cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1352
Views
0
Helpful
4
Replies
Highlighted
Beginner

How to pass HTTP/407 through a transparent WSA

Hi all,

I have two S370 running in transparent mode and all the clients accessing port 80/TCP have to pass the proxy. Unfortunately we have a user who accesses remote libraries. Therefore he has to authenticate explicitly with a remote squid proxy which is listening on port 80/TCP.

The client sets some-proxy.example.com port 80/TCP as his explicit proxy. WCCP between my router and the WSAs redirects traffic to the WSAs. However, as the user types www.goggle.com in his browser the remote proxy answer "Authentication Failed". A wireshark capture shows that WSA blocks HTTP status 407 (Proxy Authentication required).

How can I configure WSA to pass the authentication request to the client?

PS: It is not an option to change the bypass settings.

Everyone's tags (5)
4 REPLIES 4
Cisco Employee

Re: How to pass HTTP/407 through a transparent WSA

A browser will never respond to an HTTP 407 response when there is no proxy setting configured.  I'm not too familiar with squid, but on the WSA, there is an option to force it to use 401 instead of 407 for explicit requests.  Maybe they have that option as well?  The WSA should pass along what the upstread (the Squid proxy) has sent it.

Beginner

How to pass HTTP/407 through a transparent WSA

Vance,

thanks for your answer. But I feel that you didn't get the point. The local WSA does not authenticate the user because we do not want the users to authentication due to data privacy law. But the remote proxy needs an authentication to verify that access to certain documents (magazines, papers, etc.) is allowed. The remote proxy answer the client request with HTTP status 407. But the client never gets an authentication prompt because WSA does not pass it to the client.

But this is what should be done.

Cisco Employee

Re: How to pass HTTP/407 through a transparent WSA

The WSA should pass the 407 to the client.  Have you done a packet capture to confirm?

Nonetheless, the client will never respond to the 407 even if it receives it because it does not know of any upstream proxies.

Beginner

How to pass HTTP/407 through a transparent WSA

I did a capture and I found the HTTP status 407 but the client did not get an authentication prompt.

However, you didn't read carefully because the client knows about the remote proxy. The user configured the remote proxy on his host and connects to the proxy. The local WSA is a transparent proxy and the client does not know about that one. But the remote proxy is an explicit one.

Thanks,

Egon