Reverse proxy authentication

[bram85]

Hello,

 

I'm trying to configure a reverse proxy with Apache 2.2.8, where one could log into and access intranet and Outlook Web Access (OWA) or possibly other services.

 

I can access the internal servers fine with the ProxyPass and ProxyPassReverse directives. However, putting an authentication on the proxy appears to cause problems. This is a snippet from my Apache configuration:

 

[pre]<Proxy *>

        AuthType Digest

        AuthName "Proxy"

        AuthDigestDomain /

        AuthDigestProvider file

        AuthUserFile /usr/local/www/httpd.auth

        Require valid-user

</Proxy>

 

# 10.0.0.1 running IIS

ProxyPass /owa http://10.0.0.1/

ProxyPassReverse /owa http://10.0.0.1/[/pre]

 

When I try to access the OWA site (external: http://111.111.11.11/owa), I get a authentication prompt for the proxy. I fill in my credentials, and the browser tries to load a new page. However, nothing happens, except that my HTTP logs are filled at a rate with 10 entries/sec with the message:

 

[pre]Digest: client used wrong authentication scheme `NTLM': /owa[/pre]

 

These errors appear with IE 6.x and Firefox 2.0.0.14.

 

Does someone know what is going on here? Is the Digest authentication also forwarded somehow? Or is it something I'm doing fundamentally wrong?

 

Thanks in advance for any answer.

[bram85]

It seems that the first authentication for the proxy ends up at the internal server. How can I 'keep' this authentication on the gateway server and does not get forwarded to the internal server?