Search squid archive

Re: unsupported-request-method after switching to version 2.6.5

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 26 Jun 2007 00:01:38 +0200
Henrik Nordstrom <henrik@xxxxxxxxxxxxxxxxxxx> wrote:

> mån 2007-06-25 klockan 17:47 +0200 skrev Joerg Schuetter:
> 
> > Browsing the Internet is only permitted after athenticating (NTLM
> > w/ ADS).  This will run undetected by most users since this part is
> > done by the client.
> > After upgrading our system to debian Etch (squid=2.6.5-6,
> > winbind=3.0.24-6etch4, samba=3.0.24-6etch4) we started having
> > some problems (I'll use separate mails for each problem).
> > 
> > When our users try to connect to
> > https://keylink.ubs.com/keylink.ubs.com/client/int/startklw.html
> > they will not be able to use this service.
> > In the log of the proxy I have this line:
> > 1182327931.205      0 x.y.z.a TCP_DENIED/400 1614 NONE \
> >   error:unsupported-request-method - NONE/- text/html
> 
> What did cache.log say here?

parseHttpRequest: Unsupported method 'User-Agent:'
clientReadRequest: FD 116 (a.b.c.d:3568) Invalid Request

> 
> > Digging a little bit deeper with a sniffer I found that the
> > header line CONNECT is missing. The older squid version
> > (2.5.12-4) seemed to ignore this.
> 
> ???
> 
> Can you provide a bit more details on that?

Here is the header from the client which caused the error:
User-Agent: Mozilla/4.0 (Windows 2003 5.2) Java/1.4.2_06
Host: keylink.ubs.com
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Proxy-authorization: NTLM ...

The request before looked like this and worked w/o any problem:
CONNECT keylink.ubs.com:443 HTTP/1.1
User-Agent: Mozilla/4.0 (Windows 2003 5.2) Java/1.4.2_06
Host: keylink.ubs.com
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Proxy-authorization: NTLM ...
> 
> > The workaround to keep the users doing their jobs was to grant
> > access to ksylink.ubs.com without userauthentication.
> > But what's the clean way to solve this?
> 
> First I need to understand the problem on the wire level..
> 
> But if authentication makes a difference and it worked in earlier
> Squid versions using NTLM then try "auth_param ntlm keep_alive off".
> This might work around some client brokenness.

I'll try disabling keep_alive after office hours.

Regards
  Jörg



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux