[squid-users] Re[squid-users] verse Proxy to allow software update

From: cabletastic <simon.powell_at_fmi.co.uk>
Date: Mon, 22 Sep 2008 01:34:33 -0700 (PDT)

Hi there - have set up a Squid 2.6 Reverse proxy with AD authentication to
allow users externally to connect to an AV update server to get their
updates. Idea behind this is such that we can control who is authorised to
get updates and who is not, according to the response from their AD logon
(ie we can disable people if we need to). If I test this using a URL from
external all is good - auth box pops up, lets me auth properly and then
shows me the test website i put up.
But, if I then change this to point to the site in IIS which hosts the app
for the AV updates it fails. The AV client has the credentials embedded in
it (ie it asks for host address to connect to and user/pass/domain). It
seems to authent OK but then gives me loads of /TCP-DENIED 401 errors. Now
then here's the science bit so pay attention :-) . If you connect to the
'real' site to get your updates thru a web browser it redirects from
http://url.number.one:8080 to
https://another.internal.site:4343/path/to_an_executable_to_check_your_AV_software
both sites have proper real world FQDNs) . It's this bit that when I tail
the logs fails dismally. The internal site is on IIS6 and the redirect is
done in asp with a simple < % response.redirect " "%>. Do we think that
this is going to be problematic/doable at all?

-- 
View this message in context: http://www.nabble.com/Reverse-Proxy-to-allow-software-update-tp19603768p19603768.html
Sent from the Squid - Users mailing list archive at Nabble.com.
Received on Mon Sep 22 2008 - 08:34:36 MDT

This archive was generated by hypermail 2.2.0 : Mon Sep 22 2008 - 12:00:02 MDT