Hi All, I am trying to use Squid as an accelerating proxy server to a web server that is authenticating clients via NTLM. This is on an intranet. I *know* the limitations of NTLM, and I *know* it is a crap protocol and breaks standards etc. but it is what we are stuck with on this intranet :( Looking through the archives I see lots of posts saying that Squid (and other proxies) cannot proxy NTLM. Why is this? I understand the keepalive requirements of NTLM and I thought that squid honoured keepalives with both the client and the server? Or, put another way, we sucessfully proxy NTLM with apache 2.0 and mod_proxy to a backend server, so I know it is technically feasible. The issue is that squid is much better at proxying than apache, so we would really like to use that. >From my initial tests it looks like squid (2.5-stable9) seems to be actively removing the WWW-Authenticate header on the way from the backend server to the client. I do not have any of the anonymiser features enabled in Squid, so it should not be mangling any headers. Any ideas? -Matt -- Matt Hamilton matth@xxxxxxxxxxxxxx Netsight Internet Solutions, Ltd. Business Vision on the Internet http://www.netsight.co.uk +44 (0)117 9090901 Web Design | Zope/Plone Development and Consulting | Co-location | Hosting
