hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Cech. Ulrich" <Ulrich.C...@aeb.de>
Subject AW: NTLM-Proxy authentication and SSL-target
Date Wed, 05 Nov 2008 15:17:37 GMT
<The version of Squid you are using appears broken. The proxy keeps one
sending 'Proxy-Connection: close' which is wrong given the fact that NTLM
requires a persistent connection in order to function.>

Hi Oleg,

But how can it be explained, that a non-ssl target is handled correct? The
wire-log shows a "Proxy-connection: closed" too, but the authentication
works fine.
And if I open the ssl-target over a browser (the same proxy is used), it
worked fine, too.
Perhaps, do I have to set some more header fields manually to force the
correct behavior?

Many thanks!

I put in the wire-log of the non-ssl target.


executing request: GET / HTTP/1.1
via proxy: http://s-hqw2k3bd:3128
to target: http://www.verisign.com:80
[DEBUG] ClientParamsStack - 'http.protocol.max-redirects': null
[DEBUG] ClientParamsStack - 'http.route.forced-route': null
[DEBUG] ClientParamsStack - 'http.route.local-address': null
[DEBUG] ClientParamsStack - 'http.route.default-proxy':
http://s-hqw2k3bd:3128
[DEBUG] ClientParamsStack - 'http.conn-manager.timeout': null
[DEBUG] SingleClientConnManager - Get connection for route
HttpRoute[{}->http://s-hqw2k3bd:3128->http://www.verisign.com:80]
[DEBUG] ClientParamsStack - 'http.connection.stalecheck': null
[DEBUG] DefaultRequestDirector - Stale connection check
[DEBUG] DefaultRequestDirector - Stale connection detected
[DEBUG] DefaultClientConnection - Connection closed
[DEBUG] ClientParamsStack - 'http.connection.timeout': null
[DEBUG] ClientParamsStack - 'http.tcp.nodelay': null
[DEBUG] ClientParamsStack - 'http.socket.timeout': null
[DEBUG] ClientParamsStack - 'http.socket.linger': null
[DEBUG] ClientParamsStack - 'http.socket.buffer-size': null
[DEBUG] ClientParamsStack - 'http.protocol.element-charset': null
[DEBUG] ClientParamsStack - 'http.connection.max-line-length': null
[DEBUG] ClientParamsStack - 'http.protocol.element-charset': null
[DEBUG] ClientParamsStack - 'http.connection.max-header-count': null
[DEBUG] ClientParamsStack - 'http.connection.max-line-length': null
[DEBUG] ClientParamsStack - 'http.connection.max-status-line-garbage': null
[DEBUG] ClientParamsStack - 'http.virtual-host': null
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] ClientParamsStack - 'http.default-headers': null
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] ClientParamsStack - 'http.useragent': Apache-HttpClient/4.0-beta1
(java 1.4)
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] ClientParamsStack - 'http.protocol.cookie-policy': null
[DEBUG] RequestAddCookies - CookieSpec selected: best-match
[DEBUG] ClientParamsStack - 'http.protocol.cookie-datepatterns': null
[DEBUG] ClientParamsStack - 'http.protocol.single-cookie-header': null
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] DefaultRequestDirector - Attempt 1 to execute request
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] wire - >> "GET http://www.verisign.com:80/ HTTP/1.1[EOL]"
[DEBUG] wire - >> "Host: www.verisign.com:80[EOL]"
[DEBUG] wire - >> "Connection: Keep-Alive[EOL]"
