Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Remove basic authentication header with apache mod proxy

Tags:

apache

basic-authentication

mod-proxy

I have a HTTP Basic secured website. I hide a Tomcat application server with mod_proxy. Can I remove the HTTP Basic header? The Tomcat application reads the header and returns 401 not authorized. Basic auth isn't needed because the application uses cookie sessions. So I think just removing the headers would be fine.

like image 308
Jan Avatar asked Dec 13 '10 12:12

Jan

People also ask

What is Proxy authenticate header?

The HTTP Proxy-Authenticate response header defines the authentication method that should be used to gain access to a resource behind a proxy server. It authenticates the request to the proxy server, allowing it to transmit the request further.

How do I send a correct Authorization header for basic authentication?

Basic Auth: The client sends HTTP requests with the Authorization header that contains the word Basic, followed by a space and a base64-encoded(non-encrypted) string username: password. For example, to authorize as username / Pa$$w0rd the client would send.

What is HTTP Basic Authentication header?

HTTP basic authentication is a simple challenge and response mechanism with which a server can request authentication information (a user ID and password) from a client. The client passes the authentication information to the server in an Authorization header. The authentication information is in base-64 encoding.

2 Answers

Make sure mod_headers is enabled. An example config:

<VirtualHost *:80>
        ServerName something.example.com
        ServerAdmin [email protected]

        ProxyRequests Off
        ProxyPreserveHost Off
        AllowEncodedSlashes On
        KeepAlive Off

        <Proxy *>
            Order deny,allow
            Allow from all
        </Proxy>

        <Location />
                AuthType Basic
                AuthName "Authorized Users Only"
                AuthUserFile /etc/apache2/passwd
                Require valid-user
        </Location>

        RequestHeader unset Authorization
        ProxyPass / http://localhost:5984/ example
        ProxyPassReverse / http://localhost:5984/

        ErrorLog /var/log/apache2/something.example.com-error_log
        CustomLog /var/log/apache2/something.example.com-access_log common
</VirtualHost>
like image 126
Justin Avatar answered Oct 04 '22 22:10

Justin

I just had the same problem with Apache in front of another Java server trying to do basic auth, adding the following to my Apache config seemed to fix it:

RequestHeader unset Authorization
like image 39
Andy Avatar answered Oct 05 '22 00:10

Andy
Sign in to Comment

Related questions

Apache mod_speling case insensitive URLs issue
Java Apache CLI OptionBuilder not working as Builder pattern
Using velocity split() to split a string into an array doesnt seem to work
htaccess redirect to HTTPS except a few urls
Can't configure the rewrite log
AngularJS : Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource
"Nothing to start" when trying to start Apache Solr
Cannot load modules/mod_ssl.so into server
Use Mod_Rewrite to Rewrite ROOT to Another Path
RewriteCond for url with parameters
htaccess rewrite based on hostname or domain name
Apache 2.4.x manual build and install on RHEL 6.4
Is there a difference between apache module vs cgi (concerning security)?
sticky session with apache web server and tomcat servers
Unable to find the wrapper "https" with file_get_contents
Enable Apache SSL in Docker for local development
Composer - extension iconv is missing
How to redirect different sub domain requests to different port
How to convert my xlsx sheet to java object using Apache POI
Are CNAMES slow?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!