite engine with requested uri /kongsberg/index.html
(3) applying pattern '/kongsberg/' to uri '/kongsberg/index.html'
(2) init rewrite engine with requested uri /kongsberg/index.html
(3) applying pattern '/kongsberg/' to uri '/kongsberg/index.html'
(4) RewriteCond: input='' pattern='(.+)' => not-matched
(1) pass through /kongsberg/index.html
(5) lookahead: path=/kongsberg/index.html var=REMOTE_USER -> val=tevans
(4) RewriteCond: input='tevans' pattern='(.+)' => matched
(2) rewrite '/kongsberg/index.html' -> 'http://ssoauth:8081/kongsberg/tevans/'
(2) forcing proxy-throughput with http://ssoauth:8081/kongsberg/tevans/
(1) go-ahead with proxy request proxy:http://ssoauth:8081/kongsberg/tevans/ [OK]
(5) lookahead: path=/kongsberg/ var=REMOTE_USER -> val=tevans
(4) RewriteCond: input='tevans' pattern='(.+)' => matched
(2) rewrite '/kongsberg/' -> 'http://ssoauth:8081/kongsberg/tevans/'
(2) forcing proxy-throughput with http://ssoauth:8081/kongsberg/tevans/
(1) go-ahead with proxy request proxy:http://ssoauth:8081/kongsberg/tevans/ [OK]
This log is for just one request. Are you sure you that you are
authenticated using apache auth modules? REMOTE_USER would be empty if
you are not authenticated.
Cheers
Tom
-
The official User-To-User support forum of the Apache HTTP Serv
RE: [us...@httpd] REMOTE_USER and PROXY request
No, when I do this the value in RewriteCond is null.
>From logfile:
lookahead: path=/kongsberg/ var=REMOTE_USER -> val=
RewriteCond: input='' pattern='(.*)' => matched
-Opprinnelig melding-
Fra: Tom Evans [mailto:tevans...@googlemail.com]
Sendt: 28. mai 2009 11:49
Til: users@httpd.apache.org
Emne: Re: [us...@httpd] REMOTE_USER and PROXY request
On Thu, 2009-05-28 at 10:52 +0200, Efjestad, Dag wrote:
> Hi.
>
> I can't get access to the REMOTE_USER value when I do a proxy request. The
> value is empty.
> RewriteRule ^/kongsberg(.*) http://aeoas02/kongsberg/%{LA-U:REMOTE_USER}$1
> [P,L]
>
> For rewrite against directory URL's I get the value.
> RewriteRule ^/kongsberg(.*) /kongsberg/%{LA-U:REMOTE_USER}$1 [L]
>
> and for redirect it works:
> RewriteRule ^/kongsberg(.*) http://aeoas02/kongsberg/%{LA-U:REMOTE_USER}$1
> [R,L]
>
>
> I also tried this syntaks with same result - no value in REMOTE_USER env.
> var.:
>RewriteCond %{LA-U:REMOTE_USER} (.+)
>RewriteRule . - [E=RU:%1]
>
>ProxyRequestsOff
>ProxyPassInterpolateEnv On
>ProxyPass/kongsberg/ http://aeoas02/kongsberg/${RU}/ interpolate
>ProxyPassReverse /kongsberg/ http://aeoas02/kongsberg/${RU}/ interpolate
>
>
> I also noticed that I can see the username value in the access logfile but
> not in the rewrite logfile.
>
> Suggestions anyone?
>
>
> Kind regards, Dag
>
Does this not work?
RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule /kongsberg/ http://aeoas02/kongsberg/%1/ [P]
Cheers
Tom
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] REMOTE_USER and PROXY request
Hi.
I can't get access to the REMOTE_USER value when I do a proxy request. The
value is empty.
RewriteRule ^/kongsberg(.*) http://aeoas02/kongsberg/%{LA-U:REMOTE_USER}$1 [P,L]
For rewrite against directory URL's I get the value.
RewriteRule ^/kongsberg(.*) /kongsberg/%{LA-U:REMOTE_USER}$1 [L]
and for redirect it works:
RewriteRule ^/kongsberg(.*) http://aeoas02/kongsberg/%{LA-U:REMOTE_USER}$1 [R,L]
I also tried this syntaks with same result - no value in REMOTE_USER env. var.:
RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule . - [E=RU:%1]
ProxyRequestsOff
ProxyPassInterpolateEnv On
ProxyPass/kongsberg/ http://aeoas02/kongsberg/${RU}/ interpolate
ProxyPassReverse /kongsberg/ http://aeoas02/kongsberg/${RU}/ interpolate
I also noticed that I can see the username value in the access logfile but not
in the rewrite logfile.
