cancel
Showing results for 
Search instead for 
Did you mean: 
fwmonitor
Level 7

How to forward authentication headers to the next hop proxy?

Hello,

sometimes we need to use temporarily a next hop proxy which use the same auth method (NTLM).

It is possible to forward Proxy-Authorization and Proxy-Authenticate headers to/from the next hop proxy?

regards

0 Kudos
1 Reply
eelsasser
Level 15

Re: How to forward authentication headers to the next hop proxy?

Proxy-Authenticate / Proxy-Authorization  are defined as hop-by-hop headers in RFC2617

http://www.ietf.org/rfc/rfc2617.txt

"Both the Proxy-Authenticate and the Proxy-Authorization header fields are hop-by-hop headers (see section 13.5.1 of [2])."

Hop-by-hop headers are defined as:

http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.5.1

"Hop-by-hop headers, which are meaningful only for a single transport-level connection, and are not stored by caches or forwarded by proxies."

Although you may be able to leverage Cookie Auth on the second proxy, because it uses WWW-Authenticate, it may be overly complicated.

If they are MWG's at both locations, you could have the first proxy insert a username header and the second proxy read that username and use it:

https://community.mcafee.com/thread/54489

0 Kudos