| Author |
|
spady7
Joined: 18 Nov 2014
Posts: 14
Location: Italy
|
 Posted: Wed 17 Feb '16 20:10 Post subject: Backend server ask frequently for username and password |
 |
|
Hi all, i'am using apache2 v. 2.4.10 as reverse proxy. Everything works great except for last "location", inside a existent virtual host, i've added
Client side connect, after i gave username and password. It loads pages. Then, when i click on some buttons that redirects on desired feature, sometimes, not always, username and password's prompt appears again.
What is wrong? Why site ask me again credentials?
Here a snippet of code:
| Code: | #------SERVICE-------#
<VirtualHost *:443>
RewriteEngine on
ServerName name.domain.com
ProxyRequests Off
ProxyErrorOverride Off
ProxyPreserveHost On
# ProxyReceiveBufferSize 4096
KeepAlive On
ProxyTimeout 1200
<IfModule reqtimeout_module>
RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500
</IfModule>
SSLEngine on
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerExpire on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/apache2/certs/wildcard_lw.pem
SSLCertificateKeyFile /etc/apache2/certs/wildcard_lw.key
SSLCertificateChainFile /etc/apache2/certs/GoD-intermediate.crt
#******************************#
#******** HDA *********#
<Location /WebTraylet>
RewriteCond %{REMOTE_ADDR} !^10\.160\.11\.195$
RewriteCond %{REMOTE_ADDR} 10\.160\.[0-9]{1,3}\.[0-9]{1,3}
RewriteRule .* https://application.domain.com/WebTraylet [R=301,L]
ProxyPass https://application.domain.com/WebTraylet
ProxyPassReverse https://application.domain.com/WebTraylet
SSLRequireSSL
</Location>
<Location /ready4you>
RewriteCond %{REMOTE_ADDR} !^10\.160\.11\.195$
RewriteCond %{REMOTE_ADDR} 10\.160\.[0-9]{1,3}\.[0-9]{1,3}
RewriteRule .* https://application.domain.com/iWebPro/HDA/Logon/Logon.aspx [R=301,L]
ProxyPass https://application.domain.com/iWebPro/HDA/Logon/Logon.aspx
ProxyPassReverse https://application.domain.com/iWebPro/HDA/Logon/Logon.aspx
SSLRequireSSL
</Location>
<LocationMatch "^/(iWebPro.*)|^/(iwebpro.*)|^/(IWebPro.*)|^/(crmui.*)|^/(CRMUI.*)">
ProxyPass https://application.domain.com
ProxyPassReverse https://application.domain.com
SSLRequireSSL
</LocationMatch>
</VirtualHost>
|
|
|
| Back to top |
|
spady7
Joined: 18 Nov 2014
Posts: 14
Location: Italy
|
| Posted: Fri 19 Feb '16 0:09 Post subject: |
|
|
Hi, here there are "access logs" FIRST login into web site (named FIRST ACCESS) and log of a button i pressed (on website) after i've already logged in (so username and password are already given).
Any hint?
Regards
FIRST ACCESS:
http://apaste.info/KCC
PRESSED BUTTON FEATURE
http://apaste.info/v53
Mod note: Moved logs to external source. |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Fri 26 Feb '16 11:20 Post subject: |
|
|
| The backend application seem to loose the authentication. Any chance to debug it there? |
|
| Back to top |
|
spady7
Joined: 18 Nov 2014
Posts: 14
Location: Italy
|
| Posted: Fri 26 Feb '16 14:32 Post subject: |
|
|
| James Blond wrote: | | The backend application seem to loose the authentication. Any chance to debug it there? |
Hi James.
I resolved yesterday!!! Seems that APACHE does not work properly with NTLM Auth.
Infact i disabled it on IIS8 and enabled BASIC AUTH and now it work perfectly.
Can you confirm that APACHE has problems with NTLM Auth?
Thank you |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Fri 26 Feb '16 16:41 Post subject: |
|
|
| Depending on the module you used for NTLM Auth apache has it problems with it. |
|
| Back to top |
|
spady7
Joined: 18 Nov 2014
Posts: 14
Location: Italy
|
| Posted: Fri 26 Feb '16 16:43 Post subject: |
|
|
| James Blond wrote: | | Depending on the module you used for NTLM Auth apache has it problems with it. |
Can you help me to understand better?
Which module should be loaded?
Thanks |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Fri 26 Feb '16 16:47 Post subject: |
|
|
| I got only https://github.com/YvesR/mod_authn_ntlm/ to work. Which is a 3rd party module. Unless you have a big bunch of users who you manage over Windows auth basic is just fine. |
|
| Back to top |
|
spady7
Joined: 18 Nov 2014
Posts: 14
Location: Italy
|
| Posted: Fri 26 Feb '16 17:47 Post subject: |
|
|
Thanks James.
I will give a try.
Regards |
|
| Back to top |
|