[DEBUG] wire - >> "User-Agent: Apache-HttpClient/4.0-beta1 (java 1.4)[EOL]"
[DEBUG] wire - >> "[EOL]"
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] headers - >> GET http://www.verisign.com:80/ HTTP/1.1
[DEBUG] headers - >> Host: www.verisign.com:80
[DEBUG] headers - >> Connection: Keep-Alive
[DEBUG] headers - >> User-Agent: Apache-HttpClient/4.0-beta1 (java 1.4)
[DEBUG] wire - << "HTTP/1.0 407 Proxy Authentication Required[EOL]"
[DEBUG] wire - << "Server: squid/2.6.STABLE6-NT[EOL]"
[DEBUG] wire - << "Date: Thu, 30 Oct 2008 07:21:21 GMT[EOL]"
[DEBUG] wire - << "Content-Type: text/html[EOL]"
[DEBUG] wire - << "Content-Length: 1359[EOL]"
[DEBUG] wire - << "Expires: Thu, 30 Oct 2008 07:21:21 GMT[EOL]"
[DEBUG] wire - << "X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0[EOL]"
[DEBUG] wire - << "Proxy-Authenticate: NTLM[EOL]"
[DEBUG] wire - << "X-Cache: MISS from s-hqw2k3bd.pmbelz.de[EOL]"
[DEBUG] wire - << "X-Cache-Lookup: NONE from s-hqw2k3bd.pmbelz.de:3128[EOL]"
[DEBUG] wire - << "Via: 1.0 s-hqw2k3bd.pmbelz.de:3128
(squid/2.6.STABLE6-NT)[EOL]"
[DEBUG] wire - << "Proxy-Connection: close[EOL]"
[DEBUG] headers - << HTTP/1.0 407 Proxy Authentication Required
[DEBUG] headers - << Server: squid/2.6.STABLE6-NT
[DEBUG] headers - << Date: Thu, 30 Oct 2008 07:21:21 GMT
[DEBUG] headers - << Content-Type: text/html
[DEBUG] headers - << Content-Length: 1359
[DEBUG] headers - << Expires: Thu, 30 Oct 2008 07:21:21 GMT
[DEBUG] headers - << X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
[DEBUG] headers - << Proxy-Authenticate: NTLM
[DEBUG] headers - << X-Cache: MISS from s-hqw2k3bd.pmbelz.de
[DEBUG] headers - << X-Cache-Lookup: NONE from s-hqw2k3bd.pmbelz.de:3128
[DEBUG] headers - << Via: 1.0 s-hqw2k3bd.pmbelz.de:3128
(squid/2.6.STABLE6-NT)
[DEBUG] headers - << Proxy-Connection: close
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] ClientParamsStack - 'http.protocol.handle-redirects': null
[DEBUG] ClientParamsStack - 'http.protocol.handle-authentication': null
[DEBUG] DefaultRequestDirector - Proxy requested authentication
[DEBUG] DefaultProxyAuthenticationHandler - Authentication schemes in the
order of preference: [ntlm, digest, basic]
[DEBUG] DefaultProxyAuthenticationHandler - ntlm authentication scheme
selected
[DEBUG] DefaultRequestDirector - Authorization challenge processed
[DEBUG] DefaultRequestDirector - Authentication scope: NTLM <any
realm>@s-hqw2k3bd:3128
[DEBUG] DefaultRequestDirector - Found credentials
[DEBUG] DefaultClientConnection - Connection closed
[DEBUG] ClientParamsStack - 'http.connection.timeout': null
[DEBUG] ClientParamsStack - 'http.tcp.nodelay': null
[DEBUG] ClientParamsStack - 'http.socket.timeout': null
[DEBUG] ClientParamsStack - 'http.socket.linger': null
[DEBUG] ClientParamsStack - 'http.socket.buffer-size': null
[DEBUG] ClientParamsStack - 'http.protocol.element-charset': null
[DEBUG] ClientParamsStack - 'http.connection.max-line-length': null
[DEBUG] ClientParamsStack - 'http.protocol.element-charset': null
[DEBUG] ClientParamsStack - 'http.connection.max-header-count': null
[DEBUG] ClientParamsStack - 'http.connection.max-line-length': null
[DEBUG] ClientParamsStack - 'http.connection.max-status-line-garbage': null
[DEBUG] ClientParamsStack - 'http.virtual-host': null
