Re: [squid-users] squid 3 as accelerator & backside digest auth

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Thu, 12 Jan 2006 13:55:11 +0100 (CET)

On Wed, 11 Jan 2006, Mark Foster wrote:

> I got squid-3.0-PRE3-20060110 compiled OK. The intention I have is to
> replace squid-2.5.STABLE3 to accelerate a backend .NET server.
>
> There is a requirement to support digest authentication through to the
> .NET server and 2.5 does not seem to support it - I think because the
> backend request is using HTTP/1.0.

Digest is working fine within HTTP/1.0, and fully supported by Squid-2.5.

In fact any version since Squid-1.0 can proxy Digest authentication just
fine. But since Squid-2.5 (or was it 2.4) it's also supported as a local
authentication scheme for authentication to the proxy.

It is only the NTLM scheme which is troublesome wrt proxies. The Digest
scheme is not troubled by this, no more than good old Basic authentication
is.

> I had hoped 3.0 would support HTTP/1.1 and digest auth based on the
> release notes, however there are some squid.conf directives which do not
> seem valid in 3.0 even though they are in 2.5

Squid-3 is still HTTP/1.0, and the 3.0 release is likely to be as well.

The Digest support is the same as in 2.5. No news there.

As for configuration changes, make sure to read the release notes
carefully. Configuration of Squid-3 is somewhat different from 2.5,
especially in reverse proxy setups.

> So to cut to the chase, my question is... can 3.0 be used as an
> accelerator supporting digest auth on the backside?

Yes.

> Or alternatively,
> could this be supported in 2.5 if correctly configured?

Yes. It is supported by default.

In both it is possble to block authentication to the backend by applying
HTTP header filter rules.

Regards
Henrik
Received on Thu Jan 12 2006 - 05:55:17 MST

This archive was generated by hypermail pre-2.1.9 : Wed Feb 01 2006 - 12:00:01 MST