3

I'm running an application server behind an Apache proxy with the following sort of thing in my Apache config:

ProxyPass        /app http://myapplication:8080/myapp
ProxyPassReverse /app http://myapplication:8080/myapp

When I switch on NTLM authentication (using mod_ntlm) the authentication fails (it works fine when bypassing the proxy). A quick search reveals lots of issues when running NTLM behind a proxy due to the connection-specific NTLM specification.

Does anyone have a working Apache configuration that allows NTLM authentication through a proxy?

Thanks for any help.

Nick Pierpoint
  • 639
  • 1
  • 8
  • 14
  • 2
    I'm basing this on possibly dated knowledge here but I didn't think NTLM through a proxy worked at all, (excepting possibly the old microsoft isa server). – mahnsc Jun 13 '11 at 02:40
  • Thanks @mahnsc, that's my recollection as well, but I'm wondering if someone has some fancy-dan piece of Apache config magic that provides a workaround. :) – Nick Pierpoint Jun 13 '11 at 08:25
  • 1
    some interesting points on the subject : https://issues.apache.org/bugzilla/show_bug.cgi?id=39673 You can try a Squid Proxy instead, tehre's some options for NTLM support in Squid http://wiki.squid-cache.org/ConfigExamples/Authenticate/Ntlm. – regilero Jun 13 '11 at 10:11

1 Answers1

1

NTLM is connection based therefore not suitable for HTTP-level proxying in general. HAProxy can do TCP reverse proxying which should work just fine. When used as a forward proxy for this situation it's not really packed with features (i.e caching, access control, filtering, etc). It should be just fine to use instead of Apache though.

GomoX
  • 776
  • 3
  • 8
  • 21