reverse proxy and standard http auth.

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

reverse proxy and standard http auth.

leongmzlist
Hi

I'm trying reverse proxy urls w/ basic auth
(http://user:password@.../path/file ).  How will squid
handle that? If squid received a request for the same file, but w/
different credentials, will it hit the cache version or will it hit
the parents?

mike

Reply | Threaded
Open this post in threaded view
|

Re: reverse proxy and standard http auth.

Henrik Nordström
tor 2007-06-07 klockan 15:19 -0700 skrev leongmzlist:
> Hi
>
> I'm trying reverse proxy urls w/ basic auth
> (http://user:password@.../path/file ).

From a browser, or by using a redirector?

In nearly all cases the browser will just send the URL-path to the
"originserver" (the reverse proxy).


For the above to work Squid needs to know the full requested URL.

The cache is on the full URL, so http://user:password@... is
different from http://server.domain/

Regards
Henrik

signature.asc (316 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: reverse proxy and standard http auth.

leongmzlist
The urls are sent via libcurl as
"http://user:pw@.../whatever/cgi?args"  I disabled the stop
hierarchy flags in squid to cache cgi requests.

I mainly want http://user1:pw@.../whatever/cgi?arg1 cached.
When user2 comes and request for the same thing, but w/ different
credentials, it should hit the cache instead of going to the originserver.

If that doesn't work, we can put in a http middleware between squid
and clients to handle the http authentication and url normalization.


mike


At 12:49 AM 6/9/2007, Henrik Nordstrom wrote:

>tor 2007-06-07 klockan 15:19 -0700 skrev leongmzlist:
> > Hi
> >
> > I'm trying reverse proxy urls w/ basic auth
> > (http://user:password@.../path/file ).
>
> From a browser, or by using a redirector?
>
>In nearly all cases the browser will just send the URL-path to the
>"originserver" (the reverse proxy).
>
>
>For the above to work Squid needs to know the full requested URL.
>
>The cache is on the full URL, so http://user:password@... is
>different from http://server.domain/
>
>Regards
>Henrik
>

Reply | Threaded
Open this post in threaded view
|

Re: reverse proxy and standard http auth.

Henrik Nordström
lör 2007-06-09 klockan 01:12 -0700 skrev leongmzlist:
> The urls are sent via libcurl as
> "http://user:pw@.../whatever/cgi?args"  I disabled the stop
> hierarchy flags in squid to cache cgi requests.

Are you sure libcurl will send this on this form when talking to a web
server? It's not an URL format you normally send to a server (any
protocol), only Internet proxies..

A reverse proxy is the server in terms of protocol.

> I mainly want http://user1:pw@.../whatever/cgi?arg1 cached.
> When user2 comes and request for the same thing, but w/ different
> credentials, it should hit the cache instead of going to the originserver.

Then you need to use standard HTTP authentication, and the web server
needs to return "Cache-Control: public" or you need to use
refresh_pattern to override this..

Regards
Henrik

signature.asc (316 bytes) Download Attachment