On 01/02/11 23:57, Saurabh Agarwal wrote:
> Thanks Amos. Yeah they were cut and paste errors. Other than that I have tried using http11 with http_port and ignore_expect and it still doesn't work.
>
> I think this is by design in Squid. Following code in "client_side.c" suggests that it will always filter the "WWW-Authenticate" header from HTTP Headers by treating it as unproxyable auth type.
>
> /* Filter unproxyable authentication types */
> if (http->log_type != LOG_TCP_DENIED&&
> (httpHeaderHas(hdr, HDR_WWW_AUTHENTICATE))) {
> HttpHeaderPos pos = HttpHeaderInitPos;
> ....
> ....
> ...code here removes the "WWW-Authenticate" from HTTP Header.
There should be some conditions skipping removal on "must_keepalive" or
"proxy_keepalive" flags in there.
I would expect pinning to be in effect at this point. If not that is a
problem someone might find worth fixing one day. For Negotiate auth type
at minimum.
>
> Also the following link "http://www.visolve.com/squid/Squid_tutorial.php#Authentication_" suggests that Proxy Auth can't work in transparent mode.
>
> Can you please comment on this?
Yes "Proxy-Authenticate:" will not work in transparent mode. There is no
reason why "WWW-Authenticate:" with the origin cannot.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.10 Beta testers wanted for 3.2.0.4Received on Tue Feb 01 2011 - 11:09:01 MST
This archive was generated by hypermail 2.2.0 : Tue Feb 01 2011 - 12:00:04 MST