GIGO . wrote:
> Hi,
>
> What is the behaviour/mechanism of authentication if using squid
> proxy for both as forward proxy and reverse proxy.
>
> I have successfully setup it for a forward proxy using the Helper
> files by Markus and the following tutorial;
> http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos
>
>
> Now comming in my mind two scenarios. One is that squid is being used
> for authentication and the second one is that web server is providing
> the authenticaiton/authorization and squid is just forwarding the
> requests to the web server? Please guide/suggest/comment about it.
>
Requests arriving in the reverse-proxy port uses WWW-Auth identical to a
origin web server. Ignoring any Proxy-Auth headers.
Requests arriving in the forward-proxy port use Proxy-Auth like a proper
proxy. Passing WWW-Auth headers through untouched.
These are separate mechanisms and can exist side by side in HTTP headers
for separate use by middle proxies and origin server.
>
> However what my pan is that I want that web server(outlookwebacess)
> should be the one taking care of auhentication part and squid should
> simply have given the role of forwarder. However i am not sure which
> approach to adopt and what are any special configurations that are
> required? what are the implications of each approach?
>
The cache_peer login=PASS logics are smart enough to pass
WWW-Auth/Proxy-Auth on in the right way relative to the originserver
setting.
Note: That OWA is quite sensitive to the traffic sent to it. Deviating
from the recommended config example leads most times to trouble:
http://wiki.squid-cache.org/ConfigExamples/Reverse/OutlookWebAccess
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.3Received on Mon May 03 2010 - 10:26:48 MDT
This archive was generated by hypermail 2.2.0 : Mon May 03 2010 - 12:00:03 MDT