4 Replies Latest reply on Feb 16, 2016 2:43 PM by reneg

    EMSS Caching Proxy & Authentication

    bduncan@masshousing.com Rookie

      We run EMSS 8.3 and have the caching proxy in out dmz running on Windows.  Mobile users can be off-network and their agents will use the proxy address to contact our EMSS server on our inside network.  It is working fine except I would like to enable authentication.  The Heat caching proxy is just squid running on Windows and I know squid on Linux supports authentication.  I was told that there were no resources on how to do this with the caching proxy.  There is also no way other than squid.conf to configure the proxy while on Linux there are command line settings to do things like configuring local users.

       

      Anyone figure out how to get the caching proxy to require authentication for agents that are remote from the network and are trying to communicate with the EMSS server on the inside network?  I did try to get regular squid on Linux to work using the same squid.conf file that the caching proxy used but couldn't get it going.  I'm not a Linux expert.

       

      Thanks in advance.

        • 1. Re: EMSS Caching Proxy & Authentication
          jonbays Apprentice

          I am not sure myself not having played with Patchlink Distribution Point or Lumension Caching Proxy (Squid) for some time but the EMSS Agent policy settings for the proxy "fastpath" have an authenticated check box which allows you to enter credentials for the proxy server. Once this policy has been updated on the endpoints they should be able to authenticate on the proxy.

          • 2. Re: EMSS Caching Proxy & Authentication
            bduncan@masshousing.com Rookie

            Thanks for the reply.  I know that side of it, but the question is how to get the caching proxy to require credentials for the agents as per the policy.  No one seems to know how to do that.  If I could ditch the caching proxy and get regular squid to work then I know how to configure authentication on that.  If I can get it to work I'll publish a tech note on it.  Only $5 a copy.  A bargain considering how long it takes to figure out on your own.

             

            Sent from my iPhone

            • 3. Re: EMSS Caching Proxy & Authentication
              jonbays Apprentice

              Please do share your tech notes on the standard Squid authenticated proxy set up as I am sure this is something many people would be interested in. I can't see why it shouldn't work.

              • 4. Re: EMSS Caching Proxy & Authentication
                reneg Apprentice

                Hello Bruce,

                I'm been working with PatchLink/Lumension/HEAT for over 10 years now and with confidence, I know how to configure Squid Proxy for Windows to force a userID and password.  We do not publish these instructions because the userid and password that is sent to the proxy server is sent over clear text so we try and avoid it as much as possible for security reasons.

                 

                The official Squid documentation can be found on http://www.squid-cache.org/Doc/config/auth_param/.  If you need some documentation from HEAT with reference to our Caching Proxy on Windows let me know.

                 

                Sincerely,

                René Anthony Gonzalez, Sr. Pre-Sales Technical Consultant-Team Lead

                O : 480.663.8780 | Email: reneg@heatsoftware.com | Skype: rene.gonzalez7

                HEAT Software (Lumension is now part of the HEAT Software group)

                8660 E. Hartford Dr. Suite 300  | Scottsdale, AZ 85255

                1 of 1 people found this helpful