Header set & WWW-Authenticate

Thread: Header set & WWW-Authenticate

Search this list only Search all lists
Header set & WWW-Authenticate
United States	2007-09-26 05:00:09
Hi, I'm working with the following setup : Client <-- internet--> apache reverse proxy <--lan--> owa 2003 with NTLM & basic authenticaton activated When using this setup the NTLM authentication is chosen by a browser on the client instead of the basic authentication. My goal is to use basic authentication and to disable NTLM authentication. Unfortunalty due to circumstances I cannot disable it on the owa server itself. Hence I was searching for a way to achief the same result using the reverse proxy. In the apache doc I found the Header directive which allows modification of headers if they exist. So I'm getting the following headers from the IIS : WWW-Authenticate: Negotiate WWW-Authenticate: NTLM WWW-Authenticate: Basic realm="x.x.x.x" And I want to only comminicate the basic one to the client. When using Header unset WWW-Authenticate all headers are removed resulting in an error since no authentication is performed. So I wanted to use the Header edit option which allows modification in the header exists Header edit WWW-Authenticate: ^NTLM dummy Unfortunatly doing this results in removal of all WWW-Authenticate headers except for the Negotiate instead of modification of the headers. Headers sent to client : WWW-Authenticate: Negotiate Can anyone help me and tell me what I'm doing wrong? Kind regards Pieter ------------------------------------------------------------ --------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://htt pd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribehttpd.apache.org " from the digest: users-digest-unsubscribehttpd.apache.org For additional commands, e-mail: users-helphttpd.apache.org

Re: Header set & WWW-Authenticate
India	2007-09-26 05:52:48

I think you need to change the setting on IIS webserver. Navigate as follow virtual directory of your website -> Directory Security ->edit. Check the basic Authentication and uncheck the Integrated Window Authentication. Restart the webserver. Neelam Kumar Sharma PSPL PUNE INDIA ----- Original Message ----- From: "Pieter Vanmeerbeek" <vanmeerbeek.net">pietervanmeerbeek.net> To: <httpd.apache.org">usershttpd.apache.org> Sent: Wednesday, September 26, 2007 3:30 PM Subject: [usershttpd] Header set & WWW-Authenticate > Hi, > > I'm working with the following setup : > > Client <-- internet--> apache reverse proxy <--lan--> owa 2003 with NTLM & > basic ; authenticaton activated > > When using this setup the NTLM authentication is chosen by a browser on the > client instead of the basic authentication. > My goal is to use basic authentication and to disable NTLM authentication. > Unfortunalty due to circumstances I cannot disable it on the owa server >; itself. > Hence I was searching for a way to achief the same result using the reverse > proxy. >; > In the apache doc I found the Header directive which allows modification of > headers if they exist. >; So I'm getting the following headers from the IIS : > > WWW-Authenticate: Negotiate > WWW-Authenticate: NTLM > WWW-Authenticate: Basic realm="x.x.x.x" > > And I want to only comminicate the basic one to the client. > > When using Header unset WWW-Authenticate all headers are removed resulting > in an error since no authentication is performed. > So I wanted to use the Header edit option which allows modification in the > header exists >; > Header edit WWW-Authenticate: ^NTLM dummy > > > Unfortunatly doing this results in removal of all WWW-Authenticate headers > except for the Negotiate instead of modification of the headers. > Headers sent to client : > WWW-Authenticate: Negotiate > > > Can anyone help me and tell me what I'm doing wrong? >; > Kind regards > Pieter >; > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: httpd.apache.org">users-unsubscribehttpd.apache.org >   "   from the digest: httpd.apache.org">users-digest-unsubscribehttpd.apache.org > For additional commands, e-mail: httpd.apache.org">users-helphttpd.apache.org > DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
Re: Header set & WWW-Authenticate
	2007-09-26 08:14:02
On 9/26/07, Pieter Vanmeerbeek <pietervanmeerbeek.net> wrote: > Header edit WWW-Authenticate: ^NTLM dummy > > > Unfortunatly doing this results in removal of all WWW-Authenticate headers > except for the Negotiate instead of modification of the headers. > Headers sent to client : > WWW-Authenticate: Negotiate > > > Can anyone help me and tell me what I'm doing wrong? The problem is that, in HTTP, multiple identical headers are equivalent to a single header with all the values folded together. So I don't believe there is a way in apache to target just one of the headers. Why don't you instead try something like SetEnvIf WWW-Authenticate NTLM gotntlm=yes Header set WWW-Authenticate Basic realm="x.x.x.x" env=gotntlm Joshua. ------------------------------------------------------------ --------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://htt pd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribehttpd.apache.org " from the digest: users-digest-unsubscribehttpd.apache.org For additional commands, e-mail: users-helphttpd.apache.org

[1-3]

about | contact Other archives ( Real Estate discussion Medical topics )