Hi there - have set up a Squid 2.6 Reverse proxy with AD authentication to allow users externally to connect to an AV update server to get their updates. Idea behind this is such that we can control who is authorised to get updates and who is not, according to the response from their AD logon (ie we can disable people if we need to). If I test this using a URL from external all is good - auth box pops up, lets me auth properly and then shows me the test website i put up. But, if I then change this to point to the site in IIS which hosts the app for the AV updates it fails. The AV client has the credentials embedded in it (ie it asks for host address to connect to and user/pass/domain). It seems to authent OK but then gives me loads of /TCP-DENIED 401 errors. Now then here's the science bit so pay attention :-) . If you connect to the 'real' site to get your updates thru a web browser it redirects from http://url.number.one:8080 to https://another.internal.site:4343/path/to_an_executable_to_check_your_AV_software both sites have proper real world FQDNs) . It's this bit that when I tail the logs fails dismally. The internal site is on IIS6 and the redirect is done in asp with a simple < % response.redirect " "%>. Do we think that this is going to be problematic/doable at all? -- View this message in context: http://www.nabble.com/Reverse-Proxy-to-allow-software-update-tp19603768p19603768.html Sent from the Squid - Users mailing list archive at Nabble.com.
