You set Require for your /. That means that Apache requieres
authentication for every request. Now here is simple description why
you have your problem:
1. Browser sends a request
2. Apache answers with 401 code: Authrization required
3. Browser asks user for a username and password and send it back to
the browser with each next request because HTTP is a stateless
protocol.
4. Apache check username/password for each request and grants access
if it sees it in its password file.
5. IIS send 401 for authorization
6. Browser asks for the new username/password and start to send these
with each request.
7. Apache refuses to provide access because it doesn't know these new user.
Your problem is that basic authentication is implemented on HTTP level
and both of your servers look like one to the browser.
I don't know how to fix this porblem. May be replacing Apache with
SQUID will help because SQUID send 407 when it asks for authroziation.
On 9/29/06, John Hallam <[EMAIL PROTECTED]> wrote:
I have a problem which I think might be a bug. I have
setup Apache as a Reverse proxy and it works fine! The
backend Web server is IIS. For some of the web pages a
user has to enter their Windows credentials to reach
the web page. This also works fine!
The Problem: What is required is first a general
authentication so that one can reach the backend
server, which means that one authenticates first at
the proxy and then a second time to access the
protected IIS web pages. The first authenticate to
grant access through the proxy works fine, but the IIS
authentication part doesn't. If I look at the error
log Apache is trying to authenticate the user instead
of passing it through. Why? Is there a simple answer?
The relevant configuration:
<VirtualHost *:443>
ServerAdmin [EMAIL PROTECTED]
ServerName proxy.xxxxxx.com
SSLEngine On
SSLProxyEngine on
SSLCertificateFile
/etc/ssl/xxxxxxCA/www-cert.pem
SSLCertificateKeyFile
/etc/ssl/xxxxxCA/www-key.pem
ProxyRequests Off
<Location />
AuthType Basic
AuthAuthoritative Off
AuthName "Restricted Area - PharmaPart only"
AuthLDAPAuthoritative Off
AuthLDAPURL
ldap://ldap.xxxxx.net/ou=people,dc=xxxxxx,dc=com?mail?sub?(objectClass=*)
Require valid-user
ProxyPass http://ppzhsr02.xxxxxxx.net/
ProxyPassReverse http://ppzhsr02.xxxxxx.net/
</Location>
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
Like I've stated - take the Authxxxx part away and the
IIS authentication works fine. It appears to me that
when I put the Authxxxx statements in place that the
Proxy wants to do all authentications rather than just
the first access authentication.
Can anyone help?
Thanx
John
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam
protection around
http://mail.yahoo.com
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
