Re: problems with the squid-2.5 connection pinning

----- Original Message -----
From: "Henrik Nordstrom" <henrik@henriknordstrom.net>
To: "Steven Wilton" <swilton@q-net.net.au>
Cc: <squid-dev@squid-cache.org>
Sent: Saturday, April 15, 2006 11:15 PM
Subject: Re: problems with the squid-2.5 connection pinning

> lör 2006-04-15 klockan 09:10 +0800 skrev Steven Wilton:
>
>> Having seen your patch, I've added the Proxy-Support: headers, and also
>> added a "pinning" flag to the request->flags struct to allow
>> identification
>> of a pinned connection.
>
> Looking at your patch I think you got the logics slightly wrong when
> adding the flag.
>
> Pinning is a property of the connections, not the individual requests.
> From the point where the server connection has indicated use of
> Microsoft authentication scheme the server-side connection should be
> exclusively reserved for the specific client connection, and requests
> from the same client connection should be handled both as pinned looking
> for a matching reserved server connection and as authenticated even if
> there is no Authorize header (Microsoft authentication only sends
> Authorize headers on the first request on the connection, subsequent
> requests automatically inherit the same credentials)

Thanks for pointing this out. I've updated the pinning patch to fix this
problem, and tested on my home connection. I can confirm that it works for
a simple http GET command, and I'll do further testing and update this list
with the results using frontpage (which uses a variety of other http methods
to transfer data).

Due to other changes in the squid source, I needed to set the
"must_keepalive" flag on the request to stop squid from closing the
client-side connection, and I also had to remove the "Connection:
Proxy-support" header from being sent back to the client (this caused IE to
get really confused).

regards

Steven