Solved

Need a rewrite rule to pass http://username:password@mysite:7000/

Posted on 2003-11-13
4
8,648 Views
Last Modified: 2008-02-01
Hello,

I am trying to create a rewrite rule that proxies a user to a site that requires basic auth, and provides the username & password which logs them in.

Here is the rule I attempted:
RewriteRule ^/invoke(.*) http://username:password@mysite:7000/invoke$1 [NC,P]
ProxyPassReverse /invoke/ http://username:password@mysite:7000/invoke/

The rule does successfully pass you on to the proper site, but the user is still prompted for the username and password. If you provide the user and password you do get the page successfully, but I don't want the user to be prompted.

If I post the username and passworld at mysite directly:
http://username:password@mysite:7000/invoke/index.htm

I am logged in appropriately without being prompted, but for some reason I cannot get this to work with a rewriterule!

Help!

Thanks,
Liam
0
Comment
Question by:Liam2e
4 Comments
 
LVL 16

Accepted Solution

by:
_nn_ earned 250 total points
ID: 9747563
A browser will possibly translate the http://username:password@mysite:7000/invoke/index.htm syntax into a http://mysite:7000/invoke/index.htm request combined with additional auth headers, but I strongly doubt that Apache's mod_rewrite (or any other module for that matter) can do that.

I would approach the problem with another angle. You could for instance get the mysite host to accept connections coming from the IP address of the reverse proxy you're currently setting up. If that mysite host is also running Apache, it's just a matter of using the Satisfy directive, something like

Require valid-user
Allow from <IP of proxy>
Satisfy Any

(see http://httpd.apache.org/docs-2.0/mod/core.html#satisfy for details)

Else, you could of course use some script (CGI, PHP, etc) to do the job, but I suspect you don't like that idea.
0
 
LVL 27

Assisted Solution

by:BigRat
BigRat earned 250 total points
ID: 9927801
mod_proxy does not pass forward basic authentication which is why the user gets prompted. I would suggest you rewrite the incoming url into a perl script which instantiates an http object, passes the authentication and then the url.

Long term this is better, since mod_proxy does not handle cookies. The proxy_pass_reverse applies only to the Location: http response header.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Over the last year I have answered a couple of basic URL rewriting questions several times so I thought I might as well have a stab at: explaining the basics, providing a few useful links and consolidating some of the most common queries into a sing…
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question