Kurt Buff wrote:
> All,
>
> Several of our users are trying to access a web site, and squid seems
> to have a problem with it.
>
> Here's a munged log line (the client computer name and my $WORK name
> have been changed, but nothing else):
>
> 192.168.12.59 sales1.example.com 66.173.42.248 [25/Aug/2010:09:22:28
> -0700] "GET http://portal.geo-comm.com/sites/example HTTP/1.1" 401
> 1979 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1;
> Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR
> 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)" TCP_MISS
>
>
> When we browse with either IE or FF, and use the squid proxy, we get a
> 401.2. If I then open up an exception on the firewall and they browse
> direct, they get a popup asking for credentials (ID/Password), and the
> site works.
>
> I'm not sure how I'd go about troubleshooting this, or fixing it.
>
> Anyone have some thoughts on what might be happening?
>
Website is broken. It is attempting to operate NTLM authentication
(internal LAN management auth protocol) across the general internet.
HTTP/1.1 401 Unauthorized
Content-Type: text/html
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
MicrosoftSharePointTeamServices: 12.0.0.6219
X-Powered-By: ASP.NET
Date: Sat, 28 Aug 2010 02:49:29 GMT
Cache-Control: proxy-revalidate
Content-Length: 1656
Connection: close
You seem to be lucky in that there are apparently no other proxies on
the transit path between you and the website. So using persistent
connections should hide the problem.
If that does not help the very latest 3.1 has some updates that should
work even better. Though I do mean *latest*: the 3.1.7 snapshot code, or
future 3.1.8.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.7 Beta testers wanted for 3.2.0.1Received on Sat Aug 28 2010 - 03:04:26 MDT
This archive was generated by hypermail 2.2.0 : Sat Aug 28 2010 - 12:00:02 MDT