On 25/07/11 23:34, guest01 wrote:
Hi guys, I have a problem with site catalog.update.microsoft.com and MS BITS (Background Intelligent Transfer Service) Squid 3.1.12. Squid 3.2.0.7 seems to work without problems. Most of my clients use Kerberos authentication and WinXP as client. Unfortunately, BITS can only use Basic Authentication. Basically, as far as I figured out, BITS is sending an HEAD-request: Squid 3.1.12: HEAD http://download.windowsupdate.com/msdownload/update/software/updt/2011/06/rootsupd_f54752ec63369522f37e545325519ee434cdf439.exe HTTP/1.1 Accept: */* Accept-Encoding: identity User-Agent: Microsoft BITS/6.7 Host: download.windowsupdate.com Proxy-Connection: Keep-Alive HTTP/1.0 407 Proxy Authentication Required Server: squid/3.1.12 Mime-Version: 1.0 Date: Wed, 20 Jul 2011 10:35:24 GMT Content-Type: text/html Content-Length: 1702 X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en Proxy-Authenticate: Negotiate Proxy-Authenticate: Basic realm="Proxy" X-Cache: MISS from xlsqip03_1 Via: 1.0 xlsqip03_1 (squid/3.1.12) Connection: keep-alive After that, the client sends an TCP RST and nothing is happening anymore.
<snip>
My question now: Why is Squid 3.1.12 sending an HTTP/1.0 407 and Squid 3.2.0.7 an HTTP/1.1 407?
Because squid-3.1 series is only properly HTTP/1.0 protocol compliant. Squid-3.2 series supports HTTP/1.1 protocol.
I could not find any configuration option which could explain that behavior and I am not even sure if that's the problem.
It looks like BITS requires HTTP/1.1 support to do auth properly. Though I can't see anything in those requests which would create that requirement.
The big hint seems to be that it is BITS generating the RST despite squid saying "Connection: keep-alive". Being a RST instead of FIN it could be an internal crash or something else going bad inside BITS.
Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.14 Beta testers wanted for 3.2.0.10
