Re: [SQU] Fw: IBM Host on Demand

From: Colin Campbell <[email protected]>
Date: Thu, 22 Feb 2001 09:35:43 +1000 (EST)

Hi,

On Wed, 21 Feb 2001, Adam Lang wrote:

> I now understand the two parts, but what exactly IS proxy authentication
> then? Is that verifying access based on users? IP Address? Something else?

Browsers understand two types of authentication. When a browser connects
to a web site requiring authentication, the server sends back an HTTP
error code, 401, which results in a box popping up in the browser asking
for a user name and password for the particular "realm". The browser
stores this information (username, password, URL) and re-uses it to avoid
having to enter the username/password for every connection to the
server. This information is passed in the HTTP headers of each request.

You can have a proxy do a similar thing, but it sends back a 407,
requesting proxy authentication. The broswer will again ask for
username/password and again stores it. However it will be sent for every
request that passes through the proxy. This info is in the HTTP headers
too, but in a differnet "place" to the web server auth info. The proxy
will strip the proxy auth information out of the HTTP headers (probably,
I'm just guessing here but it doesn't make sense to pass it on).

A very rough description I know but probably close enough.
Colin

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Wed Feb 21 2001 - 16:40:02 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:58:07 MST