reverse proxy authentication header is processed by confluence

Hello,
we have a confluence 3.5 installation that works fine, if accessed directly; login via html form.

We are now trying to access it via apache reverse proxy. We would like login for confluence to be independent (via html form) from the login to reverse proxy (basic auth). What happens, though, is that confluence is trying to process (unsuccessfully) the basic auth header from the reverse proxy, and the user gets 401. In confluence log I see these messages:

2011-07-08 15:33:18,582 INFO [http-8081-30] [confluence.security.login.DefaultLoginManager] onFailedLoginAttempt
Failed login attempt for user 'user1@unhcr.org':
Request URL: http://10.9.36.50:8081/confluence/
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0
Remote Address: 193.134.136.78
X-Forwarded-For: 193.134.136.246

We don't want to touch anything in the reverse proxy, or tomcat (as there are other applications running under it); is it possible to do something inside the confluence installation to force it to ignore the authentication request from the reverse proxy?

Thanks,
Leo.

2 answers

Could you simply use mod_headers in the vhost definition to strip the auth header before processing the proxy pass?

http://httpd.apache.org/docs/2.0/mod/mod_headers.html

This is super freaking old thread, but for anyone else who's come here with this issue. The work around is to unset the Authorization header when using Apache2 as a reverse proxy.

RequestHeader unset Authorization

The same can be done with NGiNX

proxy_set_header Authorization "";

This works great and solves the issue.

However, if your confluence installation allows anonymous access, and the authentication used with NGiNX/Apache2 isn't the same as Confluence. You'll run into pop-ups for specific elements.

For instance the following link "rest/mywork/latest/status/notification/new"

<status>
<status-code>401</status-code>
<message>
Client must be authenticated to access this resource.
</message>
</status>

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Posted Jul 10, 2018 in Confluence

We want to see the templates you've created in Confluence!

Hi Community, Jessica here from the Confluence Product Marketing team!  July’s community challenge is all about sharing pictures  — and as an extension of our first post on what ...

551 views 20 11
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you