Hey all, We are having some problems with the POST method and authentication. The client is IE6, running squid-2.5.STABLE3 with squid-2.5-ntlmssp helper Essentially, everything seems to behaving correctly except when some users Want to post forms. This problem only seems limited to the POST method As if I allow the POST method without authentication, everything seems to Be ok. I have been informed that the following is quite normal, two denieds in quick sucession before a successful request. 1118288449.039 0 172.16.9.217 TCP_DENIED/407 1821 GET http://www.ngv.vic.gov.au/admin/JOBS_edit.jsp? - NONE/- text/html 1118288449.043 0 172.16.9.217 TCP_DENIED/407 1825 GET http://www.ngv.vic.gov.au/admin/JOBS_edit.jsp? - NONE/- text/html 1118288449.055 11 172.16.9.217 TCP_MISS/200 8982 GET http://www.ngv.vic.gov.au/admin/JOBS_edit.jsp? JDyer DIRECT/172.16.9.46 text/html But the post method does not do this, as you can see there is a few seconds in between 1118288455.695 0 172.16.9.217 TCP_DENIED/407 1821 POST http://www.ngv.vic.gov.au/admin/JOBS_edit.jsp? - NONE/- text/html 1118288460.576 0 172.16.9.217 TCP_DENIED/407 1821 POST http://www.ngv.vic.gov.au/admin/JOBS_edit.jsp? - NONE/- text/html 1118288463.128 3 172.16.9.217 TCP_DENIED/407 1821 POST http://www.ngv.vic.gov.au/admin/JOBS_edit.jsp? - NONE/- text/html 1118288470.254 0 172.16.9.217 TCP_DENIED/407 1821 POST http://www.ngv.vic.gov.au/admin/JOBS_edit.jsp? - NONE/- text/html 1118288472.774 0 172.16.9.217 TCP_DENIED/407 1821 POST http://www.ngv.vic.gov.au/admin/JOBS_edit.jsp? - NONE/- text/html 1118288500.497 0 172.16.9.217 TCP_DENIED/407 1821 POST http://www.ngv.vic.gov.au/admin/JOBS_edit.jsp? - NONE/- text/html 1118288515.572 0 172.16.9.217 TCP_DENIED/407 1821 POST http://www.ngv.vic.gov.au/admin/JOBS_edit.jsp? - NONE/- text/html We get a page cannot be displayed and we back to the form and try to post again. Has anybody seen problems like this? Thanks Adam Clark Network Administrator National Gallery of Victoria 180 St Kilda Rd Melbourne, Vic, 3004 Squid conf http_port 8080 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_mem 128 MB maximum_object_size 1024 MB maximum_object_size_in_memory 16 KB cache_replacement_policy heap LFUDA memory_replacement_policy heap GDSF cache_dir diskd /var/cache0 24576 16 256 Q1=72 Q2=64 cache_dir diskd /var/cache1 24576 16 256 Q1=72 Q2=64 dns_retransmit_interval 1 seconds dns_timeout 10 seconds hosts_file none auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 20 minutes auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl SSL_ports port 8463 # Aurion ESS Service acl SSL_ports port 8445 # TrendMicro SSL ports acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports acl NW-INT src 172.16.0.0/12 192.168.2.0/24 acl NW-DMZ src 10.10.10.0/24 acl NW-VPN src 10.10.11.0/24 acl NW-SRV src 172.16.5.0/24 172.16.22.0/24 acl NW-SRV-DST dst 172.16.5.0/24 172.16.22.0/24 acl NW-LAB src 172.16.50.0/24 172.16.51.0/24 acl Authorized-Users proxy_auth REQUIRED acl POST method POST # Temporary to get around the POST Problem acl INTRANET url_regex ^http://*.boh.ngv.local http_access allow localhost http_access allow NW-DMZ http_access allow NW-SRV http_access allow NW-LAB http_access allow NW-INT NW-SRV-DST http_access allow POST # Temporary to get around the POST Problem http_access allow Authorized-Users http_access deny all http_reply_access allow all icp_access allow all cache_mgr helpdesk logfile_rotate 10 coredump_dir /var/spool/squid pipeline_prefetch on
