Ok, thanks for your answer. When do you expect a stable version of Squid 3.2? I am considering upgrading Squid 3.1 to Squid 3.2, but as long as it is marked as beta, I don't get any permission to do it. We are using Squid 3.2 in our testing environment for months without troubles, but as long as it is not marked as stable, I can't do anything. regards Peter On Tue, Jul 26, 2011 at 7:09 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 25/07/11 23:34, guest01 wrote: >> >> Hi guys, >> >> I have a problem with site catalog.update.microsoft.com and MS BITS >> (Background Intelligent Transfer Service) Squid 3.1.12. Squid 3.2.0.7 >> seems to work without problems. >> Most of my clients use Kerberos authentication and WinXP as client. >> Unfortunately, BITS can only use Basic Authentication. Basically, as >> far as I figured out, BITS is sending an HEAD-request: >> >> Squid 3.1.12: >> HEAD >> http://download.windowsupdate.com/msdownload/update/software/updt/2011/06/rootsupd_f54752ec63369522f37e545325519ee434cdf439.exe >> HTTP/1.1 >> Accept: */* >> Accept-Encoding: identity >> User-Agent: Microsoft BITS/6.7 >> Host: download.windowsupdate.com >> Proxy-Connection: Keep-Alive >> >> HTTP/1.0 407 Proxy Authentication Required >> Server: squid/3.1.12 >> Mime-Version: 1.0 >> Date: Wed, 20 Jul 2011 10:35:24 GMT >> Content-Type: text/html >> Content-Length: 1702 >> X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0 >> Vary: Accept-Language >> Content-Language: en >> Proxy-Authenticate: Negotiate >> Proxy-Authenticate: Basic realm="Proxy" >> X-Cache: MISS from xlsqip03_1 >> Via: 1.0 xlsqip03_1 (squid/3.1.12) >> Connection: keep-alive >> >> After that, the client sends an TCP RST and nothing is happening anymore. >> > <snip> >> >> My question now: >> Why is Squid 3.1.12 sending an HTTP/1.0 407 and Squid 3.2.0.7 an >> HTTP/1.1 407? > > Because squid-3.1 series is only properly HTTP/1.0 protocol compliant. > Squid-3.2 series supports HTTP/1.1 protocol. > >> I could not find any configuration option which could >> explain that behavior and I am not even sure if that's the problem. > > It looks like BITS requires HTTP/1.1 support to do auth properly. Though I > can't see anything in those requests which would create that requirement. > > The big hint seems to be that it is BITS generating the RST despite squid > saying "Connection: keep-alive". Being a RST instead of FIN it could be an > internal crash or something else going bad inside BITS. > > Amos > -- > Please be using > Current Stable Squid 2.7.STABLE9 or 3.1.14 > Beta testers wanted for 3.2.0.10 >
