I'm planning on deploying this patch out on our servers as soon as I get the
chance. I'll let you know how it goes.
Steven
----- Original Message -----
From: "Adrian Chadd" <[EMAIL PROTECTED]>
To: "Steven Wilton" <[EMAIL PROTECTED]>
Cc: <squid-dev@squid-cache.org>
Sent: Saturday, April 15, 2006 12:53 PM
Subject: Re: problems with the squid-2.5 connection pinning
Are you planning on running this version of the patch (and the tproxy
support)
on your production caches any time soon?
I'd like to place this on my proxy servers but I don't want to be a beta
tester. Not yet, at least. :)
Adrian
On Sat, Apr 15, 2006, Steven Wilton wrote:
We've been using a patch that allows NTLM auth to work through our
proxies
for a while now. The version we're using does depend on the tproxy patch
that we've also applied, and it essentially adds the client's ip address
and port to the pconn key when the server connection is spoofing the
client's ip address. As a result of using the existing pconn code, we do
not handle the closing of the server connection any differently from any
other persistent connection failing. This has not generated errors that
I
have heard of from any client using our proxy servers, and we do
transparently proxy all our client access to web servers.
Having seen your patch, I've added the Proxy-Support: headers, and also
added a "pinning" flag to the request->flags struct to allow
identification
of a pinned connection. I've attached a modified version of the patch
we're using for comment, as it uses the existing persistent connection
methods and does not add any new sections of code that will terminate
connections (and this version will apply to the squid 2.5 tree without
needing the tproxy patch applied).
I've not looked into the http specs to see if I'm breaking any rules
here,
but in practice we're not seeing problems with this style of connection
pinning.
Steven
