Skip to main content

Issue: Proxy Host Authorization Fails

Issue:

Implementing basic authentication via an Access List assigned to a Proxy Host results in a '403: Forbidden' message rather than bringing up the basic authentication pop-up window. 

 Basic authentication may have worked for you when it was initially implemented. It did for me. But at some point (perhaps after an NPM version update) it breaks. Not sure when this happened because I don't often make changes to my configured hosts.  The result is; any change made and saved to the proxy host, even unrelated changes, breaks basic authentication.

Version(s) Affected: 2.12.1

Based on some research, this problem seems to have appeared off and on in various previous versions as well.

Cause & Solution:

NPM is removing the authentication authorization header in the NGINX configuration when the proxy host is modified and saved. This breaks authentication. 

As a workaround, you will will have to:

  • Manually add proxy_set_header Authorization ""; inside the location block in the NGINX configuration file for the specific proxy host affected.
  • Restart the NGINX service to apply the changes.

Until the problem is officially corrected in an NPM version update, this will have to be performed EVERY time you make a change to a proxy host that has an Access List assigned to it. 

Step By Step

  1.  Navigate to the /data/nginx/proxy_host directory under the location where you installed NPM. In my case, this looks like /npm/data/nginx/proxy_host
  2. Identify which proxy_host.conf file is the one you need to fix. This may require you to open each one to see what website it is as the proxy host conf files only show a number; as in 1.conf, 2.conf, etc.
  3. Once identified, open the file for editing.  You will need to have appropriate permissions to edit the file. In my case, I use: sudo nano #.conf where # is the number of the conf file I need to fix. 

  4. Find the Location block in the file. Under that, you should have your Authorization section displaying that authorization is required and which access list is tied to this host. The line highlighted in green in the image below is the line that will be missing and the line that must be there for your access list to work correctly. 


    image.png

  5. Here's the code snippet 
    proxy_set_header Authorization "";
  6. Save the file and restart your NPM instance. Your site should now ask for authentication. 

FYI, the code MUST be at the precise location shown in the above image. If it is not, it will not work. After successfully fixing one proxy host file, I literally copied and pasted the entire # Authorization section into each host file affected; changing only the access list number as appropriate for the particular host I was working with (I have multiple access lists). 

Back to top