top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

How to use authentication provided by application instead of apache's basic authentication

+1 vote

I have application that uses built-in authentication procedure. From client's point of view (browsers, etc.) it works like any basic or digest authentication.
However during the configuration process I sometimes (e.g. when using IIS) have to turn off server's authentication in order to use one built in application. In IIS I simply disable basic and windows authentication for entire site or specific directory and it works perfectly. With other web servers did not have any need to configure anything regarding this, but with Apache I have problem: it prompts for username and password repeatedly even after entering correct credentials. Prompt contains valid realm that is set by my application but entered credentials simply do not pass to my app.
I guess that Apache sort of takes over  the authentication although I did not configure it to do so. I m using default configuration (installed Apache and added my scripting software as script alias). Can anyone help me configure Apache to ignore basic (or digest) authentication sent to my application?

posted Jul 19, 2013 by anonymous

Looking for an answer?  Promote on:
Facebook Share Button Twitter Share Button LinkedIn Share Button

Similar Questions
+1 vote

We have a web app written in PL/SQL (stored procedures in an Oracle database). We use Apache and mod_owa (a variant on the mod_plsql theme) as HTTP glue. Currently were on Apache 2.2, but upgrading to 2.4 would be an option.

Our app handles security itself (our own tables of users and roles); like all web apps, logged in users get a cookie. For the sake of this discussion, lets assume our app runs under

Now we want to be able to serve some ordinary files using Apache to authenticated users (registration of downloads basically). Again, for the sake of discussion, assume that files are served from

How can we integrate this with Apaches authentication? Functionally, a user logged in to our app should be able to download a file without logging in again elsewhere. Conversely, someone who isnt logged in trying to download the file should be prompted to log in.

Whats the best way to achieve this? The easiest way?

0 votes

I'm trying to setup a forward proxy to access certain endpoints on Remote server which require https with basic authentication in header.

A(Application server) ---> Forward proxy (B) ----> Remote server(C)

i'm at B on which i have setup below Apache Virtual host in which i'm setting the headers to use basic authentication passing encoded value of user & pass configured on remote server.However,i want to include HTTPS in my request to C to ensure the headers are sent securely with encrption to remote server (C). I do Not want to use a separate Virtual host for HTTPS. Should i include a SSL Server certificate in my proxy configuration as given below with the basic authentication in header ?
How can i achieve this in Single virtual host ? I have limited knowledge on apache, so please help here.

I tried searching on the internet but did not find the required solution.

##### vHost 9099 is for basic auth with HTTPS #####
Listen *:9099
<VirtualHost *:9099>

        DocumentRoot    /my/doc/root/
        SSLEngine on
        RewriteEngine On
        AllowEncodedSlashes NoDecode

        ProxyRequests On

        # SSL configuration

        SSLCertificateFile       /Path to cert.pem
        SSLCertificateKeyFile    /Path to private key
        SSLCACertificateFile     /Path to CA certs

        ##  Basic64  Encoded XXXX od user and passwd in header

         RequestHeader set Authorization "Basic XXXXX"

         ##  Endpoints accessed via https with basic authentication in header

         ProxyPass /api/api1/
         ProxyPassReverse /api/api1/

+2 votes

My Apache server host few applications something like :


I would like to trace access for a specific application, eg. A. Is it possible?

Or should I use 'LogLevel info' and so log all applications into access.log file (then parsing for specific web page) ?

My config for logging is :

ErrorLog /var/log/apache2/error.log
LogLevel info
CustomLog /var/log/apache2/access.log combined
+1 vote

I have an idea how to setup Apache for doing load balancer based on mod_proxy and mod_balance modules. But in my case the backend server requires ssl client certificate authentication and therefore the Apache Server cannot terminate the ssl connection.

I do no need http session cookie stickyness. The application is stateless. Can I somehow configure Apache as a transparent balancer?

Or I should use even another software - squid, iptables? The backend application is a web service running on Tomcat.