Auth access to page only when reload the redir work

rdcdt · October 6, 2022, 7:57am

1. Output of `caddy version`:

v2.6.1 h1:EDqo59TyYWhXQnfde93Mmv4FJfYe00dO60zMiEt+pzo=

2. How I run Caddy:

.\caddy.exe run --config .\Caddyfile

a. System environment:

Windows

b. Command:

.\caddy.exe run --config .\Caddyfile

c. Service/unit/compose file:

Paste full file contents here.
Make sure backticks stay on their own lines,
and the post looks nice in the preview pane. -->


{
	debug
}
localhost {
	forward_auth /auth/* localhost:8001 {
		uri /login/check
		copy_headers X-User X-Forwarded-Uri
	}

	reverse_proxy /login/* localhost:8001
	root * ./resources
	file_server {
		index /homepage.html
	}
}

3. The problem I’m having:

when i logout by deleting the cookie on the browser i can access pages that need auth, only when reload a page the redirection trigger to the auth page

on the log side there is no log when loading somefile load before, i think that the problem come from here

4. Error messages and/or full log output:

2022/10/06 09:51:09.885 DEBUG   http.handlers.reverse_proxy     upstream roundtrip      {"upstream": "localhost:8001", "duration": 0.0020263, "request": {"remote_ip": "::1", "remote_port": "7256", "proto": "HTTP/2.0", "method": "POST", "host": "localhost", "uri": "/login/password-authenticate", "headers": {"Referer": ["https://localhost/login/sign-in?reason=(auth+cookie+not+found)&redirect=/auth/menuTemplate.html"], "Sec-Ch-Ua": ["\"Microsoft Edge\";v=\"105\", \"Not)A;Brand\";v=\"8\", \"Chromium\";v=\"105\""], "Sec-Fetch-Mode": ["cors"], "Content-Length": ["110"], "Content-Type": ["application/json"], "Accept-Language": ["fr,fr-FR;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6"], "X-Forwarded-Host": ["localhost"], "Accept": ["*/*"], "Sec-Fetch-Dest": ["empty"], "Sec-Ch-Ua-Mobile": ["?0"], "X-Forwarded-For": ["::1"], "X-Forwarded-Proto": ["https"], "Origin": ["https://localhost"], "Sec-Fetch-Site": ["same-origin"], "Sec-Ch-Ua-Platform": ["\"Windows\""], "Accept-Encoding": ["gzip, deflate, br"], "User-Agent": ["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.53"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "h2", "server_name": "localhost"}}, "headers": {"Set-Cookie": [], "Content-Type": ["text/plain; charset=utf-8"], "Location": ["/auth/menuTemplate.html"], "Content-Length": ["10"], "Date": ["Thu, 06 Oct 2022 09:51:09 GMT"], "Server": ["Python/3.10 aiohttp/3.8.3"]}, "status": 302}
2022/10/06 09:51:09.888 DEBUG   http.handlers.reverse_proxy     selected upstream       {"dial": "localhost:8001", "total_upstreams": 1}
2022/10/06 09:51:09.889 DEBUG   http.handlers.reverse_proxy     upstream roundtrip      {"upstream": "localhost:8001", "duration": 0.0015153, "request": {"remote_ip": "::1", "remote_port": "7256", "proto": "HTTP/2.0", "method": "GET", "host": "localhost", "uri": "/login/check?reason=(auth+cookie+not+found)&redirect=/auth/menuTemplate.html", "headers": {"Cookie": [], "Sec-Ch-Ua-Platform": ["\"Windows\""], "X-Forwarded-For": ["::1"], "X-Forwarded-Host": ["localhost"], "User-Agent": ["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.53"], "Sec-Fetch-Mode": ["navigate"], "Accept-Encoding": ["gzip, deflate, br"], "Accept-Language": ["fr,fr-FR;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6"], "Accept": ["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"], "X-Forwarded-Method": ["GET"], "Sec-Ch-Ua": ["\"Microsoft Edge\";v=\"105\", \"Not)A;Brand\";v=\"8\", \"Chromium\";v=\"105\""], "Sec-Ch-Ua-Mobile": ["?0"], "Sec-Fetch-Dest": ["document"], "X-Forwarded-Uri": ["/auth/menuTemplate.html?reason=(auth+cookie+not+found)&redirect=/auth/menuTemplate.html"], "Upgrade-Insecure-Requests": ["1"], "X-Forwarded-Proto": ["https"], "Referer": ["https://localhost/login/sign-in?reason=(auth+cookie+not+found)&redirect=/auth/menuTemplate.html"], "Sec-Fetch-Site": ["same-origin"], "Sec-Fetch-User": ["?1"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "h2", "server_name": "localhost"}}, "headers": {"Content-Length": ["27"], "Date": ["Thu, 06 Oct 2022 09:51:09 GMT"], "Server": ["Python/3.10 aiohttp/3.8.3"], "X-User": ["{\"name\": \"John Smith\", \"email\": \"john@example.com\", \"roles\": [\"admin\"], \"user_id\": \"30000\"}"], "Content-Type": ["text/plain; charset=utf-8"]}, "status": 200}
2022/10/06 09:51:09.890 DEBUG   http.handlers.reverse_proxy     handling response       {"handler": 0}
2022/10/06 09:51:09.890 DEBUG   http.handlers.file_server       sanitized path join     {"site_root": "./resources", "request_path": "/auth/menuTemplate.html", "result": "resources\\auth\\menuTemplate.html"}
2022/10/06 09:51:09.890 DEBUG   http.handlers.file_server       opening file    {"filename": "resources\\auth\\menuTemplate.html"}

5. What I already tried:

i don’t know what to try because i don’t want to desactivate the cache on the server or force the reload

6. Links to relevant resources:

francislavoie · October 6, 2022, 9:08am

Please completely fill out the help topic template. You left out some sections. We need to see your logs.

Also, please mind the formatting, your config is essentially unreadable. Use code block formatting, with ``` triple backticks on their own lines before and after your config.

rdcdt · October 6, 2022, 9:55am

Ok thx i update the message
so after the coockie of auth have being deleted it can load some page that it have already load when log
so there is no log about it

francislavoie · October 6, 2022, 3:32pm

The problem is you used a /auth/* matcher on forward_auth. This means that only requests to /auth/* get checked for authentication. It sounds like that’s not what you want.

Here, copying X-Forwarded-Uri doesn’t make sense. It’s a request header, it won’t exist on the response from your auth gateway. Remove that.

rdcdt · October 7, 2022, 8:43am

thx i deleted the copy header

about the forward every page that need auth to be access is under auth/
for exemple the page that i can get after logout is https://localhost/auth/menuTemplate.html
if i reload this page i get redirected
so don’t see why it doesn’t get redirected

system · November 5, 2022, 7:58am

This topic was automatically closed after 30 days. New replies are no longer allowed.