Re: [users@httpd] Mod_proxy: Authentication-Info header lost in response
Hi, I finally solved the problem myself by modifying the source code of mod_proxy_http.c: Line 1697: apr_table_do(addit_dammit, save_table, r-headers_out, Set-Cookie, NULL); -- apr_table_do(addit_dammit, save_table, r-headers_out, Set-Cookie, Authentication-Info, NULL); Cheers On 27/03/2013 13:23, Nicolas Daniels wrote: Ok, I was probably not clear enough ;-) First I'm using mod_proxy_http and DIGEST authentication. Authentication-Info header is part of digest authentication: http://rfc-ref.org/RFC-TEXTS/2069/chapter2.html Lets say I've 2 accessed URLs: http://mydomain.com/index.html http://mydomain.com/tomcat/index.html Both are using digest authentication on apache. Proxy is configured as follow: ProxyPass /tomcat http://mytomcat.com/bla ProxyPassReverse /tomcathttp://mytomcat.com/bla So http://mydomain.com/index.html is replied directly by apache and http://mydomain.com/tomcat/index.html is proxied to tomcat. 1st case: Authentication-Info replied GET /index.html HTTP/1.1 User-Agent: curl/7.29.0 Host: mydomain.com Accept: */* HTTP/1.1 401 Unauthorized Date: Wed, 27 Mar 2013 11:24:18 GMT Server: Apache/2.4.4 (Unix) WWW-Authenticate: Digest realm=bla, nonce=nxteR+bYBAA=9c9e9d4176b1ff722c18122c2a3a9af3d52b6e8a, algorithm=MD5, qop=auth Content-Length: 381 Content-Type: text/html; charset=iso-8859-1 GET /index.html HTTP/1.1 Authorization: Digest username=username, realm=bla, nonce=nxteR+bYBAA=9c9e9d4176b1ff722c18122c2a3a9af3d52b6e8a, uri=/index.html, cnonce =ICAgICAgICAgICAgICAgICAgICAgICAgICAxNDEyNjc=, nc=0001, qop=auth, response=bbfa7dqsdqs2c014d85sqdzaab1, algorithm=MD5 User-Agent: curl/7.29.0 Host: mydomain.com Accept: */* HTTP/1.1 200 OK Date: Wed, 27 Mar 2013 11:24:18 GMT Server: Apache/2.4.4 (Unix) * Authentication-Info: rspauth=efbdcdsqdsqhiaaazqds4eee3c1, cnonce=ICAgICAgICAgICAgICAgICAgICAgICAgICAxNDEyNjc=, nc=0001, qop=auth* Last-Modified: Tue, 19 Feb 2013 08:24:06 GMT ETag: 22-4d60f909e7580 Accept-Ranges: bytes Content-Length: 34 Content-Type: text/plain 2nd case: Authentication-Info *not* replied GET /tomcat/index.html HTTP/1.1 User-Agent: curl/7.29.0 Host: mydomain.com Accept: */* HTTP/1.1 401 Unauthorized Date: Wed, 27 Mar 2013 12:15:25 GMT Server: Apache/2.4.4 (Unix) WWW-Authenticate: Digest realm=bla, nonce=5X4sqdsqdsqd456sq4dsq4d65sq78zf599bbd478c, algorithm=MD5, qop=auth Content-Length: 381 Content-Type: text/html; charset=iso-8859-1 GET /tomcat/index.html HTTP/1.1 Authorization: Digest username=username, realm=bla, nonce=5X4sqdsqdsqd456sq4dsq4d65sq78zf599bbd478c, uri=/tomcat/index.html, cnonce=ICAgICAgICAgICAgICAgICAgICAgICAgICA0NDk5NzM=, nc=0001, qop=auth, response=cf10890c9dsqdsqef3bd248dsqdsqec34, algorithm=MD5 User-Agent: curl/7.29.0 Host: mydomain.com Accept: */* HTTP/1.1 200 OK Date: Wed, 27 Mar 2013 12:15:27 GMT Server: Apache-Coyote/1.1 Content-Type: application/json Content-Length: 142 . So my question is, is there any way to have Apache reply this Authentication-Info in both case ? I guess the reverse proxy should add is somehow... Thanks ! On 27/03/2013 13:00, Nick Kew wrote: On 27 Mar 2013, at 11:39, Nicolas Daniels wrote: Everything work fine except that when the proxy is used, the Authentication-Info header is not included in the response. If Apache is replying directly without using the proxy, it is included. There's no such header in HTTP. Why not tell us exactly what you mean?