Suggestions anyone?
Kind regards, Dag
RE: [us...@httpd] Userid and reverse proxy
Yes I tried LA-U without any luck :-(
-Opprinnelig melding-
Fra: Stefano Sasso [mailto:stesa...@gmail.com]
Sendt: 27. mai 2009 21:20
Til: users@httpd.apache.org
Emne: Re: [us...@httpd] Userid and reverse proxy
2009/5/27 Efjestad, Dag :
> I tried several options but no value in remote_user.
did you try with LA-U? from apache mod_rewrite docs:
For instance, to rewrite according to the REMOTE_USER variable from
within the per-server context (httpd.conf file) you must use
%{LA-U:REMOTE_USER} - this variable is set by the authorization
phases, which come after the URL translation phase (during which
mod_rewrite operates).
bye,
--
Stefano Sasso
stesa...@gmail.com
http://www.gnustile.net/
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
RE: [us...@httpd] Userid and reverse proxy
Thanks but I tried that.
The problem is that the value of REMOTE_USER has no value.
I use apache version 2.2
Here are the configuration:
AuthType basic
AuthName "LOS"
AuthUserFile conf/LOSbasicauth.sec
Require user u1 u2 u3
RewriteCond %{REMOTE_HOST} (.*)
RewriteRule ^/kongsberg/(.*) http://aeoas02/LOS/kongsberg/%1/$1 [QSA,P,L]
In the access_log I get:
IPADDRESS - u1 [27/May/2009:16:03:25 +0200] "GET /kongsberg/ HTTP/1.1" 404 343
"-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; WOW64; Trident/4.0;
SLCC1; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30618; InfoPath.2;
MS-RTC LM 8)"
In the rewrite log I get:
IPADDRESS - - applying pattern '^/kongsberg/(.*)' to uri '/kongsberg/'
IPADDRESS - - RewriteCond: input='' pattern='(.*)' => matched
IPADDRESS - - rewrite '/kongsberg/' -> 'http://krsoastest01/test/kongsberg//'
IPADDRESS - - forcing proxy-throughput with http://aeoas02/kongsberg//
I can't see the username in the rewrite log.
I tried several options but no value in remote_user.
Tnx, Dag
-Opprinnelig melding-
Fra: Stefano Sasso [mailto:stesa...@gmail.com]
Sendt: 27. mai 2009 13:14
Til: users@httpd.apache.org
Emne: Re: [us...@httpd] Userid and reverse proxy
2009/5/27 Efjestad, Dag :
>
> AuthType basic
> AuthName "Requierd users"
> AuthUserFile conf/basicauth.sec
> Require user user1 user2 user3
>
> ProxyRequests Off
> ProxyPass /kongsberg/ http://aeoas02/kongsberg/%AuthenticatedUserId%
> ProxyPassReverse /kongsberg/ http://aeoas02/kongsberg/%AuthenticatedUserId%
>
>
> The variabel %AuthenticatedUserId% should contain user1, user2 or user3.
>
> Anyone know a way of solving this problem?
