Re: problems with the squid-2.5 connection pinning

Are you planning on running this version of the patch (and the tproxy support)
on your production caches any time soon?

I'd like to place this on my proxy servers but I don't want to be a beta
tester. Not yet, at least. :)

Adrian

On Sat, Apr 15, 2006, Steven Wilton wrote:

> We've been using a patch that allows NTLM auth to work through our proxies
> for a while now. The version we're using does depend on the tproxy patch
> that we've also applied, and it essentially adds the client's ip address
> and port to the pconn key when the server connection is spoofing the
> client's ip address. As a result of using the existing pconn code, we do
> not handle the closing of the server connection any differently from any
> other persistent connection failing. This has not generated errors that I
> have heard of from any client using our proxy servers, and we do
> transparently proxy all our client access to web servers.
>
> Having seen your patch, I've added the Proxy-Support: headers, and also
> added a "pinning" flag to the request->flags struct to allow identification
> of a pinned connection. I've attached a modified version of the patch
> we're using for comment, as it uses the existing persistent connection
> methods and does not add any new sections of code that will terminate
> connections (and this version will apply to the squid 2.5 tree without
> needing the tproxy patch applied).
>
> I've not looked into the http specs to see if I'm breaking any rules here,
> but in practice we're not seeing problems with this style of connection
> pinning.
>
> Steven
Received on Fri Apr 14 2006 - 22:54:35 MDT