Re: [squid-users] Authentication Reverse Proxy

From: Amos Jeffries <>
Date: Mon, 03 May 2010 22:26:43 +1200

GIGO . wrote:
> Hi,
> What is the behaviour/mechanism of authentication if using squid
> proxy for both as forward proxy and reverse proxy.
> I have successfully setup it for a forward proxy using the Helper
> files by Markus and the following tutorial;
> Now comming in my mind two scenarios. One is that squid is being used
> for authentication and the second one is that web server is providing
> the authenticaiton/authorization and squid is just forwarding the
> requests to the web server? Please guide/suggest/comment about it.

Requests arriving in the reverse-proxy port uses WWW-Auth identical to a
origin web server. Ignoring any Proxy-Auth headers.

Requests arriving in the forward-proxy port use Proxy-Auth like a proper
proxy. Passing WWW-Auth headers through untouched.

These are separate mechanisms and can exist side by side in HTTP headers
for separate use by middle proxies and origin server.

> However what my pan is that I want that web server(outlookwebacess)
> should be the one taking care of auhentication part and squid should
> simply have given the role of forwarder. However i am not sure which
> approach to adopt and what are any special configurations that are
> required? what are the implications of each approach?

The cache_peer login=PASS logics are smart enough to pass
WWW-Auth/Proxy-Auth on in the right way relative to the originserver

Note: That OWA is quite sensitive to the traffic sent to it. Deviating
from the recommended config example leads most times to trouble:


Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.3
Received on Mon May 03 2010 - 10:26:48 MDT

This archive was generated by hypermail 2.2.0 : Mon May 03 2010 - 12:00:03 MDT