Monday Feb 15, 2010

How to establish NTLM based authentication to a Microsoft based system such as Sharepoint or Outlook Express with Proxy Server 4.0

    Firstly, Ensure that you are running with Proxy Server Version 4.0.13 or higher
(if available). A bug was noted in earlier releases which limited the functionality
of operation of the proxy server within an NTLM authentication scheme.

The bug id is: 6897536

The bug says that the proxy should present the following in the request header:

A proxy that correctly honors client to server
authentication integrity will supply the "Proxy-support: Session-
Based-Authentication" HTTP header to the client in HTTP responses
from the proxy.


Additionally, in order to configure the proxy to work with NTLM authentication,
it will ALSO be necessary to ensure the following configurations are set:

- This feature is disabled by default, and needs to be enabled using
the "PairedConnections" boolean flag in magnus.conf. Set this to TRUE

- The proxy will issue a "Proxy-support: ..." header only if the server's response headers contain a "WWW-Authenticate: NTLM" header.

Friday Nov 14, 2008

How to extract and log client IP addresses to SUN WebServer when requests forward through a proxy server.

A question arose with a client site in which they wanted to know how
they could extract and log the client ip when the request forwards 
through a reverse proxy.

The situation looked liked this:

Client ------------> Reverse Proxy ------------> Web Server
Client <------------ Reverse Proxy <----------- Web Server

In order to find the IP address of the original client, they wanted to capture the
"X-Forwarded-For" header in web server access log and error log.

The way to do this is by using the custom log format available on the Sun WebServer.

If the reverse proxy is adding:

X-Forwarded-For: header to the request, the Web Server can be configured
to log that header field by adding %Req->headers.x-forwarded-for% to the access log format. 
(Note that the Web Server doesn't add an X-Forwarded-For: header when it reverse proxies requests. 
It does, however, add a Proxy-ip: header).

About

Gregory Bedigian

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today