But still authentication process doesn't complete succesfully ;-\. Instead, all works fine connecting to IIS directly.

Any pointer will be highly appreciated.

Regards,
Paolo

Well, I'm running Apache 1.3.31 on Windows 2000 (sp4), and the cms bases authentication process on http basic auth, without ssl.

I'll try to explain better the behaviour too. Once you fill in user/password, the cms tell something like 'Welcome Administrator', so, at first the login process succeed. At the next clicks - going on with site navigation - Administrator user is logged out.. and I'm Anonymous user again.

I noticed a weird (and probably meaningful) detail: each page I visit (before or after the authentication), 'Online users' increment the number, like always a new visitor is on the site.

All these things happen with both mod_rewrite (with [P] ) and mod_proxy.

Instead, using the [R] flag with mod_rewrite make the things work perfectly (even if i have the :8080 part in the url...)

I'm completely lost, hope in your help ;-)

With thanks,
Paolo

By the way, if you're using mod_proxy for fetching a page from a remote server, then on the remote server the ip address of the "browser" will be the one from the apache server, not from your connection, this might confuses the CMS (so if it uses ip addresses to check something, then the mod_proxy is not a good solution for you). As far as I know cookies, authentication headers and all this kind of things are passed through the mod_proxy, so I don't really know what should be wrong in your case. Check all sources on information, like the log files of the IIS for possible cookie related issues, or check the responses from the apache with a server header checker, or just with telnet.

Actually I use more or less the same solution (IIS behind Apache), but the role of the IIS is very small, it just does some xml translation straight from the database, therefore I don't need cookies, nor sessions. On the other side the provider of our web metrics software moved to ASP.NET so we need to use IIS for this also, and for this reason I had to "reveal" the IIS, which I simply did it on a separate ip address. Maybe I did it because I was afraid to stuck on a problem like you have (without actually noticing it), I don't know (and because we have far enough ip addresses to do so)

Precious suggestions.. I analyzed http headers using LiveHTTPHeaders for Mozilla (http://livehttpheaders.mozdev.org/), and I found that with mod_proxy (or [P] in mod_rewrite) on each access a new (different) cookie is generated. Therefore, for the cms, each visit is done by a new visitor.

Googling more and more searching for a cookies + mod_proxy issue I found this thread:
[thread.gmane.org...]
in which (if I have understood correctly) they say that a solution for the problem i met will be implemented in Apache 2.1.

Thanks for your great assistance,
Paolo Dina

But I think your problem is because of something else; what I'm thinking about is the scope of a cookie. If the CMS puts the hostname or/and the port into the cookie, and it is different than the hostname where the rewriting is done, then you'll have a problem immediately. Check the header of the CMS page, and take a look on the Cookie header, does it contain a domain specification or a port number. If so, then you'll need to alter the code of the CMS, where the cookie is being set (either to remove the domain specs, either to add the one which is being used by the browsers). If these paremeters aren't the same, then the browser will not send the cookie in the new requests to your first server, because the hostname and/or the port does not match the url in the address bar.

The reason I think the thread you found is not really connected to your problem is that it applies only to the cases when the proxy (mod_proxy) is a caching one, and the cache headers of the responses aren't configured properly. If you use the cache control headers properly, then any proxies in between should request the page every time, with all the cookies sent by the browser included.