Proxies can serve as access-control devices. HTTP defines a mechanism called proxy authentication that blocks requests for content until the user provides valid access-permission credentials to the proxy:

·         When a request for restricted content arrives at a proxy server, the proxy server can return a 407 Proxy Authorization Required status code demanding access credentials, accompanied by a Proxy-Authenticate header field that describes how to provide those credentials (Screenshot 6-25b).

·         When the client receives the 407 response, it attempts to gather the required credentials, either from a local database or by prompting the user.

·         Once the credentials are obtained, the client resends the request, providing the required credentials in a Proxy-Authorization header field.

·         If the credentials are valid, the proxy passes the original request along the chain (Screenshot 6-25c); otherwise, another 407 reply is sent.

Proxies can implement authentication to control access to content
Proxies can implement authentication to control access to content
(Screenshot 6-25.)

Proxy authentication generally does not work well when there are multiple proxies in a chain, each participating in authentication. People have proposed enhancements to HTTP to associate authentication credentials with particular waypoints in a proxy chain, but those enhancements have not been widely implemented.

Be sure to read Chapter 12 for a detailed explanation of HTTP's authentication mechanisms.

 

Hypertext Transfer Protocol (HTTP)