Re: [squid-users] Multiple squid servers + ldap authentication + wccp or "Super Proxy Script"

From: chowalit.lab Chowalit Lab Linux <chowalit.lab@dont-contact.us>
Date: Mon, 23 Apr 2007 20:18:36 +0700

Dear all,
  Thanks Henrik, It can help me to clear this wccp concept. I just try
to implement my proxy farm with this solution
   - Add domain "proxytest.mycom" to point both of my proxy's ip (such
as 10.1.1.1, 10.1.1.2) our DNS
       proxytest.mycom. IN A 10.1.1.1
                                                  IN A 10.1.1.2
  - Setting up both of proxy with ldap authentication to access the
same Windows 2003 Server.
  - Set proxy domain in client's browser as "proxytest.mycom:8080"

   It look fine. I can fix the twice authentication pop-up windows.
Because client will choose proxy by itself (with round robbin DNS).
However, I still have some problem. I want to restrict only 1 IP per 1
User authentication. The problem occur when different client access
different proxy. How to fix this problem.

Thanks

On 4/21/07, Henrik Nordstrom <henrik@henriknordstrom.net> wrote:
> ons 2007-04-18 klockan 17:14 +0700 skrev chowalit.lab Chowalit Lab
> Linux:
>
> > As I know (Sorry if I have some miss-understanding), It's the same
> > result if I implement either wccp or WPAD. There are difference in
> > client setting up. Client don't need to set anything on browser but
> > WPAD need.
>
> No,
>
> WCCP is transparent interception, violating RFCs etc. Here
> authentication won't work.
>
> WPAD is automatic discovery of the proxy (or to be exact automatic
> discovery of the PAC file telling the browser how it should use
> proxies). As the browser knows it's using a proxy and no RFCs violated
> there is no problem with proxy authentication.
>
> > Sorry I'm not clear. However, as Chris claimed that HA is not fix this problem.
> > Please explain clearly.
>
> A load balanced proxy address solves a problem with basic proxy
> authentication. Basic proxy authentication is performed per proxy host
> name, and as a result PAC based solutions may result in multiple
> authentication prompts during the browsing session, one per proxy used.
> The load balancer solution where the browser always goes to the same
> load balanced proxy address avoid this.
>
> Regards
> Henrik
>
>
Received on Mon Apr 23 2007 - 07:18:39 MDT

This archive was generated by hypermail pre-2.1.9 : Tue May 01 2007 - 12:00:01 MDT