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] ClientParamsStack - 'http.default-headers': null
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] ClientParamsStack - 'http.useragent': Apache-HttpClient/4.0-beta1
(java 1.4)
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] ClientParamsStack - 'http.protocol.cookie-policy': null
[DEBUG] RequestAddCookies - CookieSpec selected: best-match
[DEBUG] ClientParamsStack - 'http.protocol.cookie-datepatterns': null
[DEBUG] ClientParamsStack - 'http.protocol.single-cookie-header': null
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] DefaultRequestDirector - Attempt 2 to execute request
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] wire - >> "GET http://www.verisign.com:80/ HTTP/1.1[EOL]"
[DEBUG] wire - >> "Host: www.verisign.com:80[EOL]"
[DEBUG] wire - >> "Connection: Keep-Alive[EOL]"
[DEBUG] wire - >> "User-Agent: Apache-HttpClient/4.0-beta1 (java 1.4)[EOL]"
[DEBUG] wire - >> "Proxy-Authorization: NTLM
TlRMTVNTUAABAAAAATIAAAYABgAgAAAABwAHACYAAABQTUJFTFpQQy0xNjM0[EOL]"
[DEBUG] wire - >> "[EOL]"
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] headers - >> GET http://www.verisign.com:80/ HTTP/1.1
[DEBUG] headers - >> Host: www.verisign.com:80
[DEBUG] headers - >> Connection: Keep-Alive
[DEBUG] headers - >> User-Agent: Apache-HttpClient/4.0-beta1 (java 1.4)
[DEBUG] headers - >> Proxy-Authorization: NTLM
TlRMTVNTUAABAAAAATIAAAYABgAgAAAABwAHACYAAABQTUJFTFpQQy0xNjM0
[DEBUG] wire - << "HTTP/1.0 407 Proxy Authentication Required[EOL]"
[DEBUG] wire - << "Server: squid/2.6.STABLE6-NT[EOL]"
[DEBUG] wire - << "Date: Thu, 30 Oct 2008 07:21:22 GMT[EOL]"
[DEBUG] wire - << "Content-Type: text/html[EOL]"
[DEBUG] wire - << "Content-Length: 1359[EOL]"
[DEBUG] wire - << "Expires: Thu, 30 Oct 2008 07:21:22 GMT[EOL]"
[DEBUG] wire - << "X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0[EOL]"
[DEBUG] wire - << "Proxy-Authenticate: NTLM
TlRMTVNTUAACAAAAAAAAADgAAAABAgACL1ghbzaInKkAAAAAAAAAAAAAAAA4AAAABQLODgAAAA8=
[EOL]"
[DEBUG] wire - << "X-Cache: MISS from s-hqw2k3bd.pmbelz.de[EOL]"
[DEBUG] wire - << "X-Cache-Lookup: NONE from s-hqw2k3bd.pmbelz.de:3128[EOL]"
[DEBUG] wire - << "Via: 1.0 s-hqw2k3bd.pmbelz.de:3128
(squid/2.6.STABLE6-NT)[EOL]"
[DEBUG] wire - << "Proxy-Connection: keep-alive[EOL]"
[DEBUG] headers - << HTTP/1.0 407 Proxy Authentication Required
[DEBUG] headers - << Server: squid/2.6.STABLE6-NT
[DEBUG] headers - << Date: Thu, 30 Oct 2008 07:21:22 GMT
[DEBUG] headers - << Content-Type: text/html
[DEBUG] headers - << Content-Length: 1359
[DEBUG] headers - << Expires: Thu, 30 Oct 2008 07:21:22 GMT
[DEBUG] headers - << X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
[DEBUG] headers - << Proxy-Authenticate: NTLM
TlRMTVNTUAACAAAAAAAAADgAAAABAgACL1ghbzaInKkAAAAAAAAAAAAAAAA4AAAABQLODgAAAA8=
[DEBUG] headers - << X-Cache: MISS from s-hqw2k3bd.pmbelz.de
[DEBUG] headers - << X-Cache-Lookup: NONE from s-hqw2k3bd.pmbelz.de:3128
[DEBUG] headers - << Via: 1.0 s-hqw2k3bd.pmbelz.de:3128
(squid/2.6.STABLE6-NT)
[DEBUG] headers - << Proxy-Connection: keep-alive
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] ClientParamsStack - 'http.protocol.handle-redirects': null
