Re: [squid-users] a keepalive problem about NTLM authentication pass through

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sun, 17 Oct 2010 11:39:06 +1300

On 17/10/10 09:54, Mikio Kishi wrote:
> Hi, Amos
>
>> Very probably yes. The root cause of your problem is still not clear, it
>> may be a duplicate or side effect of one of the other keep-alive problems
>> which were tracked down and fixed. 3.1.8 as far as we can tell is
>> completely keep-alive compliant with non-chunked requests. The remaining
>> chunked keep-alive fixes are in 3.2 series (but NTLM in there is reported
>> to have unrelated issues and needs more testing).
>
> I tried 3.1.8. When I connected to windows server with NTLM auth via squid,
>
> GET http://XXX.XXX.XXX.XXX/ HTTP/1.1
> Proxy-Connection: keep-alive
> Authorization: ....
>
> squid replied the following.
>
> HTTP/1.0 401 Unauthorized
> WWW-Authenticate: NTLM
> Proxy-support: Session-Based-Authentication
> Connection: Proxy-support
> Connection: keep-alive
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> After that, web browser tried to create new connection......
> I think that "Connection: keep-alive" must become "Proxy-Connection:
> keep-alive"
> What do you think ?

Proxy-Connection is a non-standard header. Squid and other software used
it incorrectly with an overlap in same meaning Connection. We have
removed it from outgoing details at the request of the HTTP RFC working
group.

Which browser and version is this please?

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.8
   Beta testers wanted for 3.2.0.2
Received on Sat Oct 16 2010 - 22:39:12 MDT

This archive was generated by hypermail 2.2.0 : Sun Oct 17 2010 - 12:00:03 MDT