On Wed, Jan 21, 2009 at 03:17:14PM -0000, Morris, Nat wrote:
> Earlier Willy Tarreau [mailto:w#1wt.eu] wrote...
> > On Wed, Jan 14, 2009 at 08:45:18AM -0500, Guillaume Bourque wrote:
> > > Hi,
> > >
> > > If my memory is corrected in Microsft documentation NTLM can't be
> > > proxy unless you configure NTLM in a very specific way. Even Microsoft
> > > proxy did not support NTLM.
> > I believe it can be proxied (by a reverse-proxy at least) but it
> > requires keep-alive because it relies on a 3-way challenge inside the same
> > session. It sometimes causes trouble through some proxies because there is
> > no way to force the connection to stay alive, especially under strong
> > constraints on the proxies.
> > Maybe for your application you can simply disable "option httpclose", but
> > in mind that you'll not be able to log nor to perform content switching or
> > filtering then.
> We've now got this working, created a new backend with some content
> rules to redirect sites that need NTLM support to it (in our case
> and everything is running great.
> Just disabled option httpclose on that backend.
That's quite clever. It does not sound much intrusive and serves the right purpose.
Thanks very much for getting back to us with your findings, I really appreciate it !
Willy Received on 2009/01/21 20:43
This archive was generated by hypermail 2.2.0 : 2009/01/21 20:45 CET