[Date Prev][Date Next]
Netscape proxy in firewall flooding slapd
we are using OpenLDAP 1.2.2, among other things to authentificate users to cross the firewall (with Netscape proxy) to get internet html web pages. Of our 40.000 users, about 750 are allowed access internet (www) over a firewall. Authentication of these 750 is by access to LDAP server, groupofuniquenames=internet_pilots.
Everything workes fine, but there is one problem: As our CERT (and proxy operators) tell me, their proxy fires one authentification ldap-search not only for every http page any user wishes to see outside our intranet, but also for EVERY image, sound file or whatever this html page itself wishes to load. That means, for one html page our directory server has to answer up to 25 or more authentification jobs, which seems to be quite too much for him. CERT guys tell me Netscape says that there was no way telling Netscape proxy only to authentificate against the html page itself.
Now, here´s my question: does anybody know if they are right? Is there really no way to configure Netscape Proxy Server to only authentificate for html pages, not images (gif, jpg), sound or movie, or java applets, or, or, or, or...?
I´m using OpenLDAP 1.2.2 directory server on SuSE Linux, Pentium II 266 MHz.
Greatful for any hint.