I have two S370 running in transparent mode and all the clients accessing port 80/TCP have to pass the proxy. Unfortunately we have a user who accesses remote libraries. Therefore he has to authenticate explicitly with a remote squid proxy which is listening on port 80/TCP.
The client sets some-proxy.example.com port 80/TCP as his explicit proxy. WCCP between my router and the WSAs redirects traffic to the WSAs. However, as the user types www.goggle.com in his browser the remote proxy answer "Authentication Failed". A wireshark capture shows that WSA blocks HTTP status 407 (Proxy Authentication required).
How can I configure WSA to pass the authentication request to the client?
PS: It is not an option to change the bypass settings.
Re: How to pass HTTP/407 through a transparent WSA
A browser will never respond to an HTTP 407 response when there is no proxy setting configured. I'm not too familiar with squid, but on the WSA, there is an option to force it to use 401 instead of 407 for explicit requests. Maybe they have that option as well? The WSA should pass along what the upstread (the Squid proxy) has sent it.
thanks for your answer. But I feel that you didn't get the point. The local WSA does not authenticate the user because we do not want the users to authentication due to data privacy law. But the remote proxy needs an authentication to verify that access to certain documents (magazines, papers, etc.) is allowed. The remote proxy answer the client request with HTTP status 407. But the client never gets an authentication prompt because WSA does not pass it to the client.
I did a capture and I found the HTTP status 407 but the client did not get an authentication prompt.
However, you didn't read carefully because the client knows about the remote proxy. The user configured the remote proxy on his host and connects to the proxy. The local WSA is a transparent proxy and the client does not know about that one. But the remote proxy is an explicit one.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...