HOW GEEK!

geek notes for advice seekers

Apache PROXYPASS, NEGATIVE PROXYPASS AND AUTH_BASIC

Today i had to face a weird problem with Apache 2. I wanted to setup a webmail on the SAME virtualhost that i was using to proxy to another host.
Here’s a summary of my configuration:

<VirtualHost *:80>

ServerAdmin sysadmin@localhost

DocumentRoot /var/www/folder

ServerName localhost

Alias /mail /var/lib/roundcube/
<Directory /var/lib/roundcube/>

Options Indexes Includes FollowSymLinks

AllowOverride All

AuthType Basic

AuthUserFile /var/lib/roundcube/.htpasswd

AuthName “Protected Folder”

require valid-user

</Directory>
ProxyRequests Off

ProxyPreserveHost On
<Proxy *>

Order deny,allow

Allow from all

</Proxy>
ProxyPass /mail/ !

ProxyPass / http://0.0.0.0/ ttl=60 retry=0 status=I keepalive=on timeout=2500 disablereuse=on
</VirtualHost>

The problem is that the auth_basic wasn’t working correctly in this setup, Apache was answering with a 200 instead of a 401 message, which prevented the browser from understanding it was actually an authentication..

But this config was working fine without the auth, the webmail was working. And it was working fine with auth but no proxypass.
So what was wrong?! Thanks to the guys @freenode i discovered that Apache was proxying the requests to custom errors in /error/ (as i uncommented the custom errors in apache2.conf). The solution was to add:

ProxyPass /error/ !

Turn loglevel to debug in case you have a similar issue, in my case i could read this:

[Fri Mar 04 15:44:36 2011] [debug] mod_proxy_http.c(56): proxy: HTTP: canonicalising URL //10.10.10.10/error/HTTP_UNAUTHORIZED.html.var
[Fri Mar 04 15:44:36 2011] [debug] proxy_util.c(1506): [client 1.1.1.1] proxy: http: found worker http://10.10.10.10/ for http://10.10.10.10/error/HTTP_UNAUTHORIZED.html.var

Hope it helps.

, , ,

Leave a Reply

Your email address will not be published. Required fields are marked *