I have a number of networks (think of them as being in local offices), each of which is connected to the internet via a NAT'ed firewall. Users on these networks access the internet via an Apache server acting as a forwarding proxy. These local office proxies are then chained to a single central forwarding proxy (think of it as being at head office) from where the internet is accessed. Users logon the local office networks and the central office network has no knowledge of the user accounts. The local office proxies are locked down to only accept requests from their local 192.168 network. My problem is how to lock down the head office proxy such that it only handles requests from the local office proxies. I can't filter on the basis of the IP address as the local offices have dynamic addresses. In the prototype solution local office proxies add an X-header into the request and the head office proxy rejects all requests not containing this header. Whilst this prevents open abuse of the proxy, the solution does feel a little bodged. I was wondering whether it is possible to configure the local office proxies to act as a client to use digest authentication. I know Apache supports server side authentication but I'm struggling to see how it can act as the client. Any suggestions as to how I lockdown my head office proxy gratefully received. Many thanks Dave --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|