Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Apache: Users

Authenticate each user once for multiple applications

  

 
Apache users RSS feed   Index | Next | Previous | View Threaded


yungwei at resolvity

Nov 13, 2009, 8:00 AM

Post #1 of 6 (525 views)
Permalink
Authenticate each user once for multiple applications
Hi,

I have a reverse proxy server that forwards to requests to an internal apache server. Here's the configuration on how the reverse proxy server works.
<Location /rpt >
Order Deny,Allow
Deny from all
Allow from ...
ProxyPass https://111.111.111.111/rpt
ProxyPassReverse https://111.111.111.111/rpt
ProxyPassReverseCookieDomain 111.111.111.111 100.100.100.100
AuthName "Restricted Access"
AuthType Basic
AuthUserFile /etc/httpd/passwd/htpasswd.users
Require valid-user
</Location>

Then I added the following to the same conf file on the reverse proxy server for another application.
I first accessed the rpt application in a web browser, and then I was asked to enter id and password as expected.
Then I hit rpt2 in the same browser session, and then I was asked to enter id and password again.
My question is: How can I tell the reverse proxy server to authenticate each user just once in this case?
<Location /rpt2 >
Order Deny,Allow
Deny from all
Allow from ...
ProxyPass https://111.111.111.111/rpt2
ProxyPassReverse https://111.111.111.111/rpt2
ProxyPassReverseCookieDomain 111.111.111.111 100.100.100.100
AuthName "Restricted Access"
AuthType Basic
AuthUserFile /etc/httpd/passwd/htpasswd.users
Require valid-user
</Location>

Thanks.


covener at gmail

Nov 13, 2009, 8:14 AM

Post #2 of 6 (497 views)
Permalink
Re: Authenticate each user once for multiple applications [In reply to]
On Fri, Nov 13, 2009 at 11:00 AM, Yungwei Chen <yungwei [at] resolvity> wrote:
> My question is: How can I tell the reverse proxy server to authenticate each
> user just once in this case?

It authenticates you on every request, but your browser doesn't bother
to prompt you when something is a sub-location of where you previously
authenticated. Can you put these two URL's under a common root? Your
browser would stop prompting.

--
Eric Covener
covener [at] gmail

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd
" from the digest: users-digest-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd


peter.schober at univie

Nov 13, 2009, 8:17 AM

Post #3 of 6 (500 views)
Permalink
Re: Authenticate each user once for multiple applications [In reply to]
* Yungwei Chen <yungwei [at] resolvity> [2009-11-13 17:00]:
> <Location /rpt >
> Order Deny,Allow
> Deny from all
> Allow from ...
> ProxyPass https://111.111.111.111/rpt
> ProxyPassReverse https://111.111.111.111/rpt
> ProxyPassReverseCookieDomain 111.111.111.111 100.100.100.100
> AuthName "Restricted Access"
> AuthType Basic
> AuthUserFile /etc/httpd/passwd/htpasswd.users
> Require valid-user
> </Location>
[...]
> <Location /rpt2 >
> Order Deny,Allow
> Deny from all
> Allow from ...
> ProxyPass https://111.111.111.111/rpt2
> ProxyPassReverse https://111.111.111.111/rpt2
> ProxyPassReverseCookieDomain 111.111.111.111 100.100.100.100
> AuthName "Restricted Access"
> AuthType Basic
> AuthUserFile /etc/httpd/passwd/htpasswd.users
> Require valid-user
> </Location>

If this indeed is representative of your site's structure you could
simply have one <Location /foo> (or just '/') proxying to
https://111.111.111.111/ and you should be able to access /foo/rpt,
/foo/rpt2. etc.
-peter

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd
" from the digest: users-digest-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd


yungwei at resolvity

Nov 13, 2009, 8:39 AM

Post #4 of 6 (501 views)
Permalink
RE: Authenticate each user once for multiple applications [In reply to]
The proxy server also needs to forward some requests (/nagios) to another internal apache server. Any suggestions in this case?

