Dear all,
Thanks Henrik, It can help me to clear this wccp concept. I just try
to implement my proxy farm with this solution
- Add domain "proxytest.mycom" to point both of my proxy's ip (such
as 10.1.1.1, 10.1.1.2) our DNS
proxytest.mycom. IN A 10.1.1.1
IN A 10.1.1.2
- Setting up both of proxy with ldap authentication to access the
same Windows 2003 Server.
- Set proxy domain in client's browser as "proxytest.mycom:8080"
It look fine. I can fix the twice authentication pop-up windows.
Because client will choose proxy by itself (with round robbin DNS).
However, I still have some problem. I want to restrict only 1 IP per 1
User authentication. The problem occur when different client access
different proxy. How to fix this problem.
Thanks
On 4/21/07, Henrik Nordstrom <henrik@xxxxxxxxxxxxxxxxxxx> wrote:
ons 2007-04-18 klockan 17:14 +0700 skrev chowalit.lab Chowalit Lab
Linux:
> As I know (Sorry if I have some miss-understanding), It's the same
> result if I implement either wccp or WPAD. There are difference in
> client setting up. Client don't need to set anything on browser but
> WPAD need.
No,
WCCP is transparent interception, violating RFCs etc. Here
authentication won't work.
WPAD is automatic discovery of the proxy (or to be exact automatic
discovery of the PAC file telling the browser how it should use
proxies). As the browser knows it's using a proxy and no RFCs violated
there is no problem with proxy authentication.
> Sorry I'm not clear. However, as Chris claimed that HA is not fix this problem.
> Please explain clearly.
A load balanced proxy address solves a problem with basic proxy
authentication. Basic proxy authentication is performed per proxy host
name, and as a result PAC based solutions may result in multiple
authentication prompts during the browsing session, one per proxy used.
The load balancer solution where the browser always goes to the same
load balanced proxy address avoid this.
Regards
Henrik
