RE: [squid-users] RE: NTLM and persistent connections reverse proxy 3.1.20 - SOLVED + PATCH

Hi James,

Your patch can interests me, but I'm a little bit confused on how apply it ?
I've edited the client_side_reply.cc of the src before compile squid, and I
don't actually understand what to modify.

----------------------------
void
clientReplyContext::cloneReply()
{
    assert(reply == NULL);

    HttpReply *rep = http->storeEntry()->getReply()->clone();

    reply = HTTPMSGLOCK(rep);

    if (reply->sline.protocol == PROTO_HTTP) {
        /* enforce 1.0 reply version (but only on real HTTP traffic) */
    }

    /* do header conversions */
    buildReplyHeader();
}
-------------------------------

Sorry for my newbyness ;) !
Have a good day, regards,

Clem

-----Message d'origine-----
De : James Harper [mailto:james.harper_at_bendigoit.com.au]
Envoyé : mardi 12 juin 2012 08:08
À : James Harper; squid-users_at_squid-cache.org
Objet : [squid-users] RE: NTLM and persistent connections reverse proxy
3.1.20 - SOLVED + PATCH

> >
> > I'm having some problems with reverse proxy and NTLM authentication.
> > Specifically, the connection to the client is not persisted which I
> > believe invalidates the NTLM authentication protocol. I've added a
> > source port number to the logs which shows that it is indeed
> > creating a new connection for each request. There seems to have been
> > a bit of mailing list activity about similar problems but nothing
> > exactly the same and none of the suggested solutions work.
>
> I've done a bit more testing on this, and it seems that the server
> returns
> "HTTP/1.1 401 Unauthorized" but squid turns this into "HTTP/1.0 401
> Unauthorized" before passing it onto the client. Does that help?
>

It seems that this is the cause of the problem... The patch following this
email fixes it... is there any reason why the version should be forced to
1.0?? Is it to work around some other bug?

James

--- squid3-3.1.20.orig/src/client_side_reply.cc
+++ squid3-3.1.20/src/client_side_reply.cc
@@ -1469,10 +1469,12 @@ clientReplyContext::cloneReply()

     reply = HTTPMSGLOCK(rep);

+#if 0
     if (reply->sline.protocol == PROTO_HTTP) {
         /* enforce 1.0 reply version (but only on real HTTP traffic) */
         reply->sline.version = HttpVersion(1,0);
     }
+#endif

     /* do header conversions */
     buildReplyHeader();
Received on Tue Jun 12 2012 - 07:37:54 MDT