On tor, 2008-07-03 at 15:00 +0100, Joe Tiedeman wrote: > It seems to be that IIS is sending the 401 response before squid & the > client have finished sending the initial request to it, after sniffing > the traffic with wireshark on the client, squid is forwarding the 401 > response before the client has finished posting the data. The interesting things is what happens after the 401 response. Do Squid close the connection before the client sent all of the request, or is the connection kept open allowing the client to continue sending the request? What about the connection squid<->webserver? The microsoft "schemes" NTLM / Negotiate and Kerberos is a bit at odds with how HTTP authentication works, which causes some quite odd corner cases.. How things are supposed to work in the "HTTP" way is that the connection is kept open and request data being read, but the client when seeing the 401 should immediately abort the transfer (by closing the connection) and try again with correct credentials. This can not be done in the connection oriented auth schemes and the client must instead transmit the whole request, even when it's known it is now going into the bitbucket.. may not be such a big deal when on a LAN/Intranet, but if over a WAN it can be very annoying.. Regards Henrik
Attachment:
signature.asc
Description: This is a digitally signed message part
