Re: [squid-users] Connection Pinning in 3.1.x

From: Chad Naugle <Chad.Naugle_at_travimp.com>
Date: Mon, 31 Jan 2011 09:20:20 -0500

Is the cache_peer parent, also 3.1.10 or another type of proxy?

>>> Michael Hendrie <michael_at_hendrie.id.au> 1/31/2011 12:50 AM >>>
Hello List,

I need to use a version with connection pinning and was hoping to use
3.1.10 but I've run into a problem using a cache_peer that requires NTLM
authentication. In my tests I'm able to get 3 authenticated requests
through the parent (access.log on parent shows they have been
authenticated) before the client starts to receive a pop-up to enter
credentials. In the test, child and parent are on the same LAN segment
so there is nothing in between doing any port translations, etc.

The relevant parts of my config:

cache_peer 172.16.50.45 parent 8080 0 no-query proxy-only default
login=PASS
never_direct allow all
persistent_connection_after_error on

I have also tried adding "connection-auth=on" to both the cache_peer
and http_port directives but this hasn't helped the situation.

Testing with squid-2.7STABLE9 doesn't show the above issue, connection
pinning seems to work perfectly to the parent proxy. I have also tried
3.1.9 and 3.1.8 in case it was something that was unexpectedly
introduced in the latest version but they fail also.

I should point out that in my tests using 3.1.x talking to an origin
server requiring NTLM works perfectly, only to a cache_peer fails.

Does anyone have any ideas as to why this is failing, or a 3.1.x
talking to an NTLM parent and if so could you please share your exact
3.1.x version and relevant config.

Thanks
Mick

Travel Impressions made the following annotations
-------------------------------------------------------------
"This message and any attachments are solely for the intended recipient
and may contain confidential or privileged information. If you are not
the intended recipient, any disclosure, copying, use, or distribution of
the information included in this message and any attachments is
prohibited. If you have received this communication in error, please
notify us by reply e-mail and immediately and permanently delete this
message and any attachments.
Thank you."
Received on Mon Jan 31 2011 - 14:20:35 MST

This archive was generated by hypermail 2.2.0 : Tue Feb 01 2011 - 12:00:04 MST