Hello,
We use squid V2.5-STABLE7. We have some troubles with NTLM
authentication (samba 3.0.2) and browsers which do HEAD requests.
On some http sites (ie: http://www.windowsupdate.com,
www.shopathomeselect.com, www.agoraplus.com ...) , clients browser do
HEAD requests but don't send their authentication tokens :
1108489166.618 8 10.2.10.27 TCP_DENIED/407 425 HEAD
http://www.shopathomeselect.com/GR_check_site.html? - NONE/- text/html
1108489166.720 7 10.2.10.27 TCP_DENIED/407 424 HEAD
http://www.shopathomeselect.com/GR_check_site.html? - NONE/- text/html
1108489166.757 10 10.2.10.27 TCP_DENIED/407 424 HEAD
http://www.shopathomeselect.com/GR_check_site.html? - NONE/- text/html
If we don't allow HEAD methods, we can't use correctly these sites. The
workaround is :
acl HEAD method HEAD
http_access allow HEAD
The www.agoraplus.com use Control ActiveX to display technical plan. If
HEAD requests are denied, the application doesn't work.
We had similar issue with POST method and NTLM prior STABLE5 (see
http://www.squid-cache.org/bugs/show_bug.cgi?id=267
http://www.squid-cache.org/bugs/show_bug.cgi?id=757 ), now it's ok.
The HEAD requests are not common in the squid log file and are related
always on the same sites. In some case, Browser does HEAD requests to
check recent modifications of objects. Why have we so few HEAD requests
in log file ?
I have tried to change my browser cache setting to => "check for newer
versions of stored pages, every visit to the page"
the browser doesn't do HEAD requests on expired objects to squid. Why ?
I looked for in the bug database, and I found nothing.
Is it a known issue ?
Thank you
Received on Fri Feb 18 2005 - 03:59:27 MST
This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:02 MST