disable auth digest for reverse proxy

Question

I have digest auth set up on one of my domains but I would like to disable it for a reverse proxy.

<VirtualHost *:80>
    ServerName example.org
    DocumentRoot /var/www/
    <Directory /var/www/>
            BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
            AuthType Digest
            AuthName "Internal"
            AuthDigestDomain http://example.org/
            AuthDigestProvider file
            AuthUserFile /etc/apache2/example.digest
            Require valid-user

            Options FollowSymLinks MultiViews
            AllowOverride All
            Order allow,deny
            allow from all
    </Directory>

    ExpiresActive On
    ExpiresDefault "access plus 7 days"

    ProxyRequests Off
    ProxyPreserveHost On
    ProxyPass /api/ http://api.otherdomain.com/ retry=0 nocanon
    ProxyPassReverse /api/ http://api.otherdomain.com/
    AllowEncodedSlashes On

    <Proxy *>
        Order allow,deny
        Satisfy Any
        Allow from all
    </Proxy>

As you can see, I have unsuccessfully tried to use a <Proxy> block to Satisfy Any.

score 2 · Accepted Answer · answered Jul 17 '14 at 15:32

I think you solve your problem in a pretty universal way by putting your reverse proxy configuration inside a <Location> tag and make use of how internally Apache merges directives and sets precedence.

<Location> directives are applied last and should overrule the <Directory> directive.

<VirtualHost *:80>
    ServerName example.org
    DocumentRoot /var/www/
    <Directory /var/www/>
            BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
            AuthType Digest
            AuthName "Internal"
            AuthDigestDomain http://example.org/
            AuthDigestProvider file
            AuthUserFile /etc/apache2/example.digest
            Require valid-user

            Options FollowSymLinks MultiViews
            AllowOverride All

    </Directory>

    ExpiresActive On
    ExpiresDefault "access plus 7 days"

    <Location /api/>   
            Order allow,deny
            Allow from all

            ProxyPreserveHost On
            ProxyPass http://api.otherdomain.com/ retry=0 nocanon
            ProxyPassReverse http://api.otherdomain.com/
            AllowEncodedSlashes On
    </Location> 
</VirtalHost>

From Apache 2.3 you can use authorization containers to express more complex authorization logic.

disable auth digest for reverse proxy

1 Answers1