RE: problems with the squid-2.5 connection pinning

From: Steven Wilton <swilton@dont-contact.us>
Date: Wed, 19 Apr 2006 07:38:59 +0800

> -----Original Message-----
> From: Henrik Nordstrom [mailto:henrik@henriknordstrom.net]
> Sent: Wednesday, 19 April 2006 12:10 AM
> To: Steven Wilton
> Cc: squid-dev@squid-cache.org
> Subject: Re: problems with the squid-2.5 connection pinning
>
> tis 2006-04-18 klockan 08:05 +0800 skrev Steven Wilton:
>
> > Due to other changes in the squid source, I needed to set the
> > "must_keepalive" flag on the request to stop squid from closing the
> > client-side connection
>
> Hmm.. a bit curious on what this might be. But I guess it's the
> persistent_connection_after_error directive..
>
> But I think you are correct. There is little choice but to set
> must_keepalive on pinned connections. Connection semantic is a bit
> different from normal connections.

Yes, it didn't like the initial 403 error, and closed the connection.
 
> > and I also had to remove the "Connection:
> > Proxy-support" header from being sent back to the client
> (this caused IE to
> > get really confused).
>
> Ugh.. removing this can get you in quite bad situation if
> there is child
> proxies.
>
> Can you share some more light on this issue?
 
When I was sending the "Connection: Proxy-support" header, IE only sent the
initial request, and never actually tried to complete the NTLM
authentication handshake. Removing this header made everything work again.

I still have the "Proxy-Support: Session-Based-Authentication" header (as
specified in the document fragment that you posted to the list). I'm not
sure if that makes any difference for child proxies, and IE works both with
and without this header.

regards
Steven

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.385 / Virus Database: 268.4.3/316 - Release Date: 17/04/2006
 
Received on Tue Apr 18 2006 - 17:39:04 MDT

This archive was generated by hypermail pre-2.1.9 : Mon May 01 2006 - 12:00:03 MDT