[DEBUG] ClientParamsStack - 'http.protocol.handle-authentication': null
[DEBUG] DefaultRequestDirector - Proxy requested authentication
[DEBUG] DefaultRequestDirector - Authorization challenge processed
[DEBUG] DefaultRequestDirector - Authentication scope: NTLM <any
realm>@s-hqw2k3bd:3128
[DEBUG] DefaultRequestDirector - Connection kept alive
[DEBUG] wire - << "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01
Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">[\r][\n]"
[DEBUG] wire - << "<HTML><HEAD><META HTTP-EQUIV="Content-Type"
CONTENT="text/html; charset=iso-8859-1">[\r][\n]"
[DEBUG] wire - << "<TITLE>ERROR: Cache Access Denied</TITLE>[\r][\n]"
[DEBUG] wire - << "<STYLE
type="text/css"><!--BODY{background-color:#ffffff;font-family:verdana,sans-s
erif}PRE{font-family:sans-serif}--></STYLE>[\r][\n]"
[DEBUG] wire - << "</HEAD>[\r][\n]"
[DEBUG] wire - << "<BODY>[\r][\n]"
[DEBUG] wire - << "<H1>ERROR</H1>[\r][\n]"
[DEBUG] wire - << "<H2>Cache Access Denied</H2>[\r][\n]"
[DEBUG] wire - << "<HR noshade size="1px">[\r][\n]"
[DEBUG] wire - << "<P>[\r][\n]"
[DEBUG] wire - << "While trying to retrieve the URL:[\r][\n]"
[DEBUG] wire - << "<A
HREF="http://www.verisign.com/">http://www.verisign.com/</A>[\r][\n]"
[DEBUG] wire - << "<P>[\r][\n]"
[DEBUG] wire - << "The following error was encountered:[\r][\n]"
[DEBUG] wire - << "<UL>[\r][\n]"
[DEBUG] wire - << "<LI>[\r][\n]"
[DEBUG] wire - << "<STRONG>[\r][\n]"
[DEBUG] wire - << "Cache Access Denied.[\r][\n]"
[DEBUG] wire - << "</STRONG>[\r][\n]"
[DEBUG] wire - << "</UL>[\r][\n]"
[DEBUG] wire - << "</P>[\r][\n]"
[DEBUG] wire - << "[\r][\n]"
[DEBUG] wire - << "<P>Sorry, you are not currently allowed to
request:[\r][\n]"
[DEBUG] wire - << "<PRE>    http://www.verisign.com/</PRE>[\r][\n]"
[DEBUG] wire - << "from this cache until you have authenticated
yourself.[\r][\n]"
[DEBUG] wire - << "</P>[\r][\n]"
[DEBUG] wire - << "[\r][\n]"
[DEBUG] wire - << "<P>[\r][\n]"
[DEBUG] wire - << "You need to use Netscape version 2.0 or greater, or
Microsoft Internet[\r][\n]"
[DEBUG] wire - << "Explorer 3.0, or an HTTP/1.1 compliant browser for this
to work.  Please[\r][\n]"
[DEBUG] wire - << "contact the <A HREF="mailto:webmaster">cache
administrator</a> if you have[\r][\n]"
[DEBUG] wire - << "difficulties authenticating yourself or [\r][\n]"
[DEBUG] wire - << "<A
HREF="http://s-hqw2k3bd.pmbelz.de/cgi-bin/chpasswd.cgi">change</a> your
default password.[\r][\n]"
[DEBUG] wire - << "</P>[\r][\n]"
[DEBUG] wire - << "[\n]"
[DEBUG] wire - << "<BR clear="all">[\n]"
[DEBUG] wire - << "<HR noshade size="1px">[\n]"
[DEBUG] wire - << "<ADDRESS>[\n]"
[DEBUG] wire - << "Generated Thu, 30 Oct 2008 07:21:22 GMT by
s-hqw2k3bd.pmbelz.de (squid/2.6.STABLE6-NT)[\n]"
[DEBUG] wire - << "</ADDRESS>[\n]"
[DEBUG] wire - << "</BODY></HTML>[\n]"
[DEBUG] ClientParamsStack - 'http.virtual-host': null
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] ClientParamsStack - 'http.default-headers': null
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] ClientParamsStack - 'http.useragent': Apache-HttpClient/4.0-beta1
(java 1.4)
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] ClientParamsStack - 'http.protocol.cookie-policy': null
[DEBUG] RequestAddCookies - CookieSpec selected: best-match
