Re: [squid-users] Reverse Proxy with Password

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Wed, 30 Jul 2003 22:02:03 +0200

On Wednesday 30 July 2003 12.25, Jim Flowers wrote:

> The idea is to use squid (2.4 and 2.5) auth_on_acceleration.
> Unfortunately it doesn't work, the browser not being able to handle
> both the squid and the OWA authorization schemes, I suppose.

There is only room for one web server authentication method in HTTP.

If you want two authentication steps then one of the two needs to use
Cookie authentication or other similar mechanisms.

> Interestingly, squid configured as a proxy-cache and with a browser
> (MSIE6) set up for it, both authentication schemes work - Squid and
> the OWA.

Yes, because then there is only one web server in the path, the OWA.
Squid is then a proxy acting for the client, not a surrogate acting
for the web server.

> Is there a way around this to accomplish what he wants to do?

What I do is to make both use the same login+password. I.e. connect
Squid to your Windows domain, and have Squid forward the same
login+password to the backend web server (i.e. OWA). For forwarding
of login information see the cache_peer directive.

Use of Squid-3.0 is recommended here, even if not yet stable. As
Squid-3.0 is still in development you should allocate some time to
properly verify the desired functionality before set into production,
and keep an close eye on the known bugs for Squid-3.0 to see if/when
there is a significant reason to upgrade before the problem hits you.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com
Received on Wed Jul 30 2003 - 14:02:26 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:21 MST