Microsoft KB Archive/286227

= Caching-Only Proxy Server Does Not Pass Authentication Request from Firewall =

Article ID: 286227

Article Last Modified on 10/30/2006

-

APPLIES TO


 * Microsoft Proxy Server 2.0 Standard Edition

-



This article was previously published under Q286227



SYMPTOMS
When you are implementing a caching-only Microsoft Proxy Server 2.0 that is behind a third-party firewall program, the Proxy Server may not pass to the client's browser the authentication request that is required by the firewall.



CAUSE
This behavior can occur because HTTP 1.1 does not support authentication over multiple hops. Therefore, the firewall's authentication challenge does not reach the client's browser.



RESOLUTION
To work around this behavior, set the firewall as the upstream proxy, and configure the Proxy Server with a username and password that will be used for all upstream connections. This username and password will be passed to the firewall by the Proxy Server on behalf of the clients.


 * 1) In Microsoft Management Console (MMC) on the Proxy Server, right-click Web Proxy, and then click Properties.
 * 2) Click the Routing tab.
 * 3) Under Upstream Routing, click Use Web Proxy or Array.
 * 4) Click Modify.
 * 5) Type the IP address of the firewall that will be used as the upstream proxy.
 * 6) Click Use Credentials to Communicate with Upstream Proxy or Array.
 * 7) Specify the username and password you want to use to communicate with the upstream proxy (firewall).
 * 8) Click the Permissions tab to enable access control, and then grant access to the appropriate users and groups.

Keywords: kbprb KB286227

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.