GIGO . wrote:
Hi,
What is the behaviour/mechanism of authentication if using squid
proxy for both as forward proxy and reverse proxy.
I have successfully setup it for a forward proxy using the Helper
files by Markus and the following tutorial;
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos
Now comming in my mind two scenarios. One is that squid is being used
for authentication and the second one is that web server is providing
the authenticaiton/authorization and squid is just forwarding the
requests to the web server? Please guide/suggest/comment about it.
Requests arriving in the reverse-proxy port uses WWW-Auth identical to a
origin web server. Ignoring any Proxy-Auth headers.
Requests arriving in the forward-proxy port use Proxy-Auth like a proper
proxy. Passing WWW-Auth headers through untouched.
These are separate mechanisms and can exist side by side in HTTP headers
for separate use by middle proxies and origin server.
However what my pan is that I want that web server(outlookwebacess)
should be the one taking care of auhentication part and squid should
simply have given the role of forwarder. However i am not sure which
approach to adopt and what are any special configurations that are
required? what are the implications of each approach?
The cache_peer login=PASS logics are smart enough to pass
WWW-Auth/Proxy-Auth on in the right way relative to the originserver
setting.
Note: That OWA is quite sensitive to the traffic sent to it. Deviating
from the recommended config example leads most times to trouble:
http://wiki.squid-cache.org/ConfigExamples/Reverse/OutlookWebAccess
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.3
