Search squid archive

Re: proxy_auth digest and multiple reverse proxies (siblings)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Le Jeudi 28 Janvier 2010 22:30:41, Deepak Rao a écrit :
> On Thu, Jan 28, 2010 at 12:39 AM, Luis Daniel Lucio Quiroz
> 
> <luis.daniel.lucio@xxxxxxxxx> wrote:
> > Le Mercredi 27 Janvier 2010 12:05:32, Deepak Rao a écrit :
> >> Hi,
> >> 
> >> I have a squid setup requirement in my project for which I could not
> >> find an answer. Any pointers will be helpful...
> >> 
> >> The setup is as follows: I have multiple reverse proxies serving web
> >> pages to clients. A load balancer front-ends the reverse proxies. The
> >> reverse proxies can be configured as siblings.
> >> 
> >> The client requests contain HTTP Digest headers and needs to be
> >> authenticated at my server side (using proxy_auth?) The requests from
> >> a client can be served by any of the reverse proxies & no state is
> >> maintained on the server. Stickiness is also not possible.
> >> 
> >> The issue is:
> >> When the first request (REQ1) comes from client 1, server responds
> >> back with 401 Unauthorized (WWW-Authenticate) and sets a nonce value
> >> (N1) [all this is handled by the reverse proxy itself]
> >> 
> >> Now when the client 1 sends the request (REQ1) again with all the
> >> digest headers (using nonce N1), this request is received by another
> >> reverse proxy. For this reverse proxy, the nonce N1 is unknown and
> >> hence it returns again 401 Unauthorized as response with stale=true
> >> for the nonce N1! Thus the request is never getting served rightly
> >> 
> >> How do I handle this scenario? Is there a way to make all reverse
> >> proxies share the same nonce pool?
> >> 
> >> Any other alternatives for my requirement is also welcome.
> >> 
> >> Thanks,
> >> Deepak
> > 
> > Easygoing, if you are using digest auth, use some persistency in your
> > balances et voila! you are done.  dont use RoundRobin,
> 
> yes that would be the best way. Unfortunately, the servers are hosted
> on third party infrastructure and their load balancer does not provide
> any stickiness. The laod balancer just uses round-robin to pass
> requests to various reverse-proxies.

You wont using Roundrobing,  you MUST use a persistency,
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux