Squid Web Cache wiki

Squid Web Cache documentation

🔗 Feature: Connection Pinning

🔗 Details

Connection Pinning is especially useful for proxied connections to servers using Microsoft Integrated Login (NTLM/Negotiate), it needs:

The HTTP protocol extensions used to negotiate this is documented in Internet Draft draft-jaganathan-kerberos-http-01.txt (a copy can be found in doc/rfc/ in the development tree)

This feature has been implemented for the Squid-2 branch starting with Squid-2.6 by Henrik Nordstrom during the CodeSprintOct2005 code sprint in Torino.

This feature has been implemented for the Squid-3 branch starting with Squid-3.1 by ChristosTsantilas

:information_source: NOTE: This feature does not exist in Squid-3.0.

🔗 Configuration Options

This feature is enabled by default in Squid-3.1 and later and makes use of the connection-auth option.

The option can be applied on http_port, https_port, and cache_peer lines. It controls connections either IN or OUT of those access points. If either is disabled connection auth cannot be performed.

When used on a receiving port it can be set to ON or OFF. Default is ON.

http_port ... connection-auth[=on|off]
https_port ... connection-auth[=on|off]

When used on a cache_peer link it can be set to ON, OFF, or AUTO. Default is AUTO which attempts to detect the peer capability when needed.

cache_peer ... connection-auth[=on|off|auto]

Categories: Feature

Navigation: Site Search, Site Pages, Categories, 🔼 go up