Thanks Amos. I did the lynx test on back-end web site on squid system like this: sudo lynx http://wtestsm1.asiapacific.hpqcorp.net First, it show the message: Alert!: Invalid header 'WWW-Authenticate: NTLM' Then it show the following message. Show the 401 message body? (y/n) For the domain auth, I mean the back-end web site need corp domain user to be accessed. I put this in this way, if I log on with my corp domain on my laptop, then I could acces IIS Share Point without any credentials window pop up. If not, I have to input my domain account on credentials window to access the Share Point Site. The following is my squid configuration about this case which I ignore some default sections. #added by kimi acl hpnet src 16.0.0.0/8 # RFC1918 possible internal network #added by kimi acl origin_servers dstdomain ids-ams.elabs.eds.com http_access allow origin_servers http_access allow hpnet http_port 192.85.142.88:80 accel defaultsite=ids-ams.elabs.eds.com connection-auth=on forwarded_for on request_header_access WWW-Authenticate allow all cache_peer wtestsm1.asiapacific.hpqcorp.net parent 80 0 no-query no-digest originserver name=main connection-auth=on login=PASS cache_peer_domain main .elabs.eds.com hierarchy_stoplist cgi-bin ? coredump_dir /var/spool/squid # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 cache_dir aufs /data/squid/cache 12000 64 256 cache_mem 1024 MB maximum_object_size_in_memory 1024 KB maximum_object_size 51200 KB visible_hostname ids-ams.elabs.eds.com debug_options ALL,5 http_access deny all While let squid be running, I do test like this http://ids-ams.elabs.eds.com The 404 error page is shown. That's why I am wondering squid could be as reverse-proxy with IIS SharePoint as back-end? Thanks, ~Kimi On 11/01/2012, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 11/01/2012 6:28 p.m., kimi ge(巍俊葛) wrote: >> Hi, >> >> I have an issue to make squid 3.1.x to work with IIS SharePoint as the >> back-end. >> The details are listed below. >> >> 1. squid 3.1.x is running as a reverse-proxy. >> 2. The back-end is IIS SharePoint Site with domain authentication >> required. >> That means only the valid domain user could access this SharePoint site. >> The issue is it always return 404 error page. And the logon window is >> not prompted. > > What is this "domain authentication" you mention? All of the HTTP auth > mechanisms count as "domain auth" to a reverse proxy, and none of them > are named "Domain". > >> >> My question is whether squid supports this kind of case or not? >> If supports, how should I do configuration on squid.conf file? >> >> Thanks in advance. >> ~Kimi > > 404 status is about the resource being requested _not existing_. Login > only operates when there is something to be authorized fetching. So I > think auth is not relevant at this point in your testing. > > Probably the URL being passed to IIS is not what you are expecting to be > passed and IIS is not setup to handle it. You will need to share your > squid.conf details for more help. > > Amos >