[DEBUG] ClientParamsStack - 'http.protocol.cookie-datepatterns': null
[DEBUG] ClientParamsStack - 'http.protocol.single-cookie-header': null
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] DefaultRequestDirector - Attempt 3 to execute request
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] wire - >> "GET http://www.verisign.com:80/ HTTP/1.1[EOL]"
[DEBUG] wire - >> "Host: www.verisign.com:80[EOL]"
[DEBUG] wire - >> "Connection: Keep-Alive[EOL]"
[DEBUG] wire - >> "User-Agent: Apache-HttpClient/4.0-beta1 (java 1.4)[EOL]"
[DEBUG] wire - >> "Proxy-Authorization: NTLM
TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAwADABwAAAACAAIAHwAAAAOAA4AhAAAAAAAAAAA
AAAAAQIAALFQXDeVSLGteDvHwJgKD1gps+dbqrCndNRrH9fbKfPAzuBr4vCdkFQr/bBcqmFKClAA
TQBCAEUATABaAGMAZQBjAGgAUABDAC0AMQA2ADMANAA=[EOL]"
[DEBUG] wire - >> "[EOL]"
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
[DEBUG] headers - >> GET http://www.verisign.com:80/ HTTP/1.1
[DEBUG] headers - >> Host: www.verisign.com:80
[DEBUG] headers - >> Connection: Keep-Alive
[DEBUG] headers - >> User-Agent: Apache-HttpClient/4.0-beta1 (java 1.4)
[DEBUG] headers - >> Proxy-Authorization: NTLM
TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAwADABwAAAACAAIAHwAAAAOAA4AhAAAAAAAAAAA
AAAAAQIAALFQXDeVSLGteDvHwJgKD1gps+dbqrCndNRrH9fbKfPAzuBr4vCdkFQr/bBcqmFKClAA
TQBCAEUATABaAGMAZQBjAGgAUABDAC0AMQA2ADMANAA=
[DEBUG] wire - << "HTTP/1.0 200 OK[EOL]"
[DEBUG] wire - << "Server: Netscape-Enterprise/4.1[EOL]"
[DEBUG] wire - << "Date: Thu, 30 Oct 2008 07:21:22 GMT[EOL]"
[DEBUG] wire - << "Set-Cookie: v1st=49096073CBC7E173; path=/; expires=Wed,
19 Feb 2020 14:28:00 GMT; domain=.verisign.com[EOL]"
[DEBUG] wire - << "Content-Type: text/html[EOL]"
[DEBUG] wire - << "X-Cache: MISS from s-hqw2k3bd.pmbelz.de[EOL]"
[DEBUG] wire - << "X-Cache-Lookup: MISS from s-hqw2k3bd.pmbelz.de:3128[EOL]"
[DEBUG] wire - << "Via: 1.0 s-hqw2k3bd.pmbelz.de:3128
(squid/2.6.STABLE6-NT)[EOL]"
[DEBUG] wire - << "Proxy-Connection: close[EOL]"
[DEBUG] headers - << HTTP/1.0 200 OK
[DEBUG] headers - << Server: Netscape-Enterprise/4.1
[DEBUG] headers - << Date: Thu, 30 Oct 2008 07:21:22 GMT
[DEBUG] headers - << Set-Cookie: v1st=49096073CBC7E173; path=/; expires=Wed,
19 Feb 2020 14:28:00 GMT; domain=.verisign.com
[DEBUG] headers - << Content-Type: text/html
[DEBUG] headers - << X-Cache: MISS from s-hqw2k3bd.pmbelz.de
[DEBUG] headers - << X-Cache-Lookup: MISS from s-hqw2k3bd.pmbelz.de:3128
[DEBUG] headers - << Via: 1.0 s-hqw2k3bd.pmbelz.de:3128
(squid/2.6.STABLE6-NT)
[DEBUG] headers - << Proxy-Connection: close
[DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1
----------------------------------------
HTTP/1.0 200 OK
Response content length: -1
----------------------------------------
HTTP/1.0 200 OK
Server: Netscape-Enterprise/4.1
Date: Thu, 30 Oct 2008 07:21:22 GMT
Set-Cookie: v1st=49096073CBC7E173; path=/; expires=Wed, 19 Feb 2020 14:28:00
GMT; domain=.verisign.com
Content-Type: text/html
X-Cache: MISS from s-hqw2k3bd.pmbelz.de
X-Cache-Lookup: MISS from s-hqw2k3bd.pmbelz.de:3128
Via: 1.0 s-hqw2k3bd.pmbelz.de:3128 (squid/2.6.STABLE6-NT)
Proxy-Connection: close
----------------------------------------

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message