ISA Upstream Authentication leakage (Full Version)

All Forums >> [ISA Server 2004 Cache] >> General



Message


rogozinskiy -> ISA Upstream Authentication leakage (10.Oct.2005 12:09:00 PM)

I have ISA Server 2004 St and other proxy (for special software).
I use Web chain for cascading proxy but ISA send to upstream proxy header "Proxy-Authorization: NTLM XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
" sametime.

As result - User see prompt for user authentication on upstream proxy(but authentication don't need on default on upstream proxy).

Upstream proxy response on this requests:
"HTTP/1.1 407 Unauthorized
Proxy-Authenticate: Basic realm="YYYYYYYYY""

It's liked on Q317822 and Q297080 but for ISA 2004 Server

What need for remove Proxy-Authorization header ?




Page: [1]