Apache2::AuthenNTML and mod

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Apache2::AuthenNTML and mod_rewrite

Subject: Apache2::AuthenNTML and mod_rewrite
Date: Tue, 12 Jun 2007 12:31:17 +0200
From: "Carlos Carrascal" <suppressed>

Hi,

I have an issue with Apache2::AuthenNTLM and mod_rewrite, and seems that
nobody else is having this problem. Maybe I missed something very simple,
or maybe nobody else is doing this (wich I doubt).

Let's see if I can explain the problem. Our environment is like this:

- Debian Etch
- Apache 2 (2.2.3-4)
- Perl 5.8.8-7
- libapachache2-mod-perl2
- Domain controler uses Windows 2003 Server


We have a <Location /> in Apache that require NTLM authentication for all
content in Apache using Apache2::AuthenNTLM.

Everything works fine for content under DocumentRoot, but we also use some
RewriteRules to serve content from a Tomcat app server, and when the rewrite
applies, Apache returns a "401 Authorization Required" error.


For example, typing these urls in a browser (server is 10.9.133.0)

http://10.9.133.0                    (File /var/www/index.html)   <---
Works fine
http://10.9.133.0/example/index.html (File /var/www/example/index.html
)  <--- Also fine


But with content under "test" wich is rewrited using this rule:

RewriteRule ^/test(.*) http://10.9.133.0:9673/$1 [P,L]

If you ask for (test is a valid python script in the Tomcat server):

http://10.9.133.0/test/test  (File http://10.9.133.0:9673/test )   <-- 401 error


Those rewrites works fine if you already have a valid authentication
(requesting the
home with the browser first, for example), but this means that we
cannot make a direct
link to any file in the rewrited content, because you get the 401
error without the
server even asking for username/password.

This is the apache error log of the failed request.


[20330] AuthenNTLM: Start NTLM Authen handler pid = 20330, connection
= 139690552 conn_http_hdr = keep-alive  main =  cuser =  remote_ip =
10.9.236.124 remote_port = 13872 remote_host = <> version = 0.02
smbhandle =
[20330] AuthenNTLM: Setup new object
[20330] AuthenNTLM: Config Domain = dom_csd1  pdc = sdc1  bdc =
[20330] AuthenNTLM: Config Default Domain = Dom_csd1
[20330] AuthenNTLM: Config Fallback Domain =
[20330] AuthenNTLM: Config AuthType = basic,ntlm AuthName =
Autenticacion bajo NTLM
[20330] AuthenNTLM: Config Auth NTLM = 1 Auth Basic = 1
[20330] AuthenNTLM: Config NTLMAuthoritative = on  BasicAuthoritative = on
[20330] AuthenNTLM: Config Semaphore key = 23754 timeout = 1
[20330] AuthenNTLM: Config SplitDomainPrefix = 1
[20330] AuthenNTLM: Authorization Header <not given>
[Tue Jun 12 12:15:09 2007] [error] Bad/Missing NTLM/Basic
Authorization Header for /test/test



At this point the browser ( both Firefox and IE 6.0) is showing the
401 error. A while after the log shows again:




[20332] AuthenNTLM: Start NTLM Authen handler pid = 20332, connection
= 138433448 conn_http_hdr =   main =  cuser =  remote_ip = 127.0.0.1
remote_port = 13362 remote_host = <> version = 0.02 smbhandle =
[20332] AuthenNTLM: Setup new object
[20332] AuthenNTLM: Config Domain = dom_csd1  pdc = sdc1  bdc =
[20332] AuthenNTLM: Config Default Domain = Dom_csd1
[20332] AuthenNTLM: Config Fallback Domain =
[20332] AuthenNTLM: Config AuthType = basic,ntlm AuthName =
Autenticacion bajo NTLM
[20332] AuthenNTLM: Config Auth NTLM = 1 Auth Basic = 1
[20332] AuthenNTLM: Config NTLMAuthoritative = on  BasicAuthoritative = on
[20332] AuthenNTLM: Config Semaphore key = 23754 timeout = 1
[20332] AuthenNTLM: Config SplitDomainPrefix = 1
[20332] AuthenNTLM: Authorization Header <not given>
[Tue Jun 12 12:17:54 2007] [error] Bad/Missing NTLM/Basic
Authorization Header for /



Those logs are exactly the same as when you request any other page and
click Cancel when the browser ask for password.


This is the apache config file we're using:




<VirtualHost *:80>
       RequestHeader set REMOTE_USER "%{REMOTE_USER}s"

       DocumentRoot /var/www/
       ServerName 10.9.133.0
       KeepAlive On


       <Location />
               PerlAuthenHandler Apache2::AuthenNTLM
               AuthName "Autenticacion bajo NTLM"
               AuthType basic,ntlm
               PerlAddVar ntdomain "Dom_csd1 sdc1"
               PerlSetVar defaultdomain Dom_csd1
               PerlSetVar ntlmdebug 1
               PerlSetVar splitdomainprefix 1
               PerlSetVar ntlmsemtimeout 1
               PerlSetVar ntlmauthoritative on
               PerlSetVar basicauthoritative on
               require valid-user
       </Location>


       ErrorLog /var/log/apache2/error.log

       # Possible values include: debug, info, notice, warn, error, crit,
       # alert, emerg.
       LogLevel warn

       CustomLog /var/log/apache2/access.log combined
       ServerSignature On

      <IfModule mod_rewrite.c>
               RewriteEngine On
               RewriteLogLevel 3
               RewriteLog /var/log/apache2/rewrite.log

               ### Content running in Tomcat
               RewriteRule ^/test(.*) http://10.9.133.0:9673/$1 [P,L]
       </IfModule>

</VirtualHost>




Any ideas? Why everything is working fine except the rewrite rules?
Why the browser dont even ask for credentials?


Hope someone could help, cause this is driving me crazy.

Thanks


--
First they ignore you...
Then they laugh at you...
Then they fight you...
Then you win

Mohandas Ghandi

Use Linux

Prev by Date: Re: [mp2] Segmentation faults with threaded worker-mpm
Next by Date: [mp2] apache segfault when started
Previous by thread: Re: [mp2] Segmentation faults with threaded worker-mpm
Next by thread: [mp2] apache segfault when started
Index(es):
- Date
- Thread

Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.