reverse proxy authentication header is processed by confluence

Hello,
we have a confluence 3.5 installation that works fine, if accessed directly; login via html form.

We are now trying to access it via apache reverse proxy. We would like login for confluence to be independent (via html form) from the login to reverse proxy (basic auth). What happens, though, is that confluence is trying to process (unsuccessfully) the basic auth header from the reverse proxy, and the user gets 401. In confluence log I see these messages:

2011-07-08 15:33:18,582 INFO [http-8081-30] [confluence.security.login.DefaultLoginManager] onFailedLoginAttempt
Failed login attempt for user 'user1@unhcr.org':
Request URL: http://10.9.36.50:8081/confluence/
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0
Remote Address: 193.134.136.78
X-Forwarded-For: 193.134.136.246

We don't want to touch anything in the reverse proxy, or tomcat (as there are other applications running under it); is it possible to do something inside the confluence installation to force it to ignore the authentication request from the reverse proxy?

Thanks,
Leo.

2 answers

Could you simply use mod_headers in the vhost definition to strip the auth header before processing the proxy pass?

http://httpd.apache.org/docs/2.0/mod/mod_headers.html

This is super freaking old thread, but for anyone else who's come here with this issue. The work around is to unset the Authorization header when using Apache2 as a reverse proxy.

RequestHeader unset Authorization

The same can be done with NGiNX

proxy_set_header Authorization "";

This works great and solves the issue.

However, if your confluence installation allows anonymous access, and the authentication used with NGiNX/Apache2 isn't the same as Confluence. You'll run into pop-ups for specific elements.

For instance the following link "rest/mywork/latest/status/notification/new"

<status>
<status-code>401</status-code>
<message>
Client must be authenticated to access this resource.
</message>
</status>

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Nov 29, 2018 in New to Confluence

How to use Confluence Cloud for stakeholder management

Most of us don’t need much convincing that stakeholder management is important. It just makes sense that keeping everyone in-the-know on projects and assigning clearly defined roles is key to having ...

1,169 views 4 6
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you