The story about Squid and HTTP 1.1 is long... To get your LiveUpdate working ASAP you might want to fiddle with the firewall rules and to NOT redirect port 80 traffic of Symantec servers to Squid, but simply let the traffic pass. Nathan Eady wrote:
Okay, we've got port 80 traffic going transparently to a Squid proxy here, and I need to make a small configuration change, and I can't seem to find, either in the man pages nor on the web, the documentation on how to do it. It's probably one little line in squid.conf, but I can't find it. Here's the deal: When I access a site (I tested with Google as well as our own offsite web server) from a computer that is NOT behind the transparent squid proxy, issuing an HTTP/1.1 request, I get the normal expected HTTP/1.1 response: nathan@externalbox$ telnet www.galionlibrary.org 80 Trying 209.143.16.23... Connected to galionlibrary.org. Escape character is '^]'. GET / HTTP/1.1 Host: www.galionlibrary.org HTTP/1.1 200 OK [snip the rest] However, when I do the same thing from a system that IS behind the proxy, I get an HTTP/1.0 response back: nathan@donalbain:~$ telnet www.galionlibrary.org 80 Trying 209.143.16.23... Connected to galionlibrary.org. Escape character is '^]'. GET / HTTP/1.1 Host: www.galionlibrary.org HTTP/1.0 200 OK [snip the rest] Until recently I never even noticed this, but now Symantec LiveUpdate is failing on all the systems behind the proxy. I posted about that on the Norton Community forum, umm, here: http://community.norton.com/norton/board/message?board.id=nis_feedback&message.id=42361 The long and short of that thread is that recent updates to LU have caused it to no longer support HTTP 1.0. The LU servers are all HTTP 1.1, and now the client requires this. Our setup is not the only thing breaking as a result (apparently, the built-in "firewalls" on some home routers also have problems with it), but now that I'm aware Squid is doing this, it ought to be easy to make some small change in the configuration and get it to return HTTP 1.1 responses, at least when the server does -- right? But I'm coming up blank on how. One other note: the version of Squid we have, for reasons that aren't worth going into here, is I believe somewhat outdated (-v says 2.5.STABLE13). But HTTP 1.1 is certifiably older than dirt, so I'd be extremely amazed if the Squid that we have doesn't support it... We're going to update it hopefully pretty soon, but getting LiveUpdate working again is significantly more urgent (and, hopefully, easier; updating Squid in our case probably means a fresh OS install...) So where and how do I configure what Squid does with HTTP versions? Where is this documented? TIA, Nathan Eady Technology Coordinator Galion Public Library