logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Backend server ask frequently for username and password
Author
spady7



Joined: 18 Nov 2014
Posts: 14
Location: Italy

PostPosted: Wed 17 Feb '16 20:10    Post subject: Backend server ask frequently for username and password Reply with quote

Hi all, i'am using apache2 v. 2.4.10 as reverse proxy. Everything works great except for last "location", inside a existent virtual host, i've added
Client side connect, after i gave username and password. It loads pages. Then, when i click on some buttons that redirects on desired feature, sometimes, not always, username and password's prompt appears again.
What is wrong? Why site ask me again credentials?

Here a snippet of code:

Code:
#------SERVICE-------#

<VirtualHost *:443>
    RewriteEngine on
ServerName name.domain.com

    ProxyRequests Off
    ProxyErrorOverride Off
    ProxyPreserveHost On
  #  ProxyReceiveBufferSize 4096
    KeepAlive On
    ProxyTimeout 1200
   

  <IfModule reqtimeout_module>
        RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500
  </IfModule>

  SSLEngine on
  SSLProxyEngine on
  SSLProxyVerify none
  SSLProxyCheckPeerCN off
  SSLProxyCheckPeerExpire on
  SSLProtocol all -SSLv2 -SSLv3
  SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
  SSLCertificateFile /etc/apache2/certs/wildcard_lw.pem
  SSLCertificateKeyFile /etc/apache2/certs/wildcard_lw.key
  SSLCertificateChainFile /etc/apache2/certs/GoD-intermediate.crt
 
   

#******************************#
#********     HDA     *********#
   
   
<Location /WebTraylet>
   RewriteCond %{REMOTE_ADDR} !^10\.160\.11\.195$
   RewriteCond %{REMOTE_ADDR} 10\.160\.[0-9]{1,3}\.[0-9]{1,3}
   RewriteRule .* https://application.domain.com/WebTraylet [R=301,L]
   ProxyPass https://application.domain.com/WebTraylet
   ProxyPassReverse https://application.domain.com/WebTraylet
   SSLRequireSSL
</Location>

   
<Location /ready4you>
   RewriteCond %{REMOTE_ADDR} !^10\.160\.11\.195$
   RewriteCond %{REMOTE_ADDR} 10\.160\.[0-9]{1,3}\.[0-9]{1,3}
   RewriteRule .* https://application.domain.com/iWebPro/HDA/Logon/Logon.aspx [R=301,L]
   ProxyPass https://application.domain.com/iWebPro/HDA/Logon/Logon.aspx
   ProxyPassReverse https://application.domain.com/iWebPro/HDA/Logon/Logon.aspx
   SSLRequireSSL
</Location>

<LocationMatch "^/(iWebPro.*)|^/(iwebpro.*)|^/(IWebPro.*)|^/(crmui.*)|^/(CRMUI.*)">
   ProxyPass https://application.domain.com
   ProxyPassReverse https://application.domain.com
   SSLRequireSSL
</LocationMatch>



</VirtualHost>
Back to top
spady7



Joined: 18 Nov 2014
Posts: 14
Location: Italy

PostPosted: Fri 19 Feb '16 0:09    Post subject: Reply with quote

Hi, here there are "access logs" FIRST login into web site (named FIRST ACCESS) and log of a button i pressed (on website) after i've already logged in (so username and password are already given).
Any hint?
Regards

FIRST ACCESS:

http://apaste.info/KCC


PRESSED BUTTON FEATURE

http://apaste.info/v53

Mod note: Moved logs to external source.
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7288
Location: Germany, Next to Hamburg

PostPosted: Fri 26 Feb '16 11:20    Post subject: Reply with quote

The backend application seem to loose the authentication. Any chance to debug it there?
Back to top
spady7



Joined: 18 Nov 2014
Posts: 14
Location: Italy

PostPosted: Fri 26 Feb '16 14:32    Post subject: Reply with quote

James Blond wrote:
The backend application seem to loose the authentication. Any chance to debug it there?


Hi James.
I resolved yesterday!!! Seems that APACHE does not work properly with NTLM Auth.
Infact i disabled it on IIS8 and enabled BASIC AUTH and now it work perfectly.

Can you confirm that APACHE has problems with NTLM Auth?
Thank you
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7288
Location: Germany, Next to Hamburg

PostPosted: Fri 26 Feb '16 16:41    Post subject: Reply with quote

Depending on the module you used for NTLM Auth apache has it problems with it.
Back to top
spady7



Joined: 18 Nov 2014
Posts: 14
Location: Italy

PostPosted: Fri 26 Feb '16 16:43    Post subject: Reply with quote

James Blond wrote:
Depending on the module you used for NTLM Auth apache has it problems with it.


Can you help me to understand better?
Which module should be loaded?
Thanks
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7288
Location: Germany, Next to Hamburg

PostPosted: Fri 26 Feb '16 16:47    Post subject: Reply with quote

I got only https://github.com/YvesR/mod_authn_ntlm/ to work. Which is a 3rd party module. Unless you have a big bunch of users who you manage over Windows auth basic is just fine.
Back to top
spady7



Joined: 18 Nov 2014
Posts: 14
Location: Italy

PostPosted: Fri 26 Feb '16 17:47    Post subject: Reply with quote

James Blond wrote:
I got only https://github.com/YvesR/mod_authn_ntlm/ to work. Which is a 3rd party module. Unless you have a big bunch of users who you manage over Windows auth basic is just fine.


Thanks James.
I will give a try.
Regards
Back to top


Reply to topic   Topic: Backend server ask frequently for username and password View previous topic :: View next topic
Post new topic   Forum Index -> Apache