Re: Proxy-Authenticate/Proxy-Authorization headers

From: Amos Jeffries <squid3@dont-contact.us>
Date: Sat, 03 May 2008 15:27:33 +1200

Tsantilas Christos wrote:
> Jeremy Hall wrote:
>> If you chain proxies, does it help?
>
> Yep, thank you Jeremy, I know where forwarding
> Proxy-Authenticate/Proxy-Authorization headers needed. The problem is
> that currently squid3-trunk does not forwards these headers. My question
> is about the best way to implement forwarding these headers:
> a) Just forward them like squid2.6/squid3.0 does, or
> b) implement a configuration parameter to enable forwarding these headers
>
> Regards,
> Christos
>

Best consider the cases where such forwarding is needed.

I only know of the peer'ing case where login=PASS is configured.

That case could easily be dealt with by having the client_side ->
server_side clone drop the hop-by-hop headers and the following add of
headers, do a special clone only if login=PASS is configured for that
outbound peer.

I think in general such forwarding (against standards) could be slid in
as not forwarding per-se, but as next-hop value just happening to be the
same as the inbound one (which is standards compliant).

>
>>
>>>>> Tsantilas Christos <chtsanti@users.sourceforge.net> 5/2/2008 12:51
>>>>> PM >>>
>> Hi all,
>>
>> According to the rfc standard the Proxy-Authenticate and
>> Proxy-Authorization are hop-by-hop headers but in practice there are
>> cases where these headers should forwarded.
>> Currently squid2.6 and squid3.0 forward these headers, but
>> squid3-trunk does not.
>>
>> Does make sense to have a configuration parameter to allow/deny
>> forwarding of these headers?
>>
>>
>>
>

Amos

-- 
Please use Squid 2.6.STABLE20 or 3.0.STABLE5
Received on Sat May 03 2008 - 03:26:53 MDT

This archive was generated by hypermail 2.2.0 : Tue May 13 2008 - 12:00:04 MDT