转发代理用户身份验证不起作用

转发代理用户身份验证不起作用

我有一个简单的正向代理,需要进行用户身份验证和 IP 地址白名单。我创建了以下虚拟主机:

ProxyRequests On
ProxyVia On

<Proxy xx.xxx.xx.xxx:8888>
   Order deny,allow
   Allow from xx.xxx.xx.xxx
   Allow from xx.xxx.xx.xxx
   Allow from xx.xxx.xx.xxx
   Allow from xx.xxx.xx.xxx

   AuthType Basic
   AuthName "Password Required for Proxy"
   AuthUserFile /etc/apache2/.proxyhtpasswd
   Require user
</Proxy>

代理本身工作正常,但用户身份验证和允许 IP 却不行。我更改了配置 10 次,即使只有 Auth 块,它仍然可以工作,而无需使用(有效的)用户/密码或拥有正确的 IP 地址。

我也尝试通过普通的 VirtualHost 配置来配置它,但仍然没有成功:

<VirtualHost xx.xxx.xx.xxx:8888>
    ProxyRequests On
    ProxyVia On
    SSLProxyEngine On

    <Location />
        Order Deny,Allow
        Deny from all
        Allow from xx.xxx.xx.xxx
        Allow from xx.xxx.xx.xxx
        Allow from xx.xxx.xx.xxx
        Allow from xx.xxx.xx.xxx

        AuthType Basic
        AuthBasicProvider file
        AuthName "Password Required for Proxy"
        AuthUserFile /etc/apache2/.proxyhtpasswd
        Require valid-user
    </Location>
</VirtualHost>

答案1

我认为要么

Require valid-user

或者

Require user [theusername]

但不是

Require user

看:http://httpd.apache.org/docs/current/mod/core.html#require

答案2

我通过将 Proxy 指令与 VirtualHost 指令结合起来解决了这个问题。

<VirtualHost xx.xxx.xx.xxx:8888>
    ProxyRequests On
    ProxyVia On
    SSLProxyEngine On

    <Proxy *>
        Order Deny,Allow
        Deny from all
        Allow from xx.xxx.xx.xxx
        Allow from xx.xxx.xx.xxx
        Allow from xx.xxx.xx.xxx
        Allow from xx.xxx.xx.xxx

        AuthType Basic
        AuthBasicProvider file
        AuthName "Password Required for Proxy"
        AuthUserFile /etc/apache2/.proxyhtpasswd
        Require valid-user
    </Proxy>

    LogLevel warn
    ErrorLog ${APACHE_LOG_DIR}/proxy-error.log
    CustomLog ${APACHE_LOG_DIR}/proxy-access.log combined
</VirtualHost>

相关内容