-----Original Message-----
From: Peter Schober [mailto:peter.schober [at] univie]
Sent: Friday, November 13, 2009 10:18 AM
To: users [at] httpd
Subject: Re: [users [at] http] Authenticate each user once for multiple applications

* Yungwei Chen <yungwei [at] resolvity> [2009-11-13 17:00]:
> <Location /rpt >
> Order Deny,Allow
> Deny from all
> Allow from ...
> ProxyPass https://111.111.111.111/rpt
> ProxyPassReverse https://111.111.111.111/rpt
> ProxyPassReverseCookieDomain 111.111.111.111 100.100.100.100
> AuthName "Restricted Access"
> AuthType Basic
> AuthUserFile /etc/httpd/passwd/htpasswd.users
> Require valid-user
> </Location>
[...]
> <Location /rpt2 >
> Order Deny,Allow
> Deny from all
> Allow from ...
> ProxyPass https://111.111.111.111/rpt2
> ProxyPassReverse https://111.111.111.111/rpt2
> ProxyPassReverseCookieDomain 111.111.111.111 100.100.100.100
> AuthName "Restricted Access"
> AuthType Basic
> AuthUserFile /etc/httpd/passwd/htpasswd.users
> Require valid-user
> </Location>

If this indeed is representative of your site's structure you could
simply have one <Location /foo> (or just '/') proxying to
https://111.111.111.111/ and you should be able to access /foo/rpt,
/foo/rpt2. etc.
-peter

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd
" from the digest: users-digest-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd
" from the digest: users-digest-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd


peter.schober at univie

Nov 13, 2009, 8:59 AM

Post #5 of 6 (493 views)
Permalink
Re: Authenticate each user once for multiple applications [In reply to]
* Yungwei Chen <yungwei [at] resolvity> [2009-11-13 17:39]:
> The proxy server also needs to forward some requests (/nagios) to
> another internal apache server. Any suggestions in this case?

Exclude those from the proxy pass?
-peter

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd
" from the digest: users-digest-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd


yungwei at resolvity

Nov 13, 2009, 9:37 AM

Post #6 of 6 (500 views)
Permalink
RE: Authenticate each user once for multiple applications [In reply to]
I just found that using the same value of AuthName for each application seems to solve my problem. Is it the right way to go?

From: Yungwei Chen [mailto:yungwei [at] resolvity]
Sent: Friday, November 13, 2009 10:00 AM
To: users [at] httpd
Subject: [users [at] http] Authenticate each user once for multiple applications

Hi,

I have a reverse proxy server that forwards to requests to an internal apache server. Here's the configuration on how the reverse proxy server works.
<Location /rpt >
Order Deny,Allow
Deny from all
Allow from ...
ProxyPass https://111.111.111.111/rpt
ProxyPassReverse https://111.111.111.111/rpt
ProxyPassReverseCookieDomain 111.111.111.111 100.100.100.100
AuthName "Restricted Access"
AuthType Basic
AuthUserFile /etc/httpd/passwd/htpasswd.users
Require valid-user
</Location>

Then I added the following to the same conf file on the reverse proxy server for another application.
I first accessed the rpt application in a web browser, and then I was asked to enter id and password as expected.
Then I hit rpt2 in the same browser session, and then I was asked to enter id and password again.
My question is: How can I tell the reverse proxy server to authenticate each user just once in this case?
<Location /rpt2 >
Order Deny,Allow
Deny from all
Allow from ...
ProxyPass https://111.111.111.111/rpt2
ProxyPassReverse https://111.111.111.111/rpt2
ProxyPassReverseCookieDomain 111.111.111.111 100.100.100.100
AuthName "Restricted Access"
AuthType Basic
AuthUserFile /etc/httpd/passwd/htpasswd.users
Require valid-user
</Location>

Thanks.

Apache users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.