Fastream Technologies wrote: > Hello, > > On Thu, Dec 16, 2010 at 7:04 PM, Arno Garrels <arno.garr...@gmx.de> > wrote: > >> Fastream Technologies wrote: >>> Hello, >>> >>> On Thu, Dec 16, 2010 at 5:00 PM, Arno Garrels <arno.garr...@gmx.de> >>> wrote: >>> >>>> Fastream Technologies wrote: >>>>> So since we are talking about the web server, the NTLMDomain >>>>> property should be of THttpConnection, NOT the THttpServer. In the >>>>> OnGet/Head/PostDocument it should be set by the app coder or if it >>>>> is not set then it will be null hence work as it is now. >>>> >>>>> I was talking about the web server but the client also needs some >>>>> mechanism to indicate the NTLM domain so that it can send request >>>>> to the web server in case of NTLM on the web server. But wait a >>>>> minute, when there is reverse proxy sitting in front, web servers >>>>> cannot authenticate with NTLM, can they? >>>> >>>> Important to know for readers was how exactly the NTLM >>>> authentication is handled by your proxy _currently_ and in what >>>> way you want to change that design, nobody nows that so far. >>>> Adding a string property is a matter of two lines of code, even a >>>> BCB developer should be able to do that in Delphi. >>>> >>>> >>> You are right. When IQP receives the request, in the >>> ProcessRequest() it scans the defined URL Rules set by the end user >>> from top to bottom for a match to decide which target web server to >>> route/redirect to. A URL Rule list could be like, >>> >>> 1. ssl://www.fastream.com/owa >>> 2. http://www.fastream.com/path/file.htm ("URL Rule is file" flag >>> set) >>> 3. *://www.iqproxyserver.com [2] >>> 4. *://www.iqproxyserver.com >>> 5. *://* >>> >>> The last one must be *://* as a catch-all. We enabled 3. and 4. in >>> the same list in from v4.5 on to let users route to different target >>> server IP/port/path with respect to client location (country). See >>> http://www.iqproxyserver.com (home page, bottom) for a screenshot >>> example of this. >>> >>> Now, I want each URL Rule to be able to have one NTLM domain to >>> authenticate against. >> >> For what reason? What does currently not work? >> Give us an example please. >> >> > Personally I never needed such feature but customers who use reverse > proxy as SSL VPN they say they need it.
So, the question remains "What kind of feature?". -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
