Implement basic authentication

zahid.k11 · May 26, 2017, 1:57pm

Hi Team,

Lets suppose I’ve configured a my website with domain name “abc.zahid.com” configured in nginx. I also use subdomains like “static1.abc.zahid.com”, “static2.abc.zahid.com”, “static3.abc.zahid.com” which are configured in same vhost as “abc.zahid.com”

Now I want a simple authentication on my haproxy where anybody who visits “abc.zahid.com” should be prompted (ONLY once) from a username and password. once the desired password is entered it should allow all sub domains as well.

I’ve done this on my setup on haproxy, however, it is prompting for authorization on every request plz help.

Following is my haproxy config:

userlist UsersFor_kennel
user username insecure-password password

frontend http-mpweb
bind 192.168.1.10:80
reqadd X-Forwarded-Proto:\ http
mode http
option http-server-close

    acl host_zahid hdr(host) -i abc.zahid.com
    use_backend static-backend if host_zahid

    acl host_zahid hdr(host) -i static1.abc.zahid.com
    use_backend static-backend if host_zahid

    acl host_zahid hdr(host) -i static2.abc.zahid.com
    use_backend static-backend if host_zahid

    acl host_zahid hdr(host) -i static3.abc.zahid.com
    use_backend static-backend if host_zahid

backend static-backend

acl AuthOkay_kennel http_auth(UsersFor_kennel)
http-request auth realm kennel if !AuthOkay_kennel

    balance roundrobin
    option http-server-close
    option forwardfor
    cookie mpstatic insert indirect nocache
    option httpchk HEAD /LoadBalancer_HealthCheck.php HTTP/1.0
    server web 192.168.1.20:80 cookie mpstatic1 check

Kindly let me know if any issue with above config.

Best Regards,
Zahid

lukastribus · May 26, 2017, 6:28pm

That’s not how HTTP authentication works. Each request has to be authenticated. If it isn’t, haproxy will ask for it via a “401 Unauthorized” response.

Also see:

zahid.k11 · May 27, 2017, 11:16pm

Hi,

Could you please correct me with my config to only ask for authentication once and then allow me withou redundant 401.

Thanks for your kind help in advance
Best regards,
Zahid

lukastribus · May 29, 2017, 7:41am

What I am saying is that what you are asking is not possible with HTTP Basic authentication.

Also see:

zahid.k11 · June 2, 2017, 6:41am

Hi Lukastribus,

Ohh!! Is there a workaround.

I’ve done a lot of research but not able to find anything concrete. It keeps on asking me the haproxy basic authentication credentials. Please help!!

The following is my architecture

haproxy --> Nginx (abc.zahid.com, static[123].abc.zahid.com) --> tomcat

Best Regards,
Zahid

lukastribus · June 2, 2017, 7:14pm

I will repeat myself for the third time now, hoping you understand:

This is not possible with HTTP Basic Auth, there is no workaround. It would be possible with Digest Auth, but haproxy doesn’t support it.

Topic		Replies	Views
ACL based on Basic Auth User Help!	3	1640	March 27, 2020
Haproxy ACL rules based on http server backend username Help!	4	3915	April 13, 2020
Haproxy backend selection based on username Help!	1	517	July 16, 2020
Matching IP subnets Help!	4	2440	October 20, 2019
Haproxy acl to block ips and host header Help!	2	2226	December 17, 2020

Implement basic authentication

Related Topics