RE: [squid-users] RE: NTLM and persistent connections reverse proxy 3.1.20 - SOLVED + PATCH

From: Clem <clemfree_at_free.fr>
Date: Tue, 12 Jun 2012 15:34:42 +0200

Thank you very much for your "patch" James, I can, at last, use my squid in
front of my exchange to forward all stuff to IIS rpc proxy in ntlm ! On XP
and W7 clients

-----Message d'origine-----
De : Clem [mailto:clemfree_at_free.fr]
Envoyé : mardi 12 juin 2012 10:40
À : 'James Harper'; squid-users_at_squid-cache.org
Objet : RE: [squid-users] RE: NTLM and persistent connections reverse proxy
3.1.20 - SOLVED + PATCH

Ok great, thanks !

-----Message d'origine-----
De : James Harper [mailto:james.harper_at_bendigoit.com.au]
Envoyé : mardi 12 juin 2012 10:34
À : Clem; squid-users_at_squid-cache.org
Objet : RE: [squid-users] RE: NTLM and persistent connections reverse proxy
3.1.20 - SOLVED + PATCH

>
> Hi James,
>
> Your patch can interests me, but I'm a little bit confused on how
> apply it
?
> I've edited the client_side_reply.cc of the src before compile squid,
> and I don't actually understand what to modify.
>

Comment out or delete the whole "if (reply->..." statement

James

> ----------------------------
> void
> clientReplyContext::cloneReply()
> {
> assert(reply == NULL);
>
> HttpReply *rep = http->storeEntry()->getReply()->clone();
>
> reply = HTTPMSGLOCK(rep);
>
> if (reply->sline.protocol == PROTO_HTTP) {
> /* enforce 1.0 reply version (but only on real HTTP traffic) */
> }
>
> /* do header conversions */
> buildReplyHeader();
> }
> -------------------------------
>
> Sorry for my newbyness ;) !
> Have a good day, regards,
>
> Clem
>
> -----Message d'origine-----
> De : James Harper [mailto:james.harper_at_bendigoit.com.au]
> Envoyé : mardi 12 juin 2012 08:08
> À : James Harper; squid-users_at_squid-cache.org Objet : [squid-users] RE:
> NTLM and persistent connections reverse proxy
> 3.1.20 - SOLVED + PATCH
>
> > >
> > > I'm having some problems with reverse proxy and NTLM authentication.
> > > Specifically, the connection to the client is not persisted which
> > > I believe invalidates the NTLM authentication protocol. I've added
> > > a source port number to the logs which shows that it is indeed
> > > creating a new connection for each request. There seems to have
> > > been a bit of mailing list activity about similar problems but
> > > nothing exactly the same and none of the suggested solutions work.
> >
> > I've done a bit more testing on this, and it seems that the server
> > returns
> > "HTTP/1.1 401 Unauthorized" but squid turns this into "HTTP/1.0 401
> > Unauthorized" before passing it onto the client. Does that help?
> >
>
> It seems that this is the cause of the problem... The patch following
> this email fixes it... is there any reason why the version should be
> forced to 1.0?? Is it to work around some other bug?
>
> James
>
> --- squid3-3.1.20.orig/src/client_side_reply.cc
> +++ squid3-3.1.20/src/client_side_reply.cc
> @@ -1469,10 +1469,12 @@ clientReplyContext::cloneReply()
>
> reply = HTTPMSGLOCK(rep);
>
> +#if 0
> if (reply->sline.protocol == PROTO_HTTP) {
> /* enforce 1.0 reply version (but only on real HTTP traffic) */
> reply->sline.version = HttpVersion(1,0);
> }
> +#endif
>
> /* do header conversions */
> buildReplyHeader();
Received on Tue Jun 12 2012 - 13:34:51 MDT

This archive was generated by hypermail 2.2.0 : Wed Jun 13 2012 - 12:00:04 MDT