bounty将在5小时后过期。回答此问题可获得+50的声望奖励。Vrishank Gupta希望吸引更多人关注此问题。
我试图使用NGINX作为一个经过身份验证的直通代理(它拦截请求,检查身份验证,并重定向到原始目的地(包括HTTPS和HTTP URL))。
2022/11/04 15:42:58 [info] 6905#0: *7 no user/password was provided for basic authentication, client: 127.0.0.1, server: localhost, request: "GET http://www.google.com/ HTTP/1.1", host: "www.google.com"
2022/11/04 15:42:58 [info] 6905#0: *7 kevent() reported that client 127.0.0.1 closed keepalive connection
我使用下面的curl:
curl -x 127.0.0.1:80 -u username:password "https://www.google.com"
下面是我的nginx.conf文件
index index.html index.htm index.php;
ssl_certificate /usr/local/etc/ssl/certs/self-signed.crt;
ssl_certificate_key /usr/local/etc/ssl/private/self-signed.key;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] $status '
'"$request" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
log_format custom1 '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$http_x_forwarded_for" $request_id '
'"$request_body"';
log_format custom '$request_body' ;
access_log logs/host.access.log custom ;
sendfile on;
spinous on;
server_names_hash_bucket_size 128; # this seems to be required for some vhosts
server { # simple reverse-proxy
listen 8082;
proxy_connect;
auth_basic "Restricted Content";
auth_basic_user_file /etc/apache2/.htpasswd;
proxy_connect_allow 443 563;
proxy_connect_connect_timeout 1220s;
proxy_connect_read_timeout 1220s;
proxy_connect_send_timeout 1220s;
resolver 8.8.8.8;
server_name localhost;
access_log logs/host.access.log main;
listen 443 SSL;
listen [::]:443 SSL;
ssl_session_timeout 5m;
ssl_certificate /usr/local/etc/ssl/certs/self-signed.crt;
ssl_certificate_key /usr/local/etc/ssl/private/self-signed.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_prefer_server_ciphers on;
location / {
proxy_pass $host:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
auth_basic "Administrator’s Area";
auth_basic_user_file /etc/apache2/.htpasswd;
}
}
}
1条答案
按热度按时间lf5gs5x21#
的发生
2022年11月4日15:42:58 [信息] 6905#0:*7没有为基本身份验证提供用户/密码,客户端:127.0.0.1,服务器:本地主机,请求:“GET http://www.google.com/ HTTP/1.1”,主机:“www.google.com“
应该没问题,因为第一个请求是在没有任何身份验证的情况下发出的:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication
Nginx似乎遵循了这种做法:https://serverfault.com/questions/491604/nginx-auth-basic-errors-user-not-found-and-no-user-password-provided