RE: [squid-users] any work arounds for bug 2176

From: Bill Allison <bill.allison_at_bsw.co.uk>
Date: Wed, 16 Dec 2009 03:54:29 -0600

Amos

I've done some more testing / tracing with this - one finding and one question to help me do more.

My finding is that the response to a large POST varies - put simply, a small (< 5Kb) POST succeeds, larger POST pops up UID/PWD request, large (> 80Kb) gives the INVALID VERB error that Brett reported. There is no exact borderline size. Sometimes a 6Kb upload will succeed, sometimes the max is around 4Kb. This is on an otherwise idle test server. So far I've only tcpdumped the first two cases and can see that in the middle case, the proxy issues FIN packets to server and client just after receiving and passing on the second 401 response from the server. A feature, if not a factor, common to failures, at least in traces taken so far, is that transfer of the upload to the server begins before receipt of the upload from the client has completed. Comment please?

My question - I'd now like to marry up tcpdump traces with squid debug output. Having read up on debug_options, I've used 5,6 17,6 33,6 41,6 48,6 58,6 73,6 85,6 87,6 88,6. What would be a better set?

For the avoidance of doubt - I'm a rank amateur (as if you haven't already guessed :-) ) but really need to find a fix or workaround, despite knowing that Microsoft state that IIS NTLM authentication can not work through proxy servers. Any pointers gratefully received.

Kind regards
Bill A.

-----Original Message-----
From: Bill Allison
Sent: 10 December 2009 12:53
To: 'Brett Lymn'; Amos Jeffries
Cc: squid-users_at_squid-cache.org
Subject: RE: [squid-users] any work arounds for bug 2176

Hi

I finally found time to test the patch - with different results from Brett. In my case it made no apparent difference - I still get the UID/PWD popup. Attached are two wireshark traces, for the same POST attempt before and after patching. The traces were taken on the squid box and show client 192.0.1.145 and webserver 192.0.1.105 traffic - both are on our LAN. Also attached is my squid.conf. We're still on 2.6-17 - sorry.

If there is anything you want me to try, I have this test instance available for a few days before it has to go live.

Thanks
Bill A.

-----Original Message-----
From: Brett Lymn [mailto:blymn_at_baesystems.com.au]
Sent: 07 December 2009 22:19
To: Amos Jeffries
Cc: squid-users_at_squid-cache.org
Subject: Re: [squid-users] any work arounds for bug 2176

On Mon, Dec 07, 2009 at 10:36:52PM +1300, Amos Jeffries wrote:
>
> I think another trace of the request-reply sequence is needed to see
> if there is anything different now and what.
>

I do have a trace from snoop. I don't want to post it to the list due to it containing details of the site we are trying to upload to.
Can I mail it to you off list?

--
Brett Lymn
"Warning:
The information contained in this email and any attached files is confidential to BAE Systems Australia. If you are not the intended recipient, any use, disclosure or copying of this email or any attachments is expressly prohibited.  If you have received this email in error, please notify us immediately. VIRUS: Every care has been taken to ensure this email and its attachments are virus free, however, any loss or damage incurred in using this email is not the sender's responsibility.  It is your responsibility to ensure virus checks are completed before installing any data sent in this email to your computer."
-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Received on Wed Dec 16 2009 - 09:54:44 MST

This archive was generated by hypermail 2.2.0 : Wed Dec 16 2009 - 12:00:02 MST