nonce_garbage_interval problem?

[Athos Fiolo <afiolo@xxxxxxxx>]

Hi, I’m facing a problem with the digest auth server responses.

 

Client requests a page, server responds with 407 + nonce, client gets the page correctly.

At every “200 OK” response the server sends a “Proxy-Authentication-Info: nextnonce …” header, even if the “nonce_garbage_interval” is 5 minutes.

Client then tries to get the next page using the same auth data used before (this is a client problem, not involving squid), gets a  407 + new nonce, then gets correctly the page making a new request with the new auth params.

 

The Squid problem here is that the server gives the “nextnonce” header in every “200 OK” response.

 

POST http://my.server.com/my/page HTTP/1.1

[...]

 

HTTP/1.1 407 Proxy Authentication Required

Proxy-Authenticate: [digest info, nonce="<nonce1>"]

[…]

 

POST http://my.server.com/my/page HTTP/1.1

Proxy-Authorization: [digest info, nonce="<nonce1>"]

[…]

 

HTTP/1.1 200 OK

Proxy-Authentication-Info: nextnonce="<nonce2>"

[…]

(gives a new nonce at every 200 OK answer)

 

POST http://my.server.com/my/page HTTP/1.1

Proxy-Authorization: [digest info, nonce="<nonce1>"]

[...]

(client using the old auth params..)

 

HTTP/1.1 407 Proxy Authentication Required

Proxy-Authenticate: [digest info, nonce="<nonce3>"]

[…]

 

POST http://my.server.com/my/page HTTP/1.1

Proxy-Authorization: [digest info, nonce=" <nonce3>"]

[...]

 

HTTP/1.1 200 OK

Proxy-Authentication-Info: nextnonce="<nonce4>"

[…]

 

…

 

squid.conf digest settings:

 

#  TAG: auth_param

auth_param digest program /usr/bin/php /etc/squid3/mydigestscript.php

auth_param digest children 5

auth_param digest realm MyProxyRealm

auth_param digest nonce_garbage_interval 5 minutes

auth_param digest nonce_max_duration 2 hours

auth_param digest nonce_max_count 50

 

Any suggestion?

 

Athos Fiolo
Software Engineer
afiolo@xxxxxxxx

Came S.p.A.
Sede Legale e Operativa: Via Martiri della Libertà, 15 - 31030 Dosson di Casier - Treviso - Italy
Tel. (+39) 0422 4940 - Fax (+39) 0422 4941 - info@xxxxxxxx - www.came.com

Sede Operativa: Via Cornia, 1/b,c - 33079 Sesto al Reghena - Pordenone - Italy
Tel. (+39) 0434 698111 - Fax (+39) 0434 698434 - infobpt@xxxxxxxx - www.bpt.it


    

Il messaggio di posta elettronica contiene informazioni di carattere confidenziale specifiche per il destinatario. Nel caso non ne siate il destinatario, segnalatelo immediatamente al mittente ed eliminate dai vostri archivi quanto ricevuto (compresi i file allegati). L'uso, la diffusione, distribuzione o riproduzione del presente messaggio e dei suoi allegati da parte di ogni altra persona costituisce reato. Rif. Decreto legislativo 30 giugno 2003, n. 196 - Codice in materia di protezione dei dati personali.

The email message contains confidential information specific to the recipient. If you are not the recipient, write it to the sender immediately and delete from your files as received (including file attachments). Use, dissemination, distribution or reproduction of this message and its attachments by any other person is a criminal offense. References Legislative Decree 30 June 2003, n. 196 - Code for the protection of personal data.

Right to opposition:
The person concerned who receives the message has the right at any time to oppose its processing for forwarding commercial messages, advertising material or direct sales proposals, by clicking on the e-mail address below (or by traditional postal services by writing to: Came S.p.A., Via Martiri della Libertà 15, 31030 Dosson di Casier (TV) - Italy, or by sending a fax to +39 0422 4941. Furthermore the person concerned may exercise all the rights of access to the personal data as provided by art. 7, Legislative Decree no. 196/2003, including the rights to amendment, updating and deletion, by sending an e-mail to privacy@xxxxxxxx.

 

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users