Search squid archive

Re: Squid + F5 balancing doesnt work!!!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On tis, 2008-07-01 at 20:25 -0500, Luis Daniel Lucio Quiroz wrote:

> 1214974554.906      0 99.90.40.253 TCP_DENIED/407 3249 GET 
> http://www.presidencia.gob.mx/imgs/edomayor_over.gif a2 NONE/- text/html
> 
> if we use percistance, it works, but we can stop using of sharing usernames.  
> Balancig schema is like this:
> 
> user -> balancer f5 -> squid1 
>                              \->squid2
> 
> Squid is configured with LDAP-digest auth.

digest auth needs persistent sessions to work best. Without session it
will perform quite badly with many repeated 407 exchanges.

The reason to this is that digest authentication is stateful, with the
server verifying that the client responds to a challenge sent by that
server. This is part of the replay protection agains authenticated
session theft and by design in the digest authentication scheme. Each
time the client gets connected to a new proxy server the server issued
challenge needs to be renewed.

basic authentication works well with "dumb" TCP load balancing, as it's
completely stateless.

NTLM/Negotiate also works with "dumb" TCP load balancing, as it's very
stateful but at the TCP connection level, not at the HTTP message
level..

Regards
Henrik

Attachment: signature.asc
Description: This is a digitally signed message part


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux