On Fri, 17 Jun 2005 Rafael.Almeida@stj.gov.br wrote:
> Sometimes (during peak hours) our squid is closing the connection
> after receiving the NTLM type 2 message. The complete attempt is described
>
> below:
> 1- IE sends a HTTP GET with no authentication
> 2- Squid answers with HTTP 407 and closes the connection (Proxy
> connection: close)
> 3- IE reopens the connection and sends a HTTP GET with NTLMv2 Type 1
> message
> 4- Squid answers with HTTP 407, the NTLM Type 2 message and closes the
> connection again: (Proxy connection: close)
> 5- IE tries to send NTLM Type3 message but a FIN packet was already sent
> by SQUID, and Squids answers with a reset.
Probably you are running short on filedescriptors. There is a threshold of
50% used filedescriptors above which Squid will refuse to support
persistent connections. As you already know NTLM requires persistent
connections due to design error in the NTLM over HTTP protocol.
This threshold was introduced in 2.5.STABLE5:
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE4-pconn-load
It should be possible to refine this to work better together with NTLM
based on the knowledge that the connection MUST be kept for the next stage
of NTLM to complete.. If you feel this is required please file a bug
report.
Regards
Henrik
Received on Sun Jun 19 2005 - 19:14:00 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Jul 01 2005 - 12:00:02 MDT