Varnish + Backend with "Integrated Windows Authentication"

Jonathan Windle jonathan.windle at
Mon Jul 16 21:28:44 CEST 2012


I'm doing research to see if I can put Varnish in place as a frontend to our web servers. Some of our backend web servers are IIS and have applications that use Integrated Windows Authentication (IWA).

This is what I'm using for testing.

Client: Ubuntu Desktop 12.04 with Chromium 18.0.1025.168
Reverse Proxy: Ubuntu Server 12.04 with varnish-3.0.2 revision cbf1284
Backend: Windows Server 2003 IIS6 with a test site configured for IWA that has a simple index page that displays 20 images.

My varnish config is like so.

backend default {
  .host = "";
  .port = "80";

sub vcl_recv {
  return (pass);

Under this configuration I have noticed two different scenarios. Sometimes the user is authenticated only once (like expected) and the page loads. Sometimes the user is asked to authenticated multiple times for random assets and I get a login prompt for each asset it hangs on. In both cases after I have authenticated the page with a single client the content seems to be available without authentication from any client.

So at this point my question is if anyone else has run into this and has Varnish working with IWA, or if Varnish simply doesn’t support IWA. I can provide some varnish log files if that would be helpful.


More information about the varnish-misc mailing list