Re: [squid-users] Connection Pinning in 3.1.x

From: Michael Hendrie <michael_at_hendrie.id.au>
Date: Tue, 1 Feb 2011 09:14:00 +1030

On 01/02/2011, at 12:50 AM, Chad Naugle wrote:

> Is the cache_peer parent, also 3.1.10 or another type of proxy?
>
This is running in a test environment so I have tried a few different parents but the result is always the same. I have tried squid-3.0.STABLE19, squid-3.1.10 and ISA2006 as the parents.

>>>> Michael Hendrie <michael_at_hendrie.id.au> 1/31/2011 12:50 AM >>>
> Hello List,
>
> I need to use a version with connection pinning and was hoping to use
> 3.1.10 but I've run into a problem using a cache_peer that requires NTLM
> authentication. In my tests I'm able to get 3 authenticated requests
> through the parent (access.log on parent shows they have been
> authenticated) before the client starts to receive a pop-up to enter
> credentials. In the test, child and parent are on the same LAN segment
> so there is nothing in between doing any port translations, etc.
>
> The relevant parts of my config:
>
> cache_peer 172.16.50.45 parent 8080 0 no-query proxy-only default
> login=PASS
> never_direct allow all
> persistent_connection_after_error on
>
> I have also tried adding "connection-auth=on" to both the cache_peer
> and http_port directives but this hasn't helped the situation.
>
> Testing with squid-2.7STABLE9 doesn't show the above issue, connection
> pinning seems to work perfectly to the parent proxy. I have also tried
> 3.1.9 and 3.1.8 in case it was something that was unexpectedly
> introduced in the latest version but they fail also.
>
> I should point out that in my tests using 3.1.x talking to an origin
> server requiring NTLM works perfectly, only to a cache_peer fails.
>
> Does anyone have any ideas as to why this is failing, or a 3.1.x
> talking to an NTLM parent and if so could you please share your exact
> 3.1.x version and relevant config.
>
> Thanks
> Mick
>
>
>
>
>
> Travel Impressions made the following annotations
> -------------------------------------------------------------
> "This message and any attachments are solely for the intended recipient
> and may contain confidential or privileged information. If you are not
> the intended recipient, any disclosure, copying, use, or distribution of
> the information included in this message and any attachments is
> prohibited. If you have received this communication in error, please
> notify us by reply e-mail and immediately and permanently delete this
> message and any attachments.
> Thank you."
Received on Mon Jan 31 2011 - 22:44:06 MST

This archive was generated by hypermail 2.2.0 : Tue Feb 01 2011 - 12:00:04 MST