Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Need a rewrite rule to pass http://username:password@mysite:7000/

Posted on 2003-11-13
4
Medium Priority
?
8,661 Views
Last Modified: 2008-02-01
Hello,

I am trying to create a rewrite rule that proxies a user to a site that requires basic auth, and provides the username & password which logs them in.

Here is the rule I attempted:
RewriteRule ^/invoke(.*) http://username:password@mysite:7000/invoke$1 [NC,P]
ProxyPassReverse /invoke/ http://username:password@mysite:7000/invoke/

The rule does successfully pass you on to the proper site, but the user is still prompted for the username and password. If you provide the user and password you do get the page successfully, but I don't want the user to be prompted.

If I post the username and passworld at mysite directly:
http://username:password@mysite:7000/invoke/index.htm

I am logged in appropriately without being prompted, but for some reason I cannot get this to work with a rewriterule!

Help!

Thanks,
Liam
0
Comment
Question by:Liam2e
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 16

Accepted Solution

by:
_nn_ earned 1000 total points
ID: 9747563
A browser will possibly translate the http://username:password@mysite:7000/invoke/index.htm syntax into a http://mysite:7000/invoke/index.htm request combined with additional auth headers, but I strongly doubt that Apache's mod_rewrite (or any other module for that matter) can do that.

I would approach the problem with another angle. You could for instance get the mysite host to accept connections coming from the IP address of the reverse proxy you're currently setting up. If that mysite host is also running Apache, it's just a matter of using the Satisfy directive, something like

Require valid-user
Allow from <IP of proxy>
Satisfy Any

(see http://httpd.apache.org/docs-2.0/mod/core.html#satisfy for details)

Else, you could of course use some script (CGI, PHP, etc) to do the job, but I suspect you don't like that idea.
0
 
LVL 27

Assisted Solution

by:BigRat
BigRat earned 1000 total points
ID: 9927801
mod_proxy does not pass forward basic authentication which is why the user gets prompted. I would suggest you rewrite the incoming url into a perl script which instantiates an http object, passes the authentication and then the url.

Long term this is better, since mod_proxy does not handle cookies. The proxy_pass_reverse applies only to the Location: http response header.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction As you’re probably aware the HTTP protocol offers basic / weak authentication, which in combination with the relevant configuration on your web server, provides the ability to password protect all or part of your host.  If you were not…
If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

662 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question