<The version of Squid you are using appears broken. The proxy keeps one sending 'Proxy-Connection: close' which is wrong given the fact that NTLM requires a persistent connection in order to function.>
Hi Oleg, But how can it be explained, that a non-ssl target is handled correct? The wire-log shows a "Proxy-connection: closed" too, but the authentication works fine. And if I open the ssl-target over a browser (the same proxy is used), it worked fine, too. Perhaps, do I have to set some more header fields manually to force the correct behavior? Many thanks! I put in the wire-log of the non-ssl target. executing request: GET / HTTP/1.1 via proxy: http://s-hqw2k3bd:3128 to target: http://www.verisign.com:80 [DEBUG] ClientParamsStack - 'http.protocol.max-redirects': null [DEBUG] ClientParamsStack - 'http.route.forced-route': null [DEBUG] ClientParamsStack - 'http.route.local-address': null [DEBUG] ClientParamsStack - 'http.route.default-proxy': http://s-hqw2k3bd:3128 [DEBUG] ClientParamsStack - 'http.conn-manager.timeout': null [DEBUG] SingleClientConnManager - Get connection for route HttpRoute[{}->http://s-hqw2k3bd:3128->http://www.verisign.com:80] [DEBUG] ClientParamsStack - 'http.connection.stalecheck': null [DEBUG] DefaultRequestDirector - Stale connection check [DEBUG] DefaultRequestDirector - Stale connection detected [DEBUG] DefaultClientConnection - Connection closed [DEBUG] ClientParamsStack - 'http.connection.timeout': null [DEBUG] ClientParamsStack - 'http.tcp.nodelay': null [DEBUG] ClientParamsStack - 'http.socket.timeout': null [DEBUG] ClientParamsStack - 'http.socket.linger': null [DEBUG] ClientParamsStack - 'http.socket.buffer-size': null [DEBUG] ClientParamsStack - 'http.protocol.element-charset': null [DEBUG] ClientParamsStack - 'http.connection.max-line-length': null [DEBUG] ClientParamsStack - 'http.protocol.element-charset': null [DEBUG] ClientParamsStack - 'http.connection.max-header-count': null [DEBUG] ClientParamsStack - 'http.connection.max-line-length': null [DEBUG] ClientParamsStack - 'http.connection.max-status-line-garbage': null [DEBUG] ClientParamsStack - 'http.virtual-host': null [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1 [DEBUG] ClientParamsStack - 'http.default-headers': null [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1 [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1 [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1 [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1 [DEBUG] ClientParamsStack - 'http.useragent': Apache-HttpClient/4.0-beta1 (java 1.4) [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1 [DEBUG] ClientParamsStack - 'http.protocol.cookie-policy': null [DEBUG] RequestAddCookies - CookieSpec selected: best-match [DEBUG] ClientParamsStack - 'http.protocol.cookie-datepatterns': null [DEBUG] ClientParamsStack - 'http.protocol.single-cookie-header': null [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1 [DEBUG] DefaultRequestDirector - Attempt 1 to execute request [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1 [DEBUG] wire - >> "GET http://www.verisign.com:80/ HTTP/1.1[EOL]" [DEBUG] wire - >> "Host: www.verisign.com:80[EOL]" [DEBUG] wire - >> "Connection: Keep-Alive[EOL]" [DEBUG] wire - >> "User-Agent: Apache-HttpClient/4.0-beta1 (java 1.4)[EOL]" [DEBUG] wire - >> "[EOL]" [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1 [DEBUG] headers - >> GET http://www.verisign.com:80/ HTTP/1.1 [DEBUG] headers - >> Host: www.verisign.com:80 [DEBUG] headers - >> Connection: Keep-Alive [DEBUG] headers - >> User-Agent: Apache-HttpClient/4.0-beta1 (java 1.4) [DEBUG] wire - << "HTTP/1.0 407 Proxy Authentication Required[EOL]" [DEBUG] wire - << "Server: squid/2.6.STABLE6-NT[EOL]" [DEBUG] wire - << "Date: Thu, 30 Oct 2008 07:21:21 GMT[EOL]" [DEBUG] wire - << "Content-Type: text/html[EOL]" [DEBUG] wire - << "Content-Length: 1359[EOL]" [DEBUG] wire - << "Expires: Thu, 30 Oct 2008 07:21:21 GMT[EOL]" [DEBUG] wire - << "X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0[EOL]" [DEBUG] wire - << "Proxy-Authenticate: NTLM[EOL]" [DEBUG] wire - << "X-Cache: MISS from s-hqw2k3bd.pmbelz.de[EOL]" [DEBUG] wire - << "X-Cache-Lookup: NONE from s-hqw2k3bd.pmbelz.de:3128[EOL]" [DEBUG] wire - << "Via: 1.0 s-hqw2k3bd.pmbelz.de:3128 (squid/2.6.STABLE6-NT)[EOL]" [DEBUG] wire - << "Proxy-Connection: close[EOL]" [DEBUG] headers - << HTTP/1.0 407 Proxy Authentication Required [DEBUG] headers - << Server: squid/2.6.STABLE6-NT [DEBUG] headers - << Date: Thu, 30 Oct 2008 07:21:21 GMT [DEBUG] headers - << Content-Type: text/html [DEBUG] headers - << Content-Length: 1359 [DEBUG] headers - << Expires: Thu, 30 Oct 2008 07:21:21 GMT [DEBUG] headers - << X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0 [DEBUG] headers - << Proxy-Authenticate: NTLM [DEBUG] headers - << X-Cache: MISS from s-hqw2k3bd.pmbelz.de [DEBUG] headers - << X-Cache-Lookup: NONE from s-hqw2k3bd.pmbelz.de:3128 [DEBUG] headers - << Via: 1.0 s-hqw2k3bd.pmbelz.de:3128 (squid/2.6.STABLE6-NT) [DEBUG] headers - << Proxy-Connection: close [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1 [DEBUG] ClientParamsStack - 'http.protocol.handle-redirects': null [DEBUG] ClientParamsStack - 'http.protocol.handle-authentication': null [DEBUG] DefaultRequestDirector - Proxy requested authentication [DEBUG] DefaultProxyAuthenticationHandler - Authentication schemes in the order of preference: [ntlm, digest, basic] [DEBUG] DefaultProxyAuthenticationHandler - ntlm authentication scheme selected [DEBUG] DefaultRequestDirector - Authorization challenge processed [DEBUG] DefaultRequestDirector - Authentication scope: NTLM <any realm>@s-hqw2k3bd:3128 [DEBUG] DefaultRequestDirector - Found credentials [DEBUG] DefaultClientConnection - Connection closed [DEBUG] ClientParamsStack - 'http.connection.timeout': null [DEBUG] ClientParamsStack - 'http.tcp.nodelay': null [DEBUG] ClientParamsStack - 'http.socket.timeout': null [DEBUG] ClientParamsStack - 'http.socket.linger': null [DEBUG] ClientParamsStack - 'http.socket.buffer-size': null [DEBUG] ClientParamsStack - 'http.protocol.element-charset': null [DEBUG] ClientParamsStack - 'http.connection.max-line-length': null [DEBUG] ClientParamsStack - 'http.protocol.element-charset': null [DEBUG] ClientParamsStack - 'http.connection.max-header-count': null [DEBUG] ClientParamsStack - 'http.connection.max-line-length': null [DEBUG] ClientParamsStack - 'http.connection.max-status-line-garbage': null [DEBUG] ClientParamsStack - 'http.virtual-host': null [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1 [DEBUG] ClientParamsStack - 'http.default-headers': null [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1 [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1 [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1 [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1 [DEBUG] ClientParamsStack - 'http.useragent': Apache-HttpClient/4.0-beta1 (java 1.4) [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1 [DEBUG] ClientParamsStack - 'http.protocol.cookie-policy': null [DEBUG] RequestAddCookies - CookieSpec selected: best-match [DEBUG] ClientParamsStack - 'http.protocol.cookie-datepatterns': null [DEBUG] ClientParamsStack - 'http.protocol.single-cookie-header': null [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1 [DEBUG] DefaultRequestDirector - Attempt 2 to execute request [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1 [DEBUG] wire - >> "GET http://www.verisign.com:80/ HTTP/1.1[EOL]" [DEBUG] wire - >> "Host: www.verisign.com:80[EOL]" [DEBUG] wire - >> "Connection: Keep-Alive[EOL]" [DEBUG] wire - >> "User-Agent: Apache-HttpClient/4.0-beta1 (java 1.4)[EOL]" [DEBUG] wire - >> "Proxy-Authorization: NTLM TlRMTVNTUAABAAAAATIAAAYABgAgAAAABwAHACYAAABQTUJFTFpQQy0xNjM0[EOL]" [DEBUG] wire - >> "[EOL]" [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1 [DEBUG] headers - >> GET http://www.verisign.com:80/ HTTP/1.1 [DEBUG] headers - >> Host: www.verisign.com:80 [DEBUG] headers - >> Connection: Keep-Alive [DEBUG] headers - >> User-Agent: Apache-HttpClient/4.0-beta1 (java 1.4) [DEBUG] headers - >> Proxy-Authorization: NTLM TlRMTVNTUAABAAAAATIAAAYABgAgAAAABwAHACYAAABQTUJFTFpQQy0xNjM0 [DEBUG] wire - << "HTTP/1.0 407 Proxy Authentication Required[EOL]" [DEBUG] wire - << "Server: squid/2.6.STABLE6-NT[EOL]" [DEBUG] wire - << "Date: Thu, 30 Oct 2008 07:21:22 GMT[EOL]" [DEBUG] wire - << "Content-Type: text/html[EOL]" [DEBUG] wire - << "Content-Length: 1359[EOL]" [DEBUG] wire - << "Expires: Thu, 30 Oct 2008 07:21:22 GMT[EOL]" [DEBUG] wire - << "X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0[EOL]" [DEBUG] wire - << "Proxy-Authenticate: NTLM TlRMTVNTUAACAAAAAAAAADgAAAABAgACL1ghbzaInKkAAAAAAAAAAAAAAAA4AAAABQLODgAAAA8= [EOL]" [DEBUG] wire - << "X-Cache: MISS from s-hqw2k3bd.pmbelz.de[EOL]" [DEBUG] wire - << "X-Cache-Lookup: NONE from s-hqw2k3bd.pmbelz.de:3128[EOL]" [DEBUG] wire - << "Via: 1.0 s-hqw2k3bd.pmbelz.de:3128 (squid/2.6.STABLE6-NT)[EOL]" [DEBUG] wire - << "Proxy-Connection: keep-alive[EOL]" [DEBUG] headers - << HTTP/1.0 407 Proxy Authentication Required [DEBUG] headers - << Server: squid/2.6.STABLE6-NT [DEBUG] headers - << Date: Thu, 30 Oct 2008 07:21:22 GMT [DEBUG] headers - << Content-Type: text/html [DEBUG] headers - << Content-Length: 1359 [DEBUG] headers - << Expires: Thu, 30 Oct 2008 07:21:22 GMT [DEBUG] headers - << X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0 [DEBUG] headers - << Proxy-Authenticate: NTLM TlRMTVNTUAACAAAAAAAAADgAAAABAgACL1ghbzaInKkAAAAAAAAAAAAAAAA4AAAABQLODgAAAA8= [DEBUG] headers - << X-Cache: MISS from s-hqw2k3bd.pmbelz.de [DEBUG] headers - << X-Cache-Lookup: NONE from s-hqw2k3bd.pmbelz.de:3128 [DEBUG] headers - << Via: 1.0 s-hqw2k3bd.pmbelz.de:3128 (squid/2.6.STABLE6-NT) [DEBUG] headers - << Proxy-Connection: keep-alive [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1 [DEBUG] ClientParamsStack - 'http.protocol.handle-redirects': null [DEBUG] ClientParamsStack - 'http.protocol.handle-authentication': null [DEBUG] DefaultRequestDirector - Proxy requested authentication [DEBUG] DefaultRequestDirector - Authorization challenge processed [DEBUG] DefaultRequestDirector - Authentication scope: NTLM <any realm>@s-hqw2k3bd:3128 [DEBUG] DefaultRequestDirector - Connection kept alive [DEBUG] wire - << "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">[\r][\n]" [DEBUG] wire - << "<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">[\r][\n]" [DEBUG] wire - << "<TITLE>ERROR: Cache Access Denied</TITLE>[\r][\n]" [DEBUG] wire - << "<STYLE type="text/css"><!--BODY{background-color:#ffffff;font-family:verdana,sans-s erif}PRE{font-family:sans-serif}--></STYLE>[\r][\n]" [DEBUG] wire - << "</HEAD>[\r][\n]" [DEBUG] wire - << "<BODY>[\r][\n]" [DEBUG] wire - << "<H1>ERROR</H1>[\r][\n]" [DEBUG] wire - << "<H2>Cache Access Denied</H2>[\r][\n]" [DEBUG] wire - << "<HR noshade size="1px">[\r][\n]" [DEBUG] wire - << "<P>[\r][\n]" [DEBUG] wire - << "While trying to retrieve the URL:[\r][\n]" [DEBUG] wire - << "<A HREF="http://www.verisign.com/">http://www.verisign.com/</A>[\r][\n]" [DEBUG] wire - << "<P>[\r][\n]" [DEBUG] wire - << "The following error was encountered:[\r][\n]" [DEBUG] wire - << "<UL>[\r][\n]" [DEBUG] wire - << "<LI>[\r][\n]" [DEBUG] wire - << "<STRONG>[\r][\n]" [DEBUG] wire - << "Cache Access Denied.[\r][\n]" [DEBUG] wire - << "</STRONG>[\r][\n]" [DEBUG] wire - << "</UL>[\r][\n]" [DEBUG] wire - << "</P>[\r][\n]" [DEBUG] wire - << "[\r][\n]" [DEBUG] wire - << "<P>Sorry, you are not currently allowed to request:[\r][\n]" [DEBUG] wire - << "<PRE> http://www.verisign.com/</PRE>[\r][\n]" [DEBUG] wire - << "from this cache until you have authenticated yourself.[\r][\n]" [DEBUG] wire - << "</P>[\r][\n]" [DEBUG] wire - << "[\r][\n]" [DEBUG] wire - << "<P>[\r][\n]" [DEBUG] wire - << "You need to use Netscape version 2.0 or greater, or Microsoft Internet[\r][\n]" [DEBUG] wire - << "Explorer 3.0, or an HTTP/1.1 compliant browser for this to work. Please[\r][\n]" [DEBUG] wire - << "contact the <A HREF="mailto:webmaster">cache administrator</a> if you have[\r][\n]" [DEBUG] wire - << "difficulties authenticating yourself or [\r][\n]" [DEBUG] wire - << "<A HREF="http://s-hqw2k3bd.pmbelz.de/cgi-bin/chpasswd.cgi">change</a> your default password.[\r][\n]" [DEBUG] wire - << "</P>[\r][\n]" [DEBUG] wire - << "[\n]" [DEBUG] wire - << "<BR clear="all">[\n]" [DEBUG] wire - << "<HR noshade size="1px">[\n]" [DEBUG] wire - << "<ADDRESS>[\n]" [DEBUG] wire - << "Generated Thu, 30 Oct 2008 07:21:22 GMT by s-hqw2k3bd.pmbelz.de (squid/2.6.STABLE6-NT)[\n]" [DEBUG] wire - << "</ADDRESS>[\n]" [DEBUG] wire - << "</BODY></HTML>[\n]" [DEBUG] ClientParamsStack - 'http.virtual-host': null [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1 [DEBUG] ClientParamsStack - 'http.default-headers': null [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1 [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1 [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1 [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1 [DEBUG] ClientParamsStack - 'http.useragent': Apache-HttpClient/4.0-beta1 (java 1.4) [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1 [DEBUG] ClientParamsStack - 'http.protocol.cookie-policy': null [DEBUG] RequestAddCookies - CookieSpec selected: best-match [DEBUG] ClientParamsStack - 'http.protocol.cookie-datepatterns': null [DEBUG] ClientParamsStack - 'http.protocol.single-cookie-header': null [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1 [DEBUG] DefaultRequestDirector - Attempt 3 to execute request [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1 [DEBUG] wire - >> "GET http://www.verisign.com:80/ HTTP/1.1[EOL]" [DEBUG] wire - >> "Host: www.verisign.com:80[EOL]" [DEBUG] wire - >> "Connection: Keep-Alive[EOL]" [DEBUG] wire - >> "User-Agent: Apache-HttpClient/4.0-beta1 (java 1.4)[EOL]" [DEBUG] wire - >> "Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAwADABwAAAACAAIAHwAAAAOAA4AhAAAAAAAAAAA AAAAAQIAALFQXDeVSLGteDvHwJgKD1gps+dbqrCndNRrH9fbKfPAzuBr4vCdkFQr/bBcqmFKClAA TQBCAEUATABaAGMAZQBjAGgAUABDAC0AMQA2ADMANAA=[EOL]" [DEBUG] wire - >> "[EOL]" [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1 [DEBUG] headers - >> GET http://www.verisign.com:80/ HTTP/1.1 [DEBUG] headers - >> Host: www.verisign.com:80 [DEBUG] headers - >> Connection: Keep-Alive [DEBUG] headers - >> User-Agent: Apache-HttpClient/4.0-beta1 (java 1.4) [DEBUG] headers - >> Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAwADABwAAAACAAIAHwAAAAOAA4AhAAAAAAAAAAA AAAAAQIAALFQXDeVSLGteDvHwJgKD1gps+dbqrCndNRrH9fbKfPAzuBr4vCdkFQr/bBcqmFKClAA TQBCAEUATABaAGMAZQBjAGgAUABDAC0AMQA2ADMANAA= [DEBUG] wire - << "HTTP/1.0 200 OK[EOL]" [DEBUG] wire - << "Server: Netscape-Enterprise/4.1[EOL]" [DEBUG] wire - << "Date: Thu, 30 Oct 2008 07:21:22 GMT[EOL]" [DEBUG] wire - << "Set-Cookie: v1st=49096073CBC7E173; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.verisign.com[EOL]" [DEBUG] wire - << "Content-Type: text/html[EOL]" [DEBUG] wire - << "X-Cache: MISS from s-hqw2k3bd.pmbelz.de[EOL]" [DEBUG] wire - << "X-Cache-Lookup: MISS from s-hqw2k3bd.pmbelz.de:3128[EOL]" [DEBUG] wire - << "Via: 1.0 s-hqw2k3bd.pmbelz.de:3128 (squid/2.6.STABLE6-NT)[EOL]" [DEBUG] wire - << "Proxy-Connection: close[EOL]" [DEBUG] headers - << HTTP/1.0 200 OK [DEBUG] headers - << Server: Netscape-Enterprise/4.1 [DEBUG] headers - << Date: Thu, 30 Oct 2008 07:21:22 GMT [DEBUG] headers - << Set-Cookie: v1st=49096073CBC7E173; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.verisign.com [DEBUG] headers - << Content-Type: text/html [DEBUG] headers - << X-Cache: MISS from s-hqw2k3bd.pmbelz.de [DEBUG] headers - << X-Cache-Lookup: MISS from s-hqw2k3bd.pmbelz.de:3128 [DEBUG] headers - << Via: 1.0 s-hqw2k3bd.pmbelz.de:3128 (squid/2.6.STABLE6-NT) [DEBUG] headers - << Proxy-Connection: close [DEBUG] ClientParamsStack - 'http.protocol.version': HTTP/1.1 ---------------------------------------- HTTP/1.0 200 OK Response content length: -1 ---------------------------------------- HTTP/1.0 200 OK Server: Netscape-Enterprise/4.1 Date: Thu, 30 Oct 2008 07:21:22 GMT Set-Cookie: v1st=49096073CBC7E173; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.verisign.com Content-Type: text/html X-Cache: MISS from s-hqw2k3bd.pmbelz.de X-Cache-Lookup: MISS from s-hqw2k3bd.pmbelz.de:3128 Via: 1.0 s-hqw2k3bd.pmbelz.de:3128 (squid/2.6.STABLE6-NT) Proxy-Connection: close ---------------------------------------- --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]