- From: Rob Maidment <rob.maidment@clearswift.com>
- Date: Thu, 23 Oct 2003 15:31:36 +0100
- To: "'ietf-http-wg@w3.org'" <ietf-http-wg@w3.org>
- Message-ID: <2F9121839AC40648B42FBC550E932A71673A2D@farnsworth.EUROPE.CLEARSWIFT.COM>
I am currently investigating a problem that occurs in this type of scenario: browser -> proxy1 -> proxy2 -> server Proxy1 is actually a Squid proxy, it is passing though the end-user authentication to proxy2. The problem occurs because proxy1 is reusing connections to proxy2 for requests from different users, but proxy2 is only authenticating the first request on each new connection. This means that subsequent requests are not being authenticated, and these requests are being treated as if they originated from the first user to use the connection. Which proxy is at fault? I understood that one of the intended benefits of persistent connections was that a proxy would only have to authenticate the first request on each connection, which is a huge performance benefit. But ths assumes that a downstream proxy that passes through user authentication will not re-use the connection for different users. Having said that, so far I have been unable to find any specification that says a proxy need only authenticate the first request on each connection. I'd appreciate any thoughts on the matter, Rob Maidment. --------------------------------------------------------------------------------------------------------------- Clearswift monitors, controls and protects all its messaging traffic in compliance with its corporate email policy using Clearswift products. Find out more about Clearswift, its solutions and services at www.clearswift.com. *********************************************************************************** This communication is confidential and may contain privileged information intended solely for the named addressee(s). It may not be used or disclosed except for the purpose for which it has been sent. If you are not the intended recipient, you must not copy, distribute or take any action in reliance on it. Unless expressly stated, opinions in this message are those of the individual sender and not of Clearswift. If you have received this communication in error, please notify Clearswift by emailing support@clearswift.com quoting the sender and delete the message and any attached documents. Clearswift accepts no liability or responsibility for any onward transmission or use of emails and attachments having left the Clearswift domain. This footnote confirms that this email message has been swept by MIMEsweeper for Content Security threats, including computer viruses.
Received on Thursday, 23 October 2003 10:31:51 UTC