Re: [squid-users] url-rewrite & digest authentication not working together

From: Henrik Nordström <henrik_at_henriknordstrom.net>
Date: Sat, 17 Jul 2010 23:20:35 +0200

ons 2010-07-14 klockan 12:07 -0700 skrev Mike Melson:

> Digest authentication fails because the uri=<string> in the
> Authorization header isn't rewritten & so it doesn't match the POST
> URI created by url-rewrite-program. Is there a way to also rewrite the
> uri string in the Authorization header before squid sends it to the
> originserver?

No, it's included in the one-way digest authentication hash, and
included in the Authorization header just to deal with cases like this.

   digest-uri
     The URI from Request-URI of the Request-Line; duplicated here
     because proxies are allowed to change the Request-Line in transit.

You need to make the server accept the digest-uri as valid in the
Authorization header, or get rid of the need to rewrite the URI.

Note: The server is meant to use digest-uri when verifying the Digest
authentication hash, not the Request-URI.

Regards
Henrik
Received on Sat Jul 17 2010 - 21:20:39 MDT

This archive was generated by hypermail 2.2.0 : Mon Jul 19 2010 - 12:00:04 MDT