Hi, Amos > Very probably yes. The root cause of your problem is still not clear, it > may be a duplicate or side effect of one of the other keep-alive problems > which were tracked down and fixed. 3.1.8 as far as we can tell is > completely keep-alive compliant with non-chunked requests. The remaining > chunked keep-alive fixes are in 3.2 series (but NTLM in there is reported > to have unrelated issues and needs more testing). I tried 3.1.8. When I connected to windows server with NTLM auth via squid, GET http://XXX.XXX.XXX.XXX/ HTTP/1.1 Proxy-Connection: keep-alive Authorization: .... squid replied the following. HTTP/1.0 401 Unauthorized WWW-Authenticate: NTLM Proxy-support: Session-Based-Authentication Connection: Proxy-support Connection: keep-alive ^^^^^^^^^^^^^^^^^^^^^^^^^^^ After that, web browser tried to create new connection...... I think that "Connection: keep-alive" must become "Proxy-Connection: keep-alive" What do you think ? --mkishi On Thu, Oct 14, 2010 at 9:11 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On Wed, 13 Oct 2010 21:26:56 +0900, Mikio Kishi <mkishi@xxxxxxx> wrote: >> Hi, Henrik >> >> Has the following already been fixed on squid-3.1.8 ? >> I'd like to know the current status about it. > > Very probably yes. The root cause of your problem is still not clear, it > may be a duplicate or side effect of one of the other keep-alive problems > which were tracked down and fixed. 3.1.8 as far as we can tell is > completely keep-alive compliant with non-chunked requests. The remaining > chunked keep-alive fixes are in 3.2 series (but NTLM in there is reported > to have unrelated issues and needs more testing). > > A couple of CVE'd DoS issues and many HTTP/1.1 fixes make it well worth > the upgrade even if your particular problem is not fixed yet. > > Amos >
