Ok, I was probably not clear enough ;-)
First I'm using mod_proxy_http and DIGEST authentication.
Authentication-Info header is part of digest authentication:
http://rfc-ref.org/RFC-TEXTS/2069/chapter2.html
Lets say I've 2 accessed URLs:
http://mydomain.com/index.html
http://mydomain.com/tomcat/index.html
Both are using digest authentication on apache.
Proxy is configured as follow:
ProxyPass /tomcat http://mytomcat.com/bla
ProxyPassReverse /tomcathttp://mytomcat.com/bla
So http://mydomain.com/index.html is replied directly by apache and
http://mydomain.com/tomcat/index.html is proxied to tomcat.
1st case: Authentication-Info replied
> GET /index.html HTTP/1.1
> User-Agent: curl/7.29.0
> Host: mydomain.com
> Accept: */*
< HTTP/1.1 401 Unauthorized
< Date: Wed, 27 Mar 2013 11:24:18 GMT
< Server: Apache/2.4.4 (Unix)
< WWW-Authenticate: Digest realm="bla",
nonce="nxteR+bYBAA=9c9e9d4176b1ff722c18122c2a3a9af3d52b6e8a",
algorithm=MD5, qop="auth"
< Content-Length: 381
< Content-Type: text/html; charset=iso-8859-1
> GET /index.html HTTP/1.1
> Authorization: Digest username="username", realm="bla",
nonce="nxteR+bYBAA=9c9e9d4176b1ff722c18122c2a3a9af3d52b6e8a",
uri="/index.html", cnonce
="ICAgICAgICAgICAgICAgICAgICAgICAgICAxNDEyNjc=", nc=00000001, qop=auth,
response="bbfa7dqsdqs2c014d85sqdzaab1", algorithm="MD5"
> User-Agent: curl/7.29.0
> Host: mydomain.com
> Accept: */*
< HTTP/1.1 200 OK
< Date: Wed, 27 Mar 2013 11:24:18 GMT
< Server: Apache/2.4.4 (Unix)
*< Authentication-Info: rspauth="efbdcdsqdsqhiaaazqds4eee3c1",
cnonce="ICAgICAgICAgICAgICAgICAgICAgICAgICAxNDEyNjc=", nc=00000001,
qop=auth*
< Last-Modified: Tue, 19 Feb 2013 08:24:06 GMT
< ETag: "22-4d60f909e7580"
< Accept-Ranges: bytes
< Content-Length: 34
< Content-Type: text/plain
....
2nd case: Authentication-Info *not* replied
> GET /tomcat/index.html HTTP/1.1
> User-Agent: curl/7.29.0
> Host: mydomain.com
> Accept: */*
< HTTP/1.1 401 Unauthorized
< Date: Wed, 27 Mar 2013 12:15:25 GMT
< Server: Apache/2.4.4 (Unix)
< WWW-Authenticate: Digest realm="bla",
nonce="5X4sqdsqdsqd456sq4dsq4d65sq78zf599bbd478c", algorithm=MD5, qop="auth"
< Content-Length: 381
< Content-Type: text/html; charset=iso-8859-1
> GET /tomcat/index.html HTTP/1.1
> Authorization: Digest username="username", realm="bla",
nonce="5X4sqdsqdsqd456sq4dsq4d65sq78zf599bbd478c",
uri="/tomcat/index.html",
cnonce="ICAgICAgICAgICAgICAgICAgICAgICAgICA0NDk5NzM=", nc=00000001,
qop=auth, response="cf10890c9dsqdsqef3bd248dsqdsqec34", algorithm="MD5"
> User-Agent: curl/7.29.0
> Host: mydomain.com
> Accept: */*
< HTTP/1.1 200 OK
< Date: Wed, 27 Mar 2013 12:15:27 GMT
< Server: Apache-Coyote/1.1
< Content-Type: application/json
< Content-Length: 142
.....
So my question is, is there any way to have Apache reply this
Authentication-Info in both case ? I guess the reverse proxy should add
is somehow...
Thanks !
On 27/03/2013 13:00, Nick Kew wrote:
On 27 Mar 2013, at 11:39, Nicolas Daniels wrote:
Everything work fine except that when the proxy is used, the
Authentication-Info header is not included in the response. If Apache is
replying directly without using the proxy, it is included.
There's no such header in HTTP. Why not tell us exactly what you mean?
