Hi,
I'm trying to set up elogd, running on port 8080 behind an Apache server on port 80, using mod_proxy to redirect
to the elogd server, and the recommended
Redirect permanent /elogbook http://example.com/elogbook/
ProxyPass /elogbook/ http://example.com:8080/
This works well for non-password-protected logbooks, but for password protected (that I can access fine via port
8080), I keep getting shown the Login page, even with valid username / password.
Poking around the code, it appears (probably not too surprisingly) that the issue lies in check_login().
For example,
/* if invalid or no session ID, show login page */
if (!skip_sid_check && !sid_check(sid, user_name)) {
if (isparam("redir"))
strlcpy(str, getparam("redir"), sizeof(str));
else
strlcpy(str, isparam("cmdline") ? getparam("cmdline") : _cmdline, sizeof(str));
/* avoid recursive loops with ?cmd=Login */
if (stristr(str, loc("Login")))
str[0] = 0;
/* added write_logfile here...
char mstr[250];
sprintf(mstr, "show_login B %s isparam: %d, cmd: %d, skip_sid_check: %d, sid_check: %d",
user_name, isparam("redir"), isparam("cmdline"), skip_sid_check, sid_check(sid,
user_name));
write_logfile(lbs, mstr);
*/
show_login_page(lbs, str, 0);
return FALSE;
}
and the logfile shows that user_name is blank(!!) and redir, cmdline, skip_sid_check, and sid_check(sid,
user_name) all to be 0. In fact, isparam("unm") and isparam("upwd") are also 0, which explains why user_name
is blank. But the log file also shows
LOGIN user "username" (attempt)
LOGIN user "username" (success)
just prior to this!
I'd guess that the form POST methods aren't being forwarded correctly, but I haven't looked at it in any more
detail.
Is there a way to make this (password protecting logbooks while also using a proxy to Apache) work?
Thanks! |