github-starred/frp
2
0
Fork 0
mirror of https://github.com/fatedier/frp.git synced 2026-05-15 08:05:49 -06:00
Code Issues 40 Projects Packages Wiki Activity Actions 1

[GH-ISSUE #1421] http reverse proxy with NTLM authentication support #1116

New issue
Closed
opened 2026-05-05 12:43:04 -06:00 by gitea-mirror · 5 comments
gitea-mirror commented 2026-05-05 12:43:04 -06:00
Owner
Copy link

Originally created by @hez2010 on GitHub (Aug 31, 2019).
Original GitHub issue: https://github.com/fatedier/frp/issues/1421

What version of frp are you using (./frpc -v or ./frps -v)?
0.27.1

What operating system and processor architecture are you using (go env)?
Windows 10 x64 1903 18362.295

Configures you used:
frpc.ini:

[common]
server_addr = xxxx
server_port = 7000

[devops]
type = http
local_port = 80
custom_domains = xxxx.com
host_header_rewrite = xxxx.com

Steps to reproduce the issue:

  1. setup a website using NTLM authentication
  2. setup http proxy with frp
  3. access your service via proxy

Describe the results you received:
cannot authenticate.

Describe the results you expected:
authenticate successfully

Can you point out what caused this issue (optional)
After searching I found the reason:
NTLM won't work if the TCP packets are not forwarded exactly as the reverse proxy received > them. And that's why many reverse proxy doesn't work with NTLM authentication. (like nginx) > They forward HTTP requests correcty but not the TCP packets.

To solve this, you need to create a keepalive agent.

Originally created by @hez2010 on GitHub (Aug 31, 2019). Original GitHub issue: https://github.com/fatedier/frp/issues/1421 **What version of frp are you using (./frpc -v or ./frps -v)?** 0.27.1 **What operating system and processor architecture are you using (`go env`)?** Windows 10 x64 1903 18362.295 **Configures you used:** frpc.ini: ``` [common] server_addr = xxxx server_port = 7000 [devops] type = http local_port = 80 custom_domains = xxxx.com host_header_rewrite = xxxx.com ``` **Steps to reproduce the issue:** 1. setup a website using NTLM authentication 2. setup http proxy with frp 3. access your service via proxy **Describe the results you received:** cannot authenticate. **Describe the results you expected:** authenticate successfully **Can you point out what caused this issue (optional)** After searching I found the [reason](https://stackoverflow.com/questions/4368453/how-to-enable-windows-authentication-through-a-reverse-proxy): NTLM won't work if the TCP packets are not forwarded exactly as the reverse proxy received > them. And that's why many reverse proxy doesn't work with NTLM authentication. (like nginx) > They forward HTTP requests correcty but not the TCP packets. To solve this, you need to create a keepalive agent.
gitea-mirror commented 2026-05-05 12:43:06 -06:00
Author
Owner
Copy link

@fatedier commented on GitHub (Sep 1, 2019):

It can't supported now, you can try tcp type instead.

<!-- gh-comment-id:526886523 --> @fatedier commented on GitHub (Sep 1, 2019): It can't supported now, you can try tcp type instead.
gitea-mirror commented 2026-05-05 12:43:07 -06:00
Author
Owner
Copy link

@hez2010 commented on GitHub (Sep 1, 2019):

Tcp type proxy do can pass the NTLM Authentication, however while using tcp type proxy, all resources in the website will load from wrong locations.
Is there any plan to support NTLM Authentication in http proxy?

<!-- gh-comment-id:526886682 --> @hez2010 commented on GitHub (Sep 1, 2019): Tcp type proxy do can pass the NTLM Authentication, however while using tcp type proxy, all resources in the website will load from wrong locations. Is there any plan to support NTLM Authentication in http proxy?
gitea-mirror commented 2026-05-05 12:43:08 -06:00
Author
Owner
Copy link

@fatedier commented on GitHub (Sep 1, 2019):

If tcp doesn't work, no other method can help.

<!-- gh-comment-id:526915209 --> @fatedier commented on GitHub (Sep 1, 2019): If tcp doesn't work, no other method can help.
gitea-mirror commented 2026-05-05 12:43:09 -06:00
Author
Owner
Copy link

@hez2010 commented on GitHub (Sep 2, 2019):

I hope that frp can provide an option to create a keepalive http agent(in frps), then the problem can be solved.

<!-- gh-comment-id:527004512 --> @hez2010 commented on GitHub (Sep 2, 2019): I hope that frp can provide an option to create a keepalive http agent(in frps), then the problem can be solved.
gitea-mirror commented 2026-05-05 12:43:10 -06:00
Author
Owner
Copy link

@fatedier commented on GitHub (Sep 2, 2019):

It can't supported now, maybe future. It's cpmplicated.
You can try tcp type instead, if it doesn't work, frp is not suitable for you.

<!-- gh-comment-id:527011583 --> @fatedier commented on GitHub (Sep 2, 2019): It can't supported now, maybe future. It's cpmplicated. You can try tcp type instead, if it doesn't work, frp is not suitable for you.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
dev
new
master
copilot/review-pull-request-5198
v0.68.1
v0.68.0
v0.67.0
v0.66.0
v0.65.0
v0.64.0
v0.63.0
v0.62.1
v0.62.0
v0.61.2
v0.61.1
v0.61.0
v0.60.0
v0.59.0
v0.58.1
v0.58.0
v0.57.0
v0.56.0
v0.55.1
v0.55.0
v0.54.0
v0.53.2
v0.53.1
v0.53.0
v0.52.3
v0.52.2
v0.52.1
v0.52.0
v0.51.3
v0.51.2
v0.51.1
v0.51.0
v0.50.0
v0.49.0
v0.48.0
v0.47.0
v0.46.1
v0.46.0
v0.45.0
v0.44.0
v0.43.0
v0.42.0
v0.41.0
v0.40.0
v0.39.1
v0.39.0
v0.38.0
v0.37.1
v0.37.0
v0.36.2
v0.36.1
v0.36.0
v0.35.1
v0.35.0
v0.34.3
v0.34.2
v0.34.1
v0.34.0
v0.33.0
v0.32.1
v0.32.0
v0.31.2
v0.31.1
v0.31.0
v0.30.0
v0.29.1
v0.29.0
v0.28.2
v0.28.1
v0.28.0
v0.27.1
v0.27.0
v0.26.0
v0.25.3
v0.25.2
v0.25.1
v0.25.0
v0.24.1
v0.24.0
v0.23.3
v0.23.2
v0.23.1
v0.23.0
v0.22.0
v0.21.0
v0.20.0
v0.19.1
v0.19.0
v0.18.0
v0.17.0
v0.16.1
v0.16.0
v0.15.1
v0.15.0
v0.14.1
v0.14.0
v0.13.0
v0.12.0
v0.11.0
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.1
v0.8.0
v0.7.0
v0.6.0
v0.5.0
v0.3.0
v0.2.0
v0.1.0
Labels
Clear labels   
In Progress

   
WIP

   
WaitingForInfo

   
bug

   
doc

   
duplicate

   
easy

   
enhancement

   
future

   
help wanted

   
invalid

   
lifecycle/stale

   
need-issue-template

   
need-usage-help

   
no plan

   
proposal

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
todo
No labels
In Progress
WIP
WaitingForInfo
bug
doc
duplicate
easy
enhancement
future
help wanted
invalid
lifecycle/stale
need-issue-template
need-usage-help
no plan
proposal
pull-request
question
todo
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/frp#1116
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?