NOGUES Jean-Marc (EURIWARE) wrote:
Hi,
I have upgraded our squid from 2.5 stable6 to 3.1.0.14 . This because
many remote web servers want Microsoft connection oriented
authentication and I 'have seen that squid 2.5 doesn't forward that
kind of authentication. .
Now using squid 3.1, my users can connect such web servers but there
is still an issue..
From time to time , when uploading a file , users get a blank page and
message "Request not yet fully sent" can be seen in cache.log file.
Sniffing this (sniffer between proxy and web servers) I can see that,
from time to time, servers are going on sending authentication requests
although the user has been already authenticated (is it a normal
behaviour ?).
Yes this is _usually_ normal. HTTP being stateless the auth details
need to be sent on every request, or the client will be re-challenged.
I say "usually normal", because the client software should be aware of
that requirement and send the auth for as many requests as needed in the
session.
What is NOT normal here is seeing repeated series of missing-auth
requests followed by auth request from the same clients. This is a sign
of either client software breakage, NAT, or missing keep-alive data in
the requests. Persistent connections, aka keep-alive, is REQUIRED on
both the client and server connections for NTLM based auth along with
connection pinning to force stateless HTTP into stateful behavior
between the client and server.
So sometimes it happens that Squid receives an authentication request as
it is still sending upload data to the server.
This stops the upload and produces the message seen in cache.log
Looks like you have hit a bug. Possibly the one people are struggling
with at present where a connections auth credentials are dropped
mid-session.
Can you supply any more detailed trace of whats going on please?
Amos
--
Please be using
Current Stable Squid 2.7.STABLE7 or 3.0.STABLE20
Current Beta Squid 3.1.0.14
