-----BEGIN PGP SIGNED MESSAGE----- Thanks to everyone for the responses. I've gotten APS up and running and it works as advertised, i.e. perfectly. It does of course require that any tool that I use have proxy support (whisker just got proxy support with 2.0, and even then I don't have it working against APS yet). I understand WebInspect might work, so I will try it once their license squad finishes working me over. I'll take another look at SPIKE proxy for this at some point---last time I wound up in the weeds (code weeds, that is) trying to track down why/where it didn't work. On Thu, 07 Nov 2002 11:35:23 -0800 Dave Aitel <daveat_private> wrote: >Hmm. My basterdized SPIKE Proxy NTLM auth does, in fact, work through >the proxy though. > >Client->SPIKE Proxy->Server > >Where Client is sending Proxy-Authorization, and SPIKE Proxy is >translating that into Authorization: and sending it to the server >and so >on. I get access on IIS 5.0, at least. > > >-dave > >On Wed, 6 Nov 2002 23:27:54 +0100 >Sebastian Flothow <sebastianat_private> wrote: > >> > The goofy three-message exchange that sets up the NTLM security >> > doesn't seem to make it through the proxy, >> >> AFAIK, NTLM _can_ _not_ work through proxies, by design. It seems >it >> includes the client's IP address, which then doesn't match that >of the >> >> proxy (which is the client from the server's point of view), or > >> something similar. >> >> >> Sebastian >> >> -- >> Sebastian Flothow >> sebastianat_private >> #include <stddisclaimer.h> >> >> > > -----BEGIN PGP SIGNATURE----- Version: Hush 2.2 (Java) Note: This signature can be verified at https://www.hushtools.com/verify wlwEARECABwFAj3K2l4VHGNjX21vZm9AaHVzaG1haWwuY29tAAoJEDsVajchvitlG1UA n3OnlWLqIPN1J6P7C7wSmyE+ar1oAKC3pdzrRnmMiNUI9p+by7xyLHJuNA== =cZMw -----END PGP SIGNATURE----- Get your free encrypted email at https://www.hushmail.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Sat Nov 09 2002 - 00:27:37 PST