RE: [squid-users] RE: NTLM and persistent connections reverse proxy 3.1.20 - SOLVED + PATCH

From: James Harper <james.harper_at_bendigoit.com.au>
Date: Tue, 12 Jun 2012 08:34:24 +0000

>
> Hi James,
>
> Your patch can interests me, but I'm a little bit confused on how apply it ?
> I've edited the client_side_reply.cc of the src before compile squid, and I
> don't actually understand what to modify.
>

Comment out or delete the whole "if (reply->..." statement

James

> ----------------------------
> void
> clientReplyContext::cloneReply()
> {
> assert(reply == NULL);
>
> HttpReply *rep = http->storeEntry()->getReply()->clone();
>
> reply = HTTPMSGLOCK(rep);
>
> if (reply->sline.protocol == PROTO_HTTP) {
> /* enforce 1.0 reply version (but only on real HTTP traffic) */
> }
>
> /* do header conversions */
> buildReplyHeader();
> }
> -------------------------------
>
> Sorry for my newbyness ;) !
> Have a good day, regards,
>
> Clem
>
> -----Message d'origine-----
> De : James Harper [mailto:james.harper_at_bendigoit.com.au]
> Envoyé : mardi 12 juin 2012 08:08
> À : James Harper; squid-users_at_squid-cache.org Objet : [squid-users] RE:
> NTLM and persistent connections reverse proxy
> 3.1.20 - SOLVED + PATCH
>
> > >
> > > I'm having some problems with reverse proxy and NTLM authentication.
> > > Specifically, the connection to the client is not persisted which I
> > > believe invalidates the NTLM authentication protocol. I've added a
> > > source port number to the logs which shows that it is indeed
> > > creating a new connection for each request. There seems to have been
> > > a bit of mailing list activity about similar problems but nothing
> > > exactly the same and none of the suggested solutions work.
> >
> > I've done a bit more testing on this, and it seems that the server
> > returns
> > "HTTP/1.1 401 Unauthorized" but squid turns this into "HTTP/1.0 401
> > Unauthorized" before passing it onto the client. Does that help?
> >
>
> It seems that this is the cause of the problem... The patch following this email
> fixes it... is there any reason why the version should be forced to 1.0?? Is it to
> work around some other bug?
>
> James
>
> --- squid3-3.1.20.orig/src/client_side_reply.cc
> +++ squid3-3.1.20/src/client_side_reply.cc
> @@ -1469,10 +1469,12 @@ clientReplyContext::cloneReply()
>
> reply = HTTPMSGLOCK(rep);
>
> +#if 0
> if (reply->sline.protocol == PROTO_HTTP) {
> /* enforce 1.0 reply version (but only on real HTTP traffic) */
> reply->sline.version = HttpVersion(1,0);
> }
> +#endif
>
> /* do header conversions */
> buildReplyHeader();
Received on Tue Jun 12 2012 - 08:34:37 MDT

This archive was generated by hypermail 2.2.0 : Tue Jun 12 2012 - 12:00:03 MDT