Skip to main content

Issue: Proxy Host Authorization Fails

Issue:

Implementing basic authentication via an Access List assigned to a Proxy Host results in a '403: Forbidden' message rather than bringing up the basic authentication pop-up window. 

 Access List may have worked correctly previously, but any change made and saved to the proxy host, even unrelated changes, breaks basic authentication.

Version(s) Affected: 2.12.1

This problem has appeared off and on in various previous versions to the version outlined here.

Cause & Solution:

NPM is removing the authentication authorization header in the NGINX configuration when the proxy host is modified and saved. This breaks authentication. 

As a workaround, you will will have to:

  • Manually add proxy_set_header Authorization ""; inside the location block in the NGINX configuration file for the specific proxy host affected.
  • Restart the NGINX service to apply the changes.

Until the problem is officially corrected in an NPM version update, this will have to be performed EVERY time you make a change to a proxy host that has an Access List assigned to it. 

Step By Step

  1.  Navigate to the /data/nginx/proxy_host directory under the location where you installed NPM. In my case, this looks like /npm/data/nginx/proxy_host
  2. Identify which proxy_host.conf file is the one you need to fix. This may require you to open each one to see what website it is as the proxy host conf files only show a number; as in 1.conf, 2.conf, etc.
  3. Once identified, open the file for editing.  You will need to have appropriate permissions to edit the file. In my case, I use: sudo nano #.conf where # is the number of the conf file I need to fix. 

  4. Find the Location block in the file. Under that, you should have your Authorization section displaying that authorization is required and which access list is tied to this host. The line highlighted in green in the image below is the line that will be missing and the line that must be there for your access list to work correctly. 


    image.png

  5. Here's the code snippet 
    proxy_set_header Authorization "";
  6. Save the file and restart your NPM instance. Your site should now ask for authentication. 

FYI, the code MUST be at the precise location shown in the above image. If it is not, it will not work. 

Back to top