Ok, thanks for your answer.
When do you expect a stable version of Squid 3.2? I am considering
upgrading Squid 3.1 to Squid 3.2, but as long as it is marked as beta,
I don't get any permission to do it. We are using Squid 3.2 in our
testing environment for months without troubles, but as long as it is
not marked as stable, I can't do anything.
regards
Peter
On Tue, Jul 26, 2011 at 7:09 AM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 25/07/11 23:34, guest01 wrote:
>>
>> Hi guys,
>>
>> I have a problem with site catalog.update.microsoft.com and MS BITS
>> (Background Intelligent Transfer Service) Squid 3.1.12. Squid 3.2.0.7
>> seems to work without problems.
>> Most of my clients use Kerberos authentication and WinXP as client.
>> Unfortunately, BITS can only use Basic Authentication. Basically, as
>> far as I figured out, BITS is sending an HEAD-request:
>>
>> Squid 3.1.12:
>> HEAD
>> http://download.windowsupdate.com/msdownload/update/software/updt/2011/06/rootsupd_f54752ec63369522f37e545325519ee434cdf439.exe
>> HTTP/1.1
>> Accept: */*
>> Accept-Encoding: identity
>> User-Agent: Microsoft BITS/6.7
>> Host: download.windowsupdate.com
>> Proxy-Connection: Keep-Alive
>>
>> HTTP/1.0 407 Proxy Authentication Required
>> Server: squid/3.1.12
>> Mime-Version: 1.0
>> Date: Wed, 20 Jul 2011 10:35:24 GMT
>> Content-Type: text/html
>> Content-Length: 1702
>> X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
>> Vary: Accept-Language
>> Content-Language: en
>> Proxy-Authenticate: Negotiate
>> Proxy-Authenticate: Basic realm="Proxy"
>> X-Cache: MISS from xlsqip03_1
>> Via: 1.0 xlsqip03_1 (squid/3.1.12)
>> Connection: keep-alive
>>
>> After that, the client sends an TCP RST and nothing is happening anymore.
>>
> <snip>
>>
>> My question now:
>> Why is Squid 3.1.12 sending an HTTP/1.0 407 and Squid 3.2.0.7 an
>> HTTP/1.1 407?
>
> Because squid-3.1 series is only properly HTTP/1.0 protocol compliant.
> Squid-3.2 series supports HTTP/1.1 protocol.
>
>> I could not find any configuration option which could
>> explain that behavior and I am not even sure if that's the problem.
>
> It looks like BITS requires HTTP/1.1 support to do auth properly. Though I
> can't see anything in those requests which would create that requirement.
>
> The big hint seems to be that it is BITS generating the RST despite squid
> saying "Connection: keep-alive". Being a RST instead of FIN it could be an
> internal crash or something else going bad inside BITS.
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE9 or 3.1.14
> Beta testers wanted for 3.2.0.10
>
Received on Thu Jul 28 2011 - 11:58:12 MDT
This archive was generated by hypermail 2.2.0 : Thu Jul 28 2011 - 12:00:03 MDT