reverse proxy authentication header is processed by confluence

Hello,
we have a confluence 3.5 installation that works fine, if accessed directly; login via html form.

We are now trying to access it via apache reverse proxy. We would like login for confluence to be independent (via html form) from the login to reverse proxy (basic auth). What happens, though, is that confluence is trying to process (unsuccessfully) the basic auth header from the reverse proxy, and the user gets 401. In confluence log I see these messages:

2011-07-08 15:33:18,582 INFO [http-8081-30] [confluence.security.login.DefaultLoginManager] onFailedLoginAttempt
Failed login attempt for user 'user1@unhcr.org':
Request URL: http://10.9.36.50:8081/confluence/
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0
Remote Address: 193.134.136.78
X-Forwarded-For: 193.134.136.246

We don't want to touch anything in the reverse proxy, or tomcat (as there are other applications running under it); is it possible to do something inside the confluence installation to force it to ignore the authentication request from the reverse proxy?

Thanks,
Leo.

2 answers

Could you simply use mod_headers in the vhost definition to strip the auth header before processing the proxy pass?

http://httpd.apache.org/docs/2.0/mod/mod_headers.html

This is super freaking old thread, but for anyone else who's come here with this issue. The work around is to unset the Authorization header when using Apache2 as a reverse proxy.

RequestHeader unset Authorization

The same can be done with NGiNX

proxy_set_header Authorization "";

This works great and solves the issue.

However, if your confluence installation allows anonymous access, and the authentication used with NGiNX/Apache2 isn't the same as Confluence. You'll run into pop-ups for specific elements.

For instance the following link "rest/mywork/latest/status/notification/new"

<status>
<status-code>401</status-code>
<message>
Client must be authenticated to access this resource.
</message>
</status>

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Mar 12, 2019 in Confluence

Confluence Admin Certification now $150 for Community Members

More and more people are building their careers with Atlassian, and we want you to be at the front of this wave! Important Dates Start the Certification Prep Course by 2 April 2019 Take your e...

1,349 views 2 13
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you