You can stop the logging of these with a rule in the access.log manager. Instead of "Always" make the rule say Response.StatusCode does not equal XXX.
Where XXX would be 407 for proxy authentication and 401 for transparent authentication (I think, check your logs)
It's 407. Thanks. So, am I wrong in assuming that a few thousand users authenticating every object on a page would create a bit of a bottleneck or slow down the actual page load?
So you are using an explicit proxy, i assume. It's pretty common to have a lot of them. The MWG caches the authentication for short periods of time, so they all shouldn't be hitting the DC everytime.
If you are using IE, do you have the setting for Use HTTP/1.1 through proxy connection checked? By checking that, the number of 407s should greatly reduce. IE 6 had this disabled by default, but IE 7+ had it enabled, but certain migrations from 6 to 7 and certain GPO settings kept it disabled on ocassion.
If you have that setting enabled, every TCP session will still 407, but not every object.
I have that setting enabled but am still seeing 407's for jpg and other things loaded on the page. We are attempting to put the MWG in transparent router mode, not explicit. If it isn't going to bog down the box I am fine with the not logging option. I just want to try and make the box as efficient as possible.
if you got the MWG setup in transparent router mode (or any transparent deployment mode for that matter), you shouldn't see 407 messages in the logs. 407 is a "proxy authentication required" response that is only interpreted by clients that are proxy aware.
It might be that you got a proxy auth rule set applied to transparent requests and thats not a good think.
You should use the cookie authentication rule set from the library and if you don't want to use cookie auth, you can modify it to use a time based session. But bottom line is you need a rule set that uses the authentication server instewad of proxy authentication for any transparent deployment.
Yeah, you're right. LIke I said this is in initial testing stages and I was looking at the wrong IP. Explicit auth is a code 407 and transparent is 302 so that's my fault, I screwed up. Everything is looking good for the transparent auth. Thanks everyone.