Hi Florian,
On Fri, Jun 20, 2008 at 04:32:02PM +0200, florian iragne wrote:
> Hi,
>
> I'm trying to use haproxy to load balance icecast servers, using redir
> option.
>
> It does its job almost perfectly, as long as the icecast stream doesn't
> need a username/password. In this case, haproxy does not forward the
> username/password (i can see that the http headers do not contain the
> username).
>
> I'm not a specialist of the http norm, but i thought the 302 redirection
> will forward all given parameters.
>
> So, is this a bug or do i need to find another way to load balance icecast?
The problem is on the browser side in fact, because it authenticates on one hostname (the IP address of haproxy), then is redirected to a different server, so it refuses to send credentials to an unknown place (that would be a security issue).
RFC2617 states that your server may specify a domain name when asking for www authentication. For this, you have to set "domain=xxxx" in the 401 response, with the "WWW-Authenticate" header.
If you use the same domain suffix for your servers and for the LB, it should fix your problem because the browser will then forward the user's authentication to all servers.
Regards,
Willy
Received on 2008/06/20 17:50
This archive was generated by hypermail 2.2.0 : 2008/06/20 18:00 CEST