Yes, you are still inside the firewall with no direct connection to the Internet.
The FAQ entry applies to all sibling or child caches. Regards Henrik m�n 2003-02-17 klockan 00.43 skrev Chris Vaughan: > I should point out that this is the layout of the proxies and the firewall: > > sibling <=====> parent <=====> firewall <=====> internet > cache cache > > Is section 4.8 of the F.A.Q. still relevant in this instance? > > -----Original Message----- > From: Henrik Nordstrom [mailto:[EMAIL PROTECTED]] > Sent: Monday, 17 February 2003 9:48 AM > To: Chris Vaughan > Subject: Re: [squid-users] NTLM authentication in Cache Hierachy > > > 4.8 How do I configure Squid to work behind a firewall? > > > Chris Vaughan wrote: > > > > Our firewall is a separate device which the proxy server is allowed access > > through. What part of the F.A.Q. so you refer to? > > > > -----Original Message----- > > From: Henrik Nordstrom [mailto:[EMAIL PROTECTED]] > > Sent: Friday, 14 February 2003 8:47 PM > > To: Chris Vaughan > > Subject: Re: [squid-users] NTLM authentication in Cache Hierachy > > > > In such case you need to see the Squid FAQ on how to use Squid within a > > proxy based firewall.. (hierachy_stoplist is not the correct directive > > to change). > > > > Regards > > Henrik > > > > Chris Vaughan wrote: > > > > > > Thanks, > > > > > > I also found that in our situation it was not appropriate to include a > > > hierachy_stoplist statement, as only our parent caches have access > through > > > our firewall. > > > > > > -----Original Message----- > > > From: Henrik Nordstrom [mailto:[EMAIL PROTECTED]] > > > Sent: Friday, 14 February 2003 12:20 PM > > > To: Chris Vaughan > > > Cc: '[EMAIL PROTECTED]' > > > Subject: Re: [squid-users] NTLM authentication in Cache Hierachy > > > > > > The browser can only authenticate to the first proxy. This is a > > > limitation of the HTTP protocol. It is then the responsibility of this > > > proxy to authenticate to any upstream proxy if required. > > > > > > When using Basic HTTP authentication you can chain the authentication on > > > multiple proxies IFF all of them shares the same password database. See > > > the cache_peer login= option. This also works for Digest if the first > > > proxy is not doing any authentication, but cannot be used for proxying > > > the NTLM authentication scheme. > > > > > > If using NTLM of Digest scheme on the first proxy you cannot forward the > > > authentication of the client to the upstream proxy. Your alternatives > > > are then to either > > > > > > a) Reconfigure the upstream to allow requests from the sibling without > > > requiring authentication > > > > > > b) Use the login= cach_peer option on the sibling to specify which > > > user the sibling should authenticate as to the upstream proxy. > > > > > > Regards > > > Henrik > > > > > > Chris Vaughan wrote: > > > > > > > > Greetings. > > > > > > > > I am trying to authenticate from a sibling cache using ntlm, sending > > > > requests out through a parent. > > > > > > > > If the parent uses NCSA auth, the sibling serves back pages that > cannot > > be > > > > navigated due to authentication failures. > > > > > > > > If the parent is also using ntlm, then a password/userid prompt, that > > will > > > > not accept any input, appears. > > > > > > > > Any Ideas? > > > > > > > > *************************************************************** > > > > This message is intended for the addressee named and > > > > may contain confidential information. If you are not the > > > > intended recipient, please delete it and notify the sender. > > > > Views expressed in this message are those of the > > > > individual sender, and are not necessarily the views of the > > > > Department of Information Technology & Management. > > > > > > > > This email message has been swept by MIMEsweeper > > > > for the presence of computer viruses. > > > > *************************************************************** -- Henrik Nordstrom <[EMAIL PROTECTED]> MARA Systems AB, Sweden
