1

We have a server with apache set up as an authentication front end for a backend web service running on the same box.

The setup seemed to work at first, but we soon realised that apache was asking for authentication every time we clicked a link, went back or reloaded a page. We're now at a loss to resolve this.

Our apache2 virtual hosts file:

<VirtualHost *:80>

  ServerName app.ourdomain.com
  ErrorLog /var/log/apache2/graphiti-error.log
  CustomLog /var/log/apache2/graphiti-access.log common

  <Location "/">
          require valid-user
          order allow,deny
          Allow from all
          AuthType Basic
          AuthName "Stats"
          AuthBasicProvider file
          AuthUserFile /etc/passwd_lp
  </Location>

  ProxyRequests off
  ProxyPreserveHost on
  ProxyPass / http://localhost:8080/
  ProxyPassReverse / http://localhost:8080/

  <Proxy *>
          Order allow,deny
          Allow from all
  </Proxy>

</VirtualHost>

We're using Apache2 v2.2.22 on Ubuntu EC2 12.04

We have already tried; moving the Auth declarations into the <Proxy> block; setting ProxyRequests on; setting ProxyPreserveHost off.

Thanks

nightowl
  • 45
  • 8
  • That sounds like it might be a client browser issue.. Is the browser not re-sending the authorization header with subsequent requests? Or is the hostname the client's accessing changing? – Shane Madden Dec 20 '12 at 05:38
  • Hi, we thought this too at first but it's happening with all browsers (FF, Chrome & Safari tested) and the hostnames are consistent.What we suspect to be happening is that Apache forwards the session to the proxy'd backend which does nothing with it. Therefore, every click or reload causes Apache to start a new session and ask for authentication. – nightowl Dec 20 '12 at 11:14
  • Basic authentication doesn't have any concept of 'sessions' - the client browser is responsible for sending the `Authorization` header with every request. Can you check if that's happening using Chrome's developer tools or Firebug? – Shane Madden Dec 20 '12 at 16:16
  • Thanks for the suggestions. Turns out this one has been a bit of a red herring. See my answer. – nightowl Dec 20 '12 at 17:21

1 Answers1

1

I have now solved this problem. It was nothing to do with Apache in the end (per se). Graphiti uses a JavaScript function to make HTTP requests to the Graphite service, which we had set up as a separate vhost, which also had Auth setup (some users prefer to use it directly).

So basically, no user/password were in the URL that graphite was using, and so every one triggered an Auth prompt. To fix it, we just needed to update our templates so that the URL generates with the http://<user>:<password>@<host> syntax.

nightowl
  • 45
  • 8