htaccess and mod_proxy (reverse proxy)

htaccess and mod_proxy (reverse proxy)

am 30.10.2003 19:34:33 von coUnt3r

hello,

as we find out squid cannot handle reverse proxy with authentification,
so we taken apache, because htacces for apache works fine.
well... a mistake?


settings:

apache-2.0.47 was compiled with:
--prefix=/usr/local/apache2 --enable-modules=all --enable-ssl \
--with-ssl=/usr/lib/ssl --enable-proxy --enable-proxy-connect \
--enable-proxy-http --enable-rewrite --enable-so

it works as a reverse proxy (for the moment http only)
for OWA on exchange2000. we must forward following dirs:

"/exchange"
"/exchweb"
"/public"

"/" has .htaccess and .htpasswd as well as an index.html with:
""

access for "/" redirect after verification to "/exchange",
but when anybody acces direct the redirected directories,
(http://server.org/exchange) there are not any verification.
he get promptly the exchangeserver (terrible because all of the iis-worms)

all of our attempts fail. either proxy ignored the .htaccess
and pass the proxy without verification, or it fails "no such directory"

have you any hints, if and how it is possible, to use htacces-verification
before directories redirection to exchange?

my httpd.conf


[...]

Options FollowSymLinks
AllowOverride AuthConfig

[...]

a) test1


ProxyPass http://server.org/exchange
ProxyPassReverse http://server.org/exchange



ProxyPass http://server.org/exchweb
ProxyPassReverse http://server.org/exchweb



ProxyPass http://server.org/public
ProxyPassReverse http://server.org/public


redirection works properly, but: "AllowOverride not allowed here" :(

b) test2


AllowOverride AuthConfig
ProxyPass http://server.org/exchange
ProxyPassReverse http://server.org/exchange



AllowOverride AuthConfig
ProxyPass http://server.org/exchweb
ProxyPassReverse http://server.org/exchweb



AllowOverride AuthConfig
ProxyPass http://server.org/public
ProxyPassReverse http://server.org/public


this fails too: "File does not exist: /usr/local/apache2/htdocs/exchange"

c) when we create these dirs (exchange,exchweb and public) and we got
verification for direct request, but after login, we got:

""GET /exchange// HTTP/1.1" 302 164"

=> why these "//" ???


Is anything wrong here? We have not any ideea more,
how to protect redirected dirs from direct access?

May you help us?
Many thanks in advance :)
Tobias


--
NEU FÜR ALLE - GMX MediaCenter - für Fotos, Musik, Dateien...
Fotoalbum, File Sharing, MMS, Multimedia-Gruß, GMX FotoService

Jetzt kostenlos anmelden unter http://www.gmx.net

+++ GMX - die erste Adresse für Mail, Message, More! +++

Re: htaccess and mod_proxy (reverse proxy)

am 30.10.2003 20:28:20 von Graham Leggett

coUnt3r@gmx.net wrote:

> as we find out squid cannot handle reverse proxy with authentification,
> so we taken apache, because htacces for apache works fine.
> well... a mistake?

Using .htaccess for this definitely won't work, they only make sense for
directories locally on the Apache server. You need to place the
authorisation config directives inside the tags in the main
Apache config file, not inside .htaccess files, then your authorisation
will work fine.

If you're going to make this publically available on the net, you're
also encouraged to make sure that Apache is set up to use SSL. This will
ensure that passwords do not travel over the net in the clear. Details
in the docs.

>
> ProxyPass http://server.org/exchange
> ProxyPassReverse http://server.org/exchange
[Put the contents of .htaccess here
>

Regards,
Graham
--

Re: htaccess and mod_proxy (reverse proxy)

am 02.11.2003 11:20:25 von coUnt3r

Hello Graham, hello Robin, hello maillist,


Graham Leggett wrote:

> >
> >ProxyPass http://server.org/exchange
> >ProxyPassReverse http://server.org/exchange
> [Put the contents of .htaccess here
> >

@Graham: Great! It works wonderful! :)

Many thanks!
Tobias

@Robin: maybe a solution for you too?


>
> Regards,
> Graham
> --