Hello,
We use squid V2.5-STABLE7. We have some troubles with NTLM authentication (samba 3.0.2) and browsers which do HEAD requests.
On some http sites (ie: http://www.windowsupdate.com, www.shopathomeselect.com, www.agoraplus.com ...) , clients browser do HEAD requests but don't send their authentication tokens :
1108489166.618 8 10.2.10.27 TCP_DENIED/407 425 HEAD http://www.shopathomeselect.com/GR_check_site.html? - NONE/- text/html
1108489166.720 7 10.2.10.27 TCP_DENIED/407 424 HEAD http://www.shopathomeselect.com/GR_check_site.html? - NONE/- text/html
1108489166.757 10 10.2.10.27 TCP_DENIED/407 424 HEAD http://www.shopathomeselect.com/GR_check_site.html? - NONE/- text/html
If we don't allow HEAD methods, we can't use correctly these sites. The workaround is :
acl HEAD method HEAD http_access allow HEAD
The www.agoraplus.com use Control ActiveX to display technical plan. If HEAD requests are denied, the application doesn't work.
We had similar issue with POST method and NTLM prior STABLE5 (see http://www.squid-cache.org/bugs/show_bug.cgi?id=267
http://www.squid-cache.org/bugs/show_bug.cgi?id=757 ), now it's ok.
The HEAD requests are not common in the squid log file and are related always on the same sites. In some case, Browser does HEAD requests to check recent modifications of objects. Why have we so few HEAD requests in log file ?
I have tried to change my browser cache setting to => "check for newer versions of stored pages, every visit to the page"
the browser doesn't do HEAD requests on expired objects to squid. Why ?
I looked for in the bug database, and I found nothing. Is it a known issue ?
Thank you
