Hey,
i have a problem with basic auth at my haproxy server.
i followed several todos but none of them are working.
I created a userlist:
userlist trusted_users
user user1 insecure-password password1
user user2 insecure-password password2
and i tried the following in the frontend:
http-request auth unless { http_auth(trusted_users) }
or that:
acl auth_ok http_auth(trusted_users)
http-request auth unless auth_ok
On both variants i got a HTTP-401 error.
Any hint why this is not working?
Thats correct behavior: the browser requests a ressource, the server emits a 401 Unauthorized response so that the browser knows HTTP authentication is required, it will then ask the user for username and password and resend the HTTP requests with this data.
but i tested the proxy with user and password. So the behavier is not what i am expecting.
And how are you testing exactly and what behavior are you seeing?
Right now the only information you provided is that it is not working and that you get a 401 response.
To help you, you will have to provide more informations, I also suggest you share the full configuration and a full trace of curl -vv http://username:password@site/
root@xxxxx:/# curl -vv -x 138.201.134.101:9200 -U user1:password1 https://google.com
CONNECT google.com:443 HTTP/1.1
Host: google.com:443
Proxy-Authorization: Basic dXNlcjE6cGFzc3dvcmQx
User-Agent: curl/7.68.0
Proxy-Connection: Keep-Alive
< HTTP/1.1 401 Unauthorized
< content-length: 112
< cache-control: no-cache
< content-type: text/html
< www-authenticate: Basic realm=“proxy_in”
Haproxy is primarily a reverse proxy, not a forward proxy.
I suggest you use an actual forward proxy instead, likey tinyproxy. Bending haproxy to your will for a use-case that is was not designed will result in a mess.