Solved

Need a rewrite rule to pass http://username:password@mysite:7000/

Posted on 2003-11-13
4
8,645 Views
Last Modified: 2008-02-01
Hello,

I am trying to create a rewrite rule that proxies a user to a site that requires basic auth, and provides the username & password which logs them in.

Here is the rule I attempted:
RewriteRule ^/invoke(.*) http://username:password@mysite:7000/invoke$1 [NC,P]
ProxyPassReverse /invoke/ http://username:password@mysite:7000/invoke/

The rule does successfully pass you on to the proper site, but the user is still prompted for the username and password. If you provide the user and password you do get the page successfully, but I don't want the user to be prompted.

If I post the username and passworld at mysite directly:
http://username:password@mysite:7000/invoke/index.htm

I am logged in appropriately without being prompted, but for some reason I cannot get this to work with a rewriterule!

Help!

Thanks,
Liam
0
Comment
Question by:Liam2e
4 Comments
 
LVL 16

Accepted Solution

by:
_nn_ earned 250 total points
Comment Utility
A browser will possibly translate the http://username:password@mysite:7000/invoke/index.htm syntax into a http://mysite:7000/invoke/index.htm request combined with additional auth headers, but I strongly doubt that Apache's mod_rewrite (or any other module for that matter) can do that.

I would approach the problem with another angle. You could for instance get the mysite host to accept connections coming from the IP address of the reverse proxy you're currently setting up. If that mysite host is also running Apache, it's just a matter of using the Satisfy directive, something like

Require valid-user
Allow from <IP of proxy>
Satisfy Any

(see http://httpd.apache.org/docs-2.0/mod/core.html#satisfy for details)

Else, you could of course use some script (CGI, PHP, etc) to do the job, but I suspect you don't like that idea.
0
 
LVL 27

Assisted Solution

by:BigRat
BigRat earned 250 total points
Comment Utility
mod_proxy does not pass forward basic authentication which is why the user gets prompted. I would suggest you rewrite the incoming url into a perl script which instantiates an http object, passes the authentication and then the url.

Long term this is better, since mod_proxy does not handle cookies. The proxy_pass_reverse applies only to the Location: http response header.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Suggested Solutions

Introduction As you’re probably aware the HTTP protocol offers basic / weak authentication, which in combination with the relevant configuration on your web server, provides the ability to password protect all or part of your host.  If you were not…
Over the last year I have answered a couple of basic URL rewriting questions several times so I thought I might as well have a stab at: explaining the basics, providing a few useful links and consolidating some of the most common queries into a sing…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now