On 24 Jun 2006, at 18:47 , Henrik Nordstrom wrote:
lör 2006-06-24 klockan 16:25 -0700 skrev Merton Campbell Crockett:
Squid received an HTTP/1.1 request from the client. Squid changed
the protocol to HTTP/1.0 for the next hop. Squid received an HTTP/
1.1 response, shouldn't Squid pass the HTTP header fields that it
doesn't understand to the client?
It does.
But at the same time Squid-2.5 does understand that NTLM (and a few
other authentication schemes from the same source) is incompatible
with
HTTP and strips them out from the response to make sure the client
selects a compatible scheme (if one is announced by the server).
In this instance, Squid received an HTTP/1.1 response from the IIS
6.x server with a status of 401. Included in the HTTP response
header were the following fields.
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
Squid returned an HTTP/1.0 response to the IE client. The above were
not included in the HTTP response header. As the WWW-Authentic is
required in both HTTP/1.0 and HTTP/1.1 specifications, Squid is
returning an invalid response header. It I understand your response
correctly, this is intentional.
Merton Campbell Crockett
m.c.crockett@xxxxxxxxxxxx
