On 01/02/11 23:57, Saurabh Agarwal wrote:
Thanks Amos. Yeah they were cut and paste errors. Other than that I have tried using http11 with http_port and ignore_expect and it still doesn't work.
I think this is by design in Squid. Following code in "client_side.c" suggests that it will always filter the "WWW-Authenticate" header from HTTP Headers by treating it as unproxyable auth type.
/* Filter unproxyable authentication types */
if (http->log_type != LOG_TCP_DENIED&&
(httpHeaderHas(hdr, HDR_WWW_AUTHENTICATE))) {
HttpHeaderPos pos = HttpHeaderInitPos;
....
....
...code here removes the "WWW-Authenticate" from HTTP Header.
There should be some conditions skipping removal on "must_keepalive" or
"proxy_keepalive" flags in there.
I would expect pinning to be in effect at this point. If not that is a
problem someone might find worth fixing one day. For Negotiate auth type
at minimum.
Also the following link "http://www.visolve.com/squid/Squid_tutorial.php#Authentication_"; suggests that Proxy Auth can't work in transparent mode.
Can you please comment on this?
Yes "Proxy-Authenticate:" will not work in transparent mode. There is no
reason why "WWW-Authenticate:" with the origin cannot.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.10
Beta testers wanted for 3.2.0.4
