On 24 Jun 2006, at 16:01 , Henrik Nordstrom wrote:
lör 2006-06-24 klockan 15:47 -0700 skrev Merton Campbell Crockett:
My understanding is that a server receiving an HTTP/1.0 request is
supposed to respond using the same version of the protocol.
No, a server should respond with the highest protocol version it
supports. But there is some features in HTTP/1.1 it MUST NOT use if
the
request was a HTTP/1.0 request.
As you might gather, the problem involves authentication. In this
specific instance, IE users should authenticate using NTLM
authentication while users of other browsers should use basic
authentication. What occurs, in practice, is that IE users that are
in the Active Directory domain receive a 401.2 status while Firefox
users and IE users whose system is not logged into or known to the
Active Directory domain are prompted to provide their authentication
credentials.
NTLM can not be proxied by Squid-2.5 due to the ways Microsoft twisted
the HTTP protocol when slabbing their connection oriented NTLM
authentication method ontop of the message based HTTP protocol..
I'm well aware of the NTLM authentication issues. The reason for the
questions is that Microsoft is actively looking at the authentication
issue. Apparently, IE browsers that access IIS servers through Squid
are an exemplar of the problem; however, the problem will, also,
occur when Squid is not in the path.
The other part of the question is what does Squid do when it receives
an HTTP/1.1 response to its HTTP/1.0 request?
What it should, responds to it's clients with a HTTP/1.0 response.
Squid received an HTTP/1.1 request from the client. Squid changed
the protocol to HTTP/1.0 for the next hop. Squid received an HTTP/
1.1 response, shouldn't Squid pass the HTTP header fields that it
doesn't understand to the client?
Merton Campbell Crockett
m.c.crockett@xxxxxxxxxxxx