From nobody@hyperreal.com Thu Jun 19 02:37:48 1997 Received: (from nobody@localhost) by hyperreal.com (8.8.5/8.8.5) id CAA18503; Thu, 19 Jun 1997 02:37:48 -0700 (PDT) Message-Id: <199706190937.CAA18503@hyperreal.com> Date: Thu, 19 Jun 1997 02:37:48 -0700 (PDT) From: Ron Owens Reply-To: ron.owens@ucg.ie To: apbugs@hyperreal.com Subject: Using Apache as Proxy Server X-Send-Pr-Version: 3.2 >Number: 751 >Category: config >Synopsis: Using Apache as Proxy Server >Confidential: no >Severity: critical >Priority: medium >Responsible: apache >State: closed >Class: support >Submitter-Id: apache >Arrival-Date: Thu Jun 19 02:40:01 1997 >Last-Modified: Thu Jun 19 22:31:03 PDT 1997 >Originator: ron.owens@ucg.ie >Organization: >Release: 1.2.0 >Environment: OSF1 dair.ucg.ie V4.0 464 alpha >Description: I have the following lines in my access.conf file. I wish to force users to suppl enter username/password the first time they attempt top access a site external to our domain. But they are prompted for user/pass every time they access any other external sites as well. Is there a way of authenticating a user once i.e. on their first access of an external site ? order allow,deny allow from all require valid-user AuthType Basic AuthName membership AuthUserFile /etc/wwwpasswd #deny from [machines you'd like *not* to allow by IP address or name] #allow from [machines you'd like to allow by IP address or name] >How-To-Repeat: >Fix: >Audit-Trail: State-Changed-From-To: open-closed State-Changed-By: marc State-Changed-When: Thu Jun 19 22:31:02 PDT 1997 State-Changed-Why: No, this is not possible with current browsers AFAIK. The problem is that the browser still acts as if it is accessing the real site, not the proxy, so for security reasons it is not acceptable to send a password from one site to another. Unfortunately, there isn't anything Apache can do to fix this. >Unformatted: