Maarten,
Hi,
My squid proxy doesn't seem to get a login prompt from a webiste:
http://www.europanelsoverseas.be/webalizer/ (IIS webserver)
When I did a packet capture on the machine, I saw that, in response to
the proxy's GET /webalizer HTTP/1.0, the webserver responded
immediately with 401 HTTP code.
Does anyone know what I'm doing wrong here or what might cause this behaviour?
Yes - the web server is using NTLM authentication. It is fundamentally
broken and does not work through proxies (unless they specifically work
around its brokenness - Squid does not).
Switch it (or tell the admin to) basic or digest auth. If using basic
auth you may want to use SSL so that the credentials aren't sent in the
clear.
Does this mean that the NTLM code is proprieatary and changes alot so
squid can't keep up? There's no chance of fixing this on the squid
level then?
See http://www.squid-cache.org/Doc/FAQ/FAQ-11.html#ss11.14
NTLM is broken end of story and won't be supported in Squid. You should
choose a _standard_ authentication protocol, not one M$ dreamt up
(complete with bugs).
Neil.
--
Neil Hillard hillardn@xxxxxxxxx
Westland Helicopters Ltd. http://www.whl.co.uk/
Disclaimer: This message does not necessarily reflect the
views of Westland Helicopters Ltd.
