I have setup a Tomcat with a webapp that uses http basic auth in some of its URLs. There is a Apache server in front of the Tomcat.
I have setup Apache as a proxy like this (all traffic should go directly to tomcat):
/etc/httpd/conf.d/proxy_ajp.conf:
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/
There is a webapp installed to root of Tomcat (ROOT.war), so I should be able to use http://localhost/ to access my webapp. But it is not working with http basic auth.
The problem is that everything works until I try to access URL that are protected by the HTTP basic auth. URLs without authentication work just fine.
When accessing this url via apache I am getting an error message from Apache. If I access the same URL directly from tomcat, everything works just fine.
I am getting this to Apache error log:
[Wed Sep 01 21:34:01 2010] [error] proxy: dialog to [::1]:8009 (localhost) failed
access log looks like this:
::1 - - [01/Sep/2010:21:34:01 +0300] "GET /protected_path/ HTTP/1.0" 503 360 "-" "w3m/0.5.2"
I am using:
- Fedora release 13 (Goddard)
- httpd-2.2.16-1.fc13.x86_64
- tomcat5-5.5.27-7.4.fc12.noarch
The basic auth is implemented in the webapp (not in Apache or Tomcat). The webapp is actually implemented in Scala/Lift, but that shouldn't matter. The auth works if I access the tomcat directly.
Error message that I am getting from Apache. It is curious that the title is Unauthorized and not Internal error:
Unauthorized
The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
Apache/2.2.16 (Fedora) Server at my.server.name.com Port 80
It could be that Apache is seeing a some thing else than 200 OK response and thinks that it is an error when it actually should pass the received 401 Unauthorized response directly to browser. If this is the problem, how to fix it?
How did you configure the basic auth? If you are using
<Directory>
Directives, try changing to<Location>
instead. (as the proxied requests don't actually touch an Apache directory..Edit: I assume you have:
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so