Proxy services act as intermediaries between clients and their networks. Proxy services may perform a variety of security and acceleration services on behalf of their clients. Example proxy services include forward proxies, transparent proxies, reverse proxies, secure proxies, domain-based proxies, host-based proxies, multi-homing proxies, etc. A single proxy server device can include a variety of different proxy services (e.g., forward, transparent, reverse, secure, etc.). For example, a single proxy server can present itself to one client as a forward proxy service while at the same time present itself to a different client as a transparent proxy service. Each particular proxy service is usually identified by and processed on a specific port of the proxy server device (e.g., 8080, 443, etc.).
Authentication services can also be enabled for each type of proxy service. An authentication service authorizes a client/user for access to a particular proxy service or other service. Conventionally, when authentication is enabled for any of the proxy services executing on a particular proxy server device, a unique Internet Protocol (IP) address or port combination is needed in order to handle authentication for each unique proxy service and authentication service combination. Moreover, in order to protect a client/user's identity, authentication services are typically performed using a secure communication channel.
For example, consider a forward proxy service having an IP address of “1.1.1.1” and executing on port 8080 of a proxy server device; this forward proxy service handles forward proxy requests received from clients. If authentication is enabled for port 8080, then port 443 on IP address “1.1.1.1” may be used as a secure channel on the proxy service device for authenticating the forward proxy requests. However, if another proxy service, such as a reverse proxy service, is configured on the same proxy server device where authentication is also required for that reverse proxy service, then a new IP address/port combination is needed to handle authentication for the reverse proxy service. The authentication mechanisms or services used for the forward proxy service and the reverse proxy service may be the same or different; however, each combination needs a unique IP address/port combination.
Using different IP address/port combinations can very quickly become problematic for a proxy server device having only a limited number of ports available and perhaps only one or a few secure ports available. Assigning a unique IP address/port combination is not a desired technique, because a given proxy server has only a finite number of ports. Thus, as the variety of services requiring authentication grows the proxy server may not be capable of supporting the growth. Additionally, maintenance and support can become more complex and time consuming.
Therefore, there is a need for improved proxy authentication, such that unique IP address/port combinations are not necessary when new authentication services and proxy services are added to a proxy server device.