Hi Amos!
Thanks for your answer:
>> After the first (successful) authentication, some milliseconds
>> later the failure (same user!). Apparently, no authentication data
>> is provided.
>
> Yes. Consider this: * two packets leave your gateway router. Which
> comes from client_1 and which comes from some attacker spoofing
> client_1 IP ?
Ok, I see the problem. But:
> Check whether you have client persistent connections enabled. When
> that is working the client traffic will all be sent over connections
> it already knows need authentication, so you should see far less 407
> from the proxy.
I found this in the Squid documentation:
"By default, Squid uses persistent connections (when allowed) with its
clients and servers. You can use these options to disable persistent
connections with clients and/or servers."
(http://www.squid-cache.org/Versions/v2/2.7/cfgman/client_persistent_connections.html)
Nevertheless, I added the line
client_persistent_connections on
to my squid.conf and reloaded Squid. Unfortunately, the number of 407
messages in the log file didn't decrease ...
But can you please tell me the meaning of "when allowed"? Is there
anything to do at client side to allow persistent connections? Or elsewhere?
Kind regards, Juergen
Received on Fri Dec 13 2013 - 07:50:23 MST
This archive was generated by hypermail 2.2.0 : Fri Dec 13 2013 - 12:00:04 MST