you can try with mod_rewrite and [P]:
RewriteEngine On
RewriteRule ^/kongsberg(.*) http://aeoas02/kongsberg/%{LA-U:REMOTE_USER}$1 [P,L]
bye,
--
Stefano Sasso
stesa...@gmail.com
http://www.gnustile.net/
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
RE: [us...@httpd] Userid and reverse proxy
Jeff, I think you have misunderstood the problem. The problem is that I different web pages for different users. /dag -Opprinnelig melding- Fra: Jeff Shearer [mailto:j...@shearer-family.org] Sendt: 27. mai 2009 09:07 Til: users@httpd.apache.org Emne: Re: [us...@httpd] Userid and reverse proxy Try using a group rather than a list of users. See http://httpd.apache.org/docs/2.2/howto/auth.html#lettingmorethanonepersonin for a discussion. Efjestad, Dag wrote: > Hi > > I want to do something like this: > > > AuthType basic > AuthName "Requierd users" > AuthUserFile conf/basicauth.sec > Require user user1 user2 user3 > > ProxyRequestsOff > ProxyPass/kongsberg/ > http://aeoas02/kongsberg/%AuthenticatedUserId% > ProxyPassReverse /kongsberg/ > http://aeoas02/kongsberg/%AuthenticatedUserId% > > > The variabel %AuthenticatedUserId% should contain user1, user2 or user3. > > Anyone know a way of solving this problem? > > Best Regards > Dag Efjestad, Norway > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >" from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Userid and reverse proxy
Hi I want to do something like this: AuthType basic AuthName "Requierd users" AuthUserFile conf/basicauth.sec Require user user1 user2 user3 ProxyRequestsOff ProxyPass/kongsberg/ http://aeoas02/kongsberg/%AuthenticatedUserId% ProxyPassReverse /kongsberg/ http://aeoas02/kongsberg/%AuthenticatedUserId% The variabel %AuthenticatedUserId% should contain user1, user2 or user3. Anyone know a way of solving this problem? Best Regards Dag Efjestad, Norway - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[EMAIL PROTECTED] RE: Problem with disk_cache on Windows 2003
-Opprinnelig melding- Fra: Efjestad, Dag [mailto:[EMAIL PROTECTED] Sendt: 14. juli 2008 08:12 Til: users@httpd.apache.org Emne: [EMAIL PROTECTED] Problem with disk_cache on Windows 2003 Hello I'm trying to get mod_cache and mod_disk_cache to work correctly. Problem summary is that disk cache is not working properly - sending empty data to the client for some content like the css file. I use Apache as a reverse proxy. I get a lot of this messages in the log file: [Sun Jul 13 14:09:38 2008] [warn] (OS 5)Access is denied. : disk_cache: rename tempfile to datafile failed: c:/webcache/los/aptmpx1asW8 -> c:/webcache/los/Ra/N6/fS/iBGQrEATWPwwO4iA.data [Sun Jul 13 14:10:04 2008] [warn] (OS 5)Access is denied. : disk_cache: rename tempfile to datafile failed: c:/webcache/los/aptmpaeiuxe -> c:/webcache/los/O7/ub/HS/Hp2X7mMoCK1NgpAA.data I am running Apache/2.2.8 (Win32) on a Windows 2003 server. The security settings on c:\webcache directory is everyone="full access". Apache Cache configuration is: ExpiresActive on ExpiresDefault "now plus 5 minutes" CacheRoot c:/webcache/los CacheEnable disk / CacheDefaultExpire 300 CacheMaxExpire 300 CacheIgnoreHeaders Set-Cookie CacheIgnoreCacheControl On CacheIgnoreNoLastMod On CacheStoreNoStore On CacheStorePrivate On Have I done some error in the configuration or is it something I missed? Thanks in advance. Dag - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Problem with disk_cache on Windows 2003
Hello I'm trying to get mod_cache and mod_disk_cache to work correctly. Problem summary is that disk cache is not working properly - sending empty data to the client for some content like the css file. I use Apache as a reverse proxy. I get a lot of this messages in the log file: [Sun Jul 13 14:09:38 2008] [warn] (OS 5)Access is denied. : disk_cache: rename tempfile to datafile failed: c:/webcache/los/aptmpx1asW8 -> c:/webcache/los/Ra/N6/fS/iBGQrEATWPwwO4iA.data [Sun Jul 13 14:10:04 2008] [warn] (OS 5)Access is denied. : disk_cache: rename tempfile to datafile failed: c:/webcache/los/aptmpaeiuxe -> c:/webcache/los/O7/ub/HS/Hp2X7mMoCK1NgpAA.data I am running Apache/2.2.8 (Win32) on a Windows 2003 server. The security settings on c:\webcache directory is everyone="full access". Apache Cache configuration is: ExpiresActive on ExpiresDefault "now plus 5 minutes" CacheRoot c:/webcache/los CacheEnable disk / CacheDefaultExpire 300 CacheMaxExpire 300 CacheIgnoreHeaders Set-Cookie CacheIgnoreCacheControl On CacheIgnoreNoLastMod On CacheStoreNoStore On CacheStorePrivate On Have I done some error in the configuration or is it something I missed? Thanks in advance. Dag - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
