Auth access to page only when reload the redir work

1. Output of caddy version:

v2.6.1 h1:EDqo59TyYWhXQnfde93Mmv4FJfYe00dO60zMiEt+pzo=

2. How I run Caddy:

.\caddy.exe run --config .\Caddyfile

a. System environment:


b. Command:

.\caddy.exe run --config .\Caddyfile

c. Service/unit/compose file:

Paste full file contents here.
Make sure backticks stay on their own lines,
and the post looks nice in the preview pane. -->

localhost {
	forward_auth /auth/* localhost:8001 {
		uri /login/check
		copy_headers X-User X-Forwarded-Uri

	reverse_proxy /login/* localhost:8001
	root * ./resources
	file_server {
		index /homepage.html

3. The problem I’m having:

when i logout by deleting the cookie on the browser i can access pages that need auth, only when reload a page the redirection trigger to the auth page

on the log side there is no log when loading somefile load before, i think that the problem come from here

4. Error messages and/or full log output:

2022/10/06 09:51:09.885 DEBUG   http.handlers.reverse_proxy     upstream roundtrip      {"upstream": "localhost:8001", "duration": 0.0020263, "request": {"remote_ip": "::1", "remote_port": "7256", "proto": "HTTP/2.0", "method": "POST", "host": "localhost", "uri": "/login/password-authenticate", "headers": {"Referer": ["https://localhost/login/sign-in?reason=(auth+cookie+not+found)&redirect=/auth/menuTemplate.html"], "Sec-Ch-Ua": ["\"Microsoft Edge\";v=\"105\", \"Not)A;Brand\";v=\"8\", \"Chromium\";v=\"105\""], "Sec-Fetch-Mode": ["cors"], "Content-Length": ["110"], "Content-Type": ["application/json"], "Accept-Language": ["fr,fr-FR;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6"], "X-Forwarded-Host": ["localhost"], "Accept": ["*/*"], "Sec-Fetch-Dest": ["empty"], "Sec-Ch-Ua-Mobile": ["?0"], "X-Forwarded-For": ["::1"], "X-Forwarded-Proto": ["https"], "Origin": ["https://localhost"], "Sec-Fetch-Site": ["same-origin"], "Sec-Ch-Ua-Platform": ["\"Windows\""], "Accept-Encoding": ["gzip, deflate, br"], "User-Agent": ["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36 Edg/105.0.1343.53"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "h2", "server_name": "localhost"}}, "headers": {"Set-Cookie": [], "Content-Type": ["text/plain; charset=utf-8"], "Location": ["/auth/menuTemplate.html"], "Content-Length": ["10"], "Date": ["Thu, 06 Oct 2022 09:51:09 GMT"], "Server": ["Python/3.10 aiohttp/3.8.3"]}, "status": 302}
2022/10/06 09:51:09.888 DEBUG   http.handlers.reverse_proxy     selected upstream       {"dial": "localhost:8001", "total_upstreams": 1}
2022/10/06 09:51:09.889 DEBUG   http.handlers.reverse_proxy     upstream roundtrip      {"upstream": "localhost:8001", "duration": 0.0015153, "request": {"remote_ip": "::1", "remote_port": "7256", "proto": "HTTP/2.0", "method": "GET", "host": "localhost", "uri": "/login/check?reason=(auth+cookie+not+found)&redirect=/auth/menuTemplate.html", "headers": {"Cookie": [], "Sec-Ch-Ua-Platform": ["\"Windows\""], "X-Forwarded-For": ["::1"], "X-Forwarded-Host": ["localhost"], "User-Agent": ["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36 Edg/105.0.1343.53"], "Sec-Fetch-Mode": ["navigate"], "Accept-Encoding": ["gzip, deflate, br"], "Accept-Language": ["fr,fr-FR;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6"], "Accept": ["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"], "X-Forwarded-Method": ["GET"], "Sec-Ch-Ua": ["\"Microsoft Edge\";v=\"105\", \"Not)A;Brand\";v=\"8\", \"Chromium\";v=\"105\""], "Sec-Ch-Ua-Mobile": ["?0"], "Sec-Fetch-Dest": ["document"], "X-Forwarded-Uri": ["/auth/menuTemplate.html?reason=(auth+cookie+not+found)&redirect=/auth/menuTemplate.html"], "Upgrade-Insecure-Requests": ["1"], "X-Forwarded-Proto": ["https"], "Referer": ["https://localhost/login/sign-in?reason=(auth+cookie+not+found)&redirect=/auth/menuTemplate.html"], "Sec-Fetch-Site": ["same-origin"], "Sec-Fetch-User": ["?1"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "h2", "server_name": "localhost"}}, "headers": {"Content-Length": ["27"], "Date": ["Thu, 06 Oct 2022 09:51:09 GMT"], "Server": ["Python/3.10 aiohttp/3.8.3"], "X-User": ["{\"name\": \"John Smith\", \"email\": \"\", \"roles\": [\"admin\"], \"user_id\": \"30000\"}"], "Content-Type": ["text/plain; charset=utf-8"]}, "status": 200}
2022/10/06 09:51:09.890 DEBUG   http.handlers.reverse_proxy     handling response       {"handler": 0}
2022/10/06 09:51:09.890 DEBUG   http.handlers.file_server       sanitized path join     {"site_root": "./resources", "request_path": "/auth/menuTemplate.html", "result": "resources\\auth\\menuTemplate.html"}
2022/10/06 09:51:09.890 DEBUG   http.handlers.file_server       opening file    {"filename": "resources\\auth\\menuTemplate.html"}

5. What I already tried:

i don’t know what to try because i don’t want to desactivate the cache on the server or force the reload

6. Links to relevant resources:

Please completely fill out the help topic template. You left out some sections. We need to see your logs.

Also, please mind the formatting, your config is essentially unreadable. Use code block formatting, with ``` triple backticks on their own lines before and after your config.

Ok thx i update the message
so after the coockie of auth have being deleted it can load some page that it have already load when log
so there is no log about it :confused:

The problem is you used a /auth/* matcher on forward_auth. This means that only requests to /auth/* get checked for authentication. It sounds like that’s not what you want.

Here, copying X-Forwarded-Uri doesn’t make sense. It’s a request header, it won’t exist on the response from your auth gateway. Remove that.

thx i deleted the copy header

about the forward every page that need auth to be access is under auth/
for exemple the page that i can get after logout is https://localhost/auth/menuTemplate.html
if i reload this page i get redirected
so don’t see why it doesn’t get redirected

This topic was automatically closed after 30 days. New replies are no longer allowed.