httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "António Mota" <amsm...@gmail.com>
Subject Re: [users@httpd] Force authentication
Date Tue, 03 Oct 2006 13:04:18 GMT
Hi Nick, nive to ear from you...

I took your sugestion and look at the access.log (i wouldn't think of
that...) and i think the problem wath's not what i thought.

As you know, my Apache server is used as a proxy reverse server, and
it seems the problem is with that. Im my server i have a few pages
that are indeed atuthenticated each time i visit them.

127.0.0.1 - abcd [03/Oct/2006:13:38:07 +0100] "GET /rproxy.html HTTP/1.1" 304 -

(abc is the user)

and if i dinamically delete that user from the file next time he/she
will be asked from authentication again. That is the beahaviour i
expected.

However when i proxy-reverse to other pages the authentication is never checked

127.0.0.1 - - [03/Oct/2006:13:55:52 +0100] "GET
/url=http://www.gtinformatica.pt HTTP/1.1" 302 132

In this case, http://www.gtinformatica.pt is outside my server and
needs no authentication, but since it passes thru my server i was
expecting that it also be authenticated...

Any help on this?

Thanks a lot.





2006/10/2, Nick Kew <nick@webthing.com>:
> On Monday 02 October 2006 21:40, António Mota wrote:
> > Hello:
> >
> > I'm trying to do some basic authentication that checks for user
> > existence on every request, something like this:
> >
> > 1) User asks page
> > 2) Server answer with a 401
> > 3) Browser ask for User id/pwd
> > 4) Browser sends User id/pwd
> > 5) Server looks into user file if user id/pwd exists
>
> Yep.
>
> > so far so good, but i was expecting that steps 4) and 5) will repeat
> > for every request from the Browser from now on.
>
> Yep.  Browser remembers credentials.
>
> > But it seems that does
> > not happen.
>
> Hmm?
>
> > I have my user file updated by a external application (at the moment
> > it's me updating manually between requests) so i expected that if i
> > deleted the user id/pwd from the file between subsquent 4) - 5) the
> > server will detect that the user id was not on the file anymore and
> > ask again for a user id/pwd or signal the browser of invalid
> > credencials.
>
> What's in your access log?  Either your authentication module is
> cacheing something, or (very likely) the browser is.
>
> > But that doesen´t happen, it seems step 5) isn't executed anymore
> > (unless i clear the TTP Authentication ofcourse).
>
> what do you mean by that?
>
> --
> Nick Kew
>
> Application Development with Apache - the Apache Modules Book
> http://www.prenhallprofessional.com/title/0132409674
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>


-- 
Melhores cumprimentos / Kind regards
António Santos Mota

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message