Currently, I am using Squid-2.5STABLE6 to implement a load-balanced,
redundant proxy array. I am investigating problems involving the
following and where a portion of the content on a web server requires
authentication.
Internet Explorer 6.x on a Windows XP system
Squid-2.5STABLE6 on a BSD/OS 4.3.1 system
Internet Information Server 5.x on a Windows 2003 system
Please, no comments about the reference in the Squid FAQ about
building Squid on a BSD/OS system. The FAQ entry is long past its
expiration date. It needs to be removed.
What I observe occurring is the following
The Internet Explorer browser forwards an HTTP/1.1 request to Squid
Squid generates and HTTP/1.0 request that is sent to the Internet
Information Server
The Internet Information Server sends an HTTP/1.1 response back to
Squid
My understanding is that a server receiving an HTTP/1.0 request is
supposed to respond using the same version of the protocol. First,
have I misunderstood the requirements regarding each "hop" in the path?
As you might gather, the problem involves authentication. In this
specific instance, IE users should authenticate using NTLM
authentication while users of other browsers should use basic
authentication. What occurs, in practice, is that IE users that are
in the Active Directory domain receive a 401.2 status while Firefox
users and IE users whose system is not logged into or known to the
Active Directory domain are prompted to provide their authentication
credentials.
The other part of the question is what does Squid do when it receives
an HTTP/1.1 response to its HTTP/1.0 request?
Merton Campbell Crockett
m.c.crockett@xxxxxxxxxxxx
