Re: [squid-users] Squid sends TCP_DENIED/407 even on already authenticated users

From: Julio Cesar Gazquez <jgazque0@dont-contact.us>
Date: Fri, 2 May 2008 13:16:06 -0300

El Jueves 01 Mayo 2008 06:08:28 escribió:

But, as far as I can tell, credentials are sent in the request as they appear
in the log. Just happens that, after several successfull responses, 407
responses happen.

Anyway, IE7 only ask again for authentication on a certain site, it keeps
working silently on the other sites we tried, and IE6, FF and Konqueror never
ask for authentication again, even if

> 1) Have you tried the auth TTL settings.
>
> 2) are you certain that this is not simply a case of long-ago provided
> credentials timing out in IE?

No. While I found it seems having TCP_DENIED/407 is normal because squid
changing nonces to limit reply attacks. However the IE7 problem asking again
for credentials (found in a single site: rosario3.com, sadly one in the top 5
in our stats) I guess could be a problem about IE7 and/or IIS broken
implementation of digest RFC (RFC 2617).

-- 
Julio César Gázquez
Area Seguridad Informática -- Int. 736
Municipalidad de Rosario
Received on Fri May 02 2008 - 16:16:46 MDT

This archive was generated by hypermail 2.2.0 : Tue May 13 2008 - 12:00:02 MDT