Re: [users@httpd] Mod_proxy: Authentication-Info header lost in response
On Thu, 28 Mar 2013 16:21:56 +0100 Nicolas Daniels nicolas.dani...@swing.be wrote: Hi, I finally solved the problem myself by modifying the source code of mod_proxy_http.c: Thanks! I started to compose a reply yesterday, then decided I should look at it first to determine whether it's a bug. I might end up applying your fix, if I don't forget about it first. -- Nick Kew - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Mod_proxy: Authentication-Info header lost in response
Hi all, I've setup my apache (2.4.4) with mod_proxy. Final target is tomcat 7. My apache is responsible for whole authentication(s). Everything work fine except that when the proxy is used, the Authentication-Info header is not included in the response. If Apache is replying directly without using the proxy, it is included. Is there a way to make Apache include this header if the proxy is used ? Thanks ! -- Nicolas Daniels Blue Pimento Service s.p.r.l. Rue Louis de Geer 6 B-1348 Louvain-la-neuve ?+32 10 390 014 ?+32 498 089 725 Fax. +32 10 390 001 Visit our web site: www.bluepimento.eu http://www.bluepimento.eu
[users@httpd] Mod_proxy: Authentication-Info header lost in response
Ho I forgot, I'm using mod_proxy_http and auth_digest. Hi all, I've setup my apache (2.4.4) with mod_proxy. Final target is tomcat 7. My apache is responsible for whole authentication(s). Everything work fine except that when the proxy is used, the Authentication-Info header is not included in the response. If Apache is replying directly without using the proxy, it is included. Is there a way to make Apache include this header if the proxy is used ? Thanks ! -- Nicolas Daniels Blue Pimento Service s.p.r.l. Rue Louis de Geer 6 B-1348 Louvain-la-neuve ?+32 10 390 014 ?+32 498 089 725 Fax. +32 10 390 001 Visit our web site: www.bluepimento.eu http://www.bluepimento.eu
Re: [users@httpd] Mod_proxy: Authentication-Info header lost in response
On 27 Mar 2013, at 11:39, Nicolas Daniels wrote: Everything work fine except that when the proxy is used, the Authentication-Info header is not included in the response. If Apache is replying directly without using the proxy, it is included. There's no such header in HTTP. Why not tell us exactly what you mean? -- Nick Kew - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Mod_proxy: Authentication-Info header lost in response
Ok, I was probably not clear enough ;-) First I'm using mod_proxy_http and DIGEST authentication. Authentication-Info header is part of digest authentication: http://rfc-ref.org/RFC-TEXTS/2069/chapter2.html Lets say I've 2 accessed URLs: http://mydomain.com/index.html http://mydomain.com/tomcat/index.html Both are using digest authentication on apache. Proxy is configured as follow: ProxyPass /tomcat http://mytomcat.com/bla ProxyPassReverse /tomcathttp://mytomcat.com/bla So http://mydomain.com/index.html is replied directly by apache and http://mydomain.com/tomcat/index.html is proxied to tomcat. 1st case: Authentication-Info replied GET /index.html HTTP/1.1 User-Agent: curl/7.29.0 Host: mydomain.com Accept: */* HTTP/1.1 401 Unauthorized Date: Wed, 27 Mar 2013 11:24:18 GMT Server: Apache/2.4.4 (Unix) WWW-Authenticate: Digest realm=bla, nonce=nxteR+bYBAA=9c9e9d4176b1ff722c18122c2a3a9af3d52b6e8a, algorithm=MD5, qop=auth Content-Length: 381 Content-Type: text/html; charset=iso-8859-1 GET /index.html HTTP/1.1 Authorization: Digest username=username, realm=bla, nonce=nxteR+bYBAA=9c9e9d4176b1ff722c18122c2a3a9af3d52b6e8a, uri=/index.html, cnonce =ICAgICAgICAgICAgICAgICAgICAgICAgICAxNDEyNjc=, nc=0001, qop=auth, response=bbfa7dqsdqs2c014d85sqdzaab1, algorithm=MD5 User-Agent: curl/7.29.0 Host: mydomain.com Accept: */* HTTP/1.1 200 OK Date: Wed, 27 Mar 2013 11:24:18 GMT Server: Apache/2.4.4 (Unix) * Authentication-Info: rspauth=efbdcdsqdsqhiaaazqds4eee3c1, cnonce=ICAgICAgICAgICAgICAgICAgICAgICAgICAxNDEyNjc=, nc=0001, qop=auth* Last-Modified: Tue, 19 Feb 2013 08:24:06 GMT ETag: 22-4d60f909e7580 Accept-Ranges: bytes Content-Length: 34 Content-Type: text/plain 2nd case: Authentication-Info *not* replied GET /tomcat/index.html HTTP/1.1 User-Agent: curl/7.29.0 Host: mydomain.com Accept: */* HTTP/1.1 401 Unauthorized Date: Wed, 27 Mar 2013 12:15:25 GMT Server: Apache/2.4.4 (Unix) WWW-Authenticate: Digest realm=bla, nonce=5X4sqdsqdsqd456sq4dsq4d65sq78zf599bbd478c, algorithm=MD5, qop=auth Content-Length: 381 Content-Type: text/html; charset=iso-8859-1 GET /tomcat/index.html HTTP/1.1 Authorization: Digest username=username, realm=bla, nonce=5X4sqdsqdsqd456sq4dsq4d65sq78zf599bbd478c, uri=/tomcat/index.html, cnonce=ICAgICAgICAgICAgICAgICAgICAgICAgICA0NDk5NzM=, nc=0001, qop=auth, response=cf10890c9dsqdsqef3bd248dsqdsqec34, algorithm=MD5 User-Agent: curl/7.29.0 Host: mydomain.com Accept: */* HTTP/1.1 200 OK Date: Wed, 27 Mar 2013 12:15:27 GMT Server: Apache-Coyote/1.1 Content-Type: application/json Content-Length: 142 . So my question is, is there any way to have Apache reply this Authentication-Info in both case ? I guess the reverse proxy should add is somehow... Thanks ! On 27/03/2013 13:00, Nick Kew wrote: On 27 Mar 2013, at 11:39, Nicolas Daniels wrote: Everything work fine except that when the proxy is used, the Authentication-Info header is not included in the response. If Apache is replying directly without using the proxy, it is included. There's no such header in HTTP. Why not tell us exactly what you mean?