使用反向代理绕过http身份验证
我们正在运行一个使用 HTTP 身份验证的旧版 Web 应用程序。我想让这个应用程序可供某些用户使用,但我不想公开用户名/密码,也不想公开应用程序正在运行的服务器。
为了解决这个问题我打算使用mod_proxy。我进行了以下配置:
<VirtualHost *:443>
# SSL stuff goes in here
ServerName "proxy.local"
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://admin:[email protected]:80/
ProxyPassReverse / http://admin:[email protected]:80/
</VirtualHost>
这是有效的,除了仍然要求用户自己输入管理员/密码的部分。 我可以让 Apache 发送 ProxyPassReserve 中提供的用户名/密码而不询问用户吗?我在 Apache mod_proxy 文档< 中找不到答案/a>.
We are running a legacy web application which uses HTTP Authentication. I want to make this application available to some users but I do not want to expose the username/password and I don't want to expose the server the application is running on.
To solve this problem I intend to use mod_proxy. I made the following configuration:
<VirtualHost *:443>
# SSL stuff goes in here
ServerName "proxy.local"
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://admin:[email protected]:80/
ProxyPassReverse / http://admin:[email protected]:80/
</VirtualHost>
This works, except for the part where users are still asked to type admin/password themselves.
Can I make Apache send the username/password provided in ProxyPassReserve and not ask the user for it? I could not find the answer in the Apache mod_proxy documentation.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
在从 mod_proxy 传递请求之前,您必须启用 mod_headers 并设置 http 授权标头。
只需对 admin:password 字符串进行 base-64 编码,并将 RequestHeader 指令添加到您的配置中:
You will have to enable mod_headers and set http Authorization header before passing request from the mod_proxy.
Just base-64 encode the admin:password string and add RequestHeader directive to your configuration: