Re: Windows NTLM authenticator

From: Serassio Guido <guido.serassio@dont-contact.us>
Date: Tue, 09 Sep 2003 12:34:04 +0200

At 11.59 09/09/2003, Henrik Nordstrom wrote:

>On Tuesday 09 September 2003 11.36, Serassio Guido wrote:
>
> > Ok, now I'm running 5 helpers, but the problem is still here:
> >
> > After 2 - 3 minutes of web navigation, two consecutive KK to the
> > same helper, the helper report the fails to squid with BH after the
> > second KK and the browser pop-ups for authentication.
>
>should not happen in your conditions. If it happens there is a bug in
>Squid.
>
>Is there any clue in the access.log traces?

I can't see nothing of special.

What I have made:

1. Closed all browsers.
2. Restarted Squid with log_mime_hdrs on
3. Opened IE on a 2003 machine named sirio with sg\serassio user, looking
winxp.bink.nu, all OK
4. Opened IE on a NT 4 machine named vega (my DC) with SG\administrator
user: immediately authentication pop-up
5. see cachemgr: only 3/5 helpers used
6. hit cancel on NT 4, the page failed and after reloaded fine another page

this is cache.log with helpers detailed debugging:

2003/09/09 12:18:44| store_swap_size = 352284k
2003/09/09 12:18:44| storeLateRelease: released 0 objects
ntlm-auth[1484]: Got 'YR' from Squid
ntlm-auth[1484]: attempting SSPI challenge retrieval
ntlm-auth[1484]: Got it
ntlm-auth[1484]: sending 'TT' to squid with data:
[0000] 4E 54 4C 4D 53 53 50 00 02 00 00 00 00 00 00 00 NTLMSSP. ........
[0010] 30 00 00 00 82 82 00 00 77 22 31 81 0A A7 C7 8E 0....... w.1.....
[0020] 00 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 ........ ....0...
ntlm-auth[1484]: Got 'KK' from Squid with data:
[0000] 4E 54 4C 4D 53 53 50 00 03 00 00 00 18 00 18 00 NTLMSSP. ........
[0010] 57 00 00 00 18 00 18 00 6F 00 00 00 02 00 02 00 W....... o.......
[0020] 48 00 00 00 08 00 08 00 4A 00 00 00 05 00 05 00 H....... J.......
[0030] 52 00 00 00 00 00 00 00 87 00 00 00 06 82 00 02 R....... ........
[0040] 05 02 CE 0E 00 00 00 0F 53 47 53 45 52 41 53 53 ........ SGSERASS
[0050] 49 4F 53 49 52 49 4F 79 F6 74 7B CD A6 CD 5B F8 IOSIRIOy .t......
[0060] D8 16 0B 52 B9 13 D6 B4 45 5D 41 0C CA 79 73 79 ...R.... E.A..ysy
[0070] F6 74 7B CD A6 CD 5B F8 D8 16 0B 52 B9 13 D6 B4 .t...... ...R....
[0080] 45 5D 41 0C CA 79 73 E.A..ys
ntlm-auth[1484]: checking domain: 'SG', user: 'SERASSIO'
ntlm-auth[1484]: Login attempt had result 1
ntlm-auth[1484]: credentials: SG\SERASSIO
ntlm-auth[1484]: sending 'AF sg\serassio' to squid
ntlm-auth[1484]: Got 'YR' from Squid
ntlm-auth[1484]: attempting SSPI challenge retrieval
ntlm-auth[1484]: Got it
ntlm-auth[1484]: sending 'TT' to squid with data:
[0000] 4E 54 4C 4D 53 53 50 00 02 00 00 00 00 00 00 00 NTLMSSP. ........
[0010] 30 00 00 00 82 82 00 00 5D 98 5B 4E 4A 45 CA A7 0....... ...NJE..
[0020] 00 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 ........ ....0...
ntlm-auth[1484]: Got 'KK' from Squid with data:
[0000] 4E 54 4C 4D 53 53 50 00 03 00 00 00 18 00 18 00 NTLMSSP. ........
[0010] 57 00 00 00 18 00 18 00 6F 00 00 00 02 00 02 00 W....... o.......
[0020] 48 00 00 00 08 00 08 00 4A 00 00 00 05 00 05 00 H....... J.......
[0030] 52 00 00 00 00 00 00 00 87 00 00 00 06 82 00 02 R....... ........
[0040] 05 02 CE 0E 00 00 00 0F 53 47 53 45 52 41 53 53 ........ SGSERASS
[0050] 49 4F 53 49 52 49 4F A3 E9 24 2E 28 11 45 74 2F IOSIRIO. .....Et.
[0060] 25 12 EA F2 D9 E2 2E 21 E8 A3 A5 7F CB E6 40 A3 ........ ........
[0070] E9 24 2E 28 11 45 74 2F 25 12 EA F2 D9 E2 2E 21 .....Et. ........
[0080] E8 A3 A5 7F CB E6 40 .......
ntlm-auth[1484]: checking domain: 'SG', user: 'SERASSIO'
ntlm-auth[1432]: Got 'YR' from Squid
ntlm-auth[1432]: attempting SSPI challenge retrieval
ntlm-auth[1432]: Got it
ntlm-auth[1432]: sending 'TT' to squid with data:
[0000] 4E 54 4C 4D 53 53 50 00 02 00 00 00 00 00 00 00 NTLMSSP. ........
[0010] 30 00 00 00 82 82 00 00 30 10 C6 49 39 53 1B AA 0....... 0..I9S..
[0020] 00 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 ........ ....0...
ntlm-auth[1484]: Login attempt had result 1
ntlm-auth[1484]: credentials: SG\SERASSIO
ntlm-auth[1484]: sending 'AF sg\serassio' to squid
ntlm-auth[1400]: Got 'YR' from Squid
ntlm-auth[1400]: attempting SSPI challenge retrieval
ntlm-auth[1400]: Got it
ntlm-auth[1432]: Got 'KK' from Squid with data:
[0000] 4E 54 4C 4D 53 53 50 00 03 00 00 00 18 00 18 00 NTLMSSP. ........
[0010] 57 00 00 00 18 00 18 00 6F 00 00 00 02 00 02 00 W....... o.......
[0020] 48 00 00 00 08 00 08 00 4A 00 00 00 05 00 05 00 H....... J.......
[0030] 52 00 00 00 00 00 00 00 87 00 00 00 06 82 00 02 R....... ........
[0040] 05 02 CE 0E 00 00 00 0F 53 47 53 45 52 41 53 53 ........ SGSERASS
[0050] 49 4F 53 49 52 49 4F 26 63 93 69 53 28 9F A4 72 IOSIRIO. c.iS...r
[0060] 61 37 32 DD 4E 4A DE 80 F6 CF 75 CA 68 9B 11 26 a72.NJ.. ..u.h...
[0070] 63 93 69 53 28 9F A4 72 61 37 32 DD 4E 4A DE 80 c.iS...r a72.NJ..
[0080] F6 CF 75 CA 68 9B 11 ..u.h..
ntlm-auth[1432]: checking domain: 'SG', user: 'SERASSIO'
ntlm-auth[1400]: sending 'TT' to squid with data:
[0000] 4E 54 4C 4D 53 53 50 00 02 00 00 00 00 00 00 00 NTLMSSP. ........
[0010] 30 00 00 00 82 82 00 00 3F 69 64 F6 02 6E E8 82 0....... .id..n..
[0020] 00 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 ........ ....0...
ntlm-auth[1432]: Login attempt had result 1
ntlm-auth[1432]: credentials: SG\SERASSIO
ntlm-auth[1432]: sending 'AF sg\serassio' to squid
ntlm-auth[1400]: Got 'KK' from Squid with data:
[0000] 4E 54 4C 4D 53 53 50 00 03 00 00 00 18 00 18 00 NTLMSSP. ........
[0010] 57 00 00 00 18 00 18 00 6F 00 00 00 02 00 02 00 W....... o.......
[0020] 48 00 00 00 08 00 08 00 4A 00 00 00 05 00 05 00 H....... J.......
[0030] 52 00 00 00 00 00 00 00 87 00 00 00 06 82 00 02 R....... ........
[0040] 05 02 CE 0E 00 00 00 0F 53 47 53 45 52 41 53 53 ........ SGSERASS
[0050] 49 4F 53 49 52 49 4F 02 BF 3D FE 7E 5B 87 1B 1A IOSIRIO. ........
[0060] 7B 58 73 F3 89 24 C2 E3 FD 8C 5B AE 5B B6 D5 02 .Xs..... ........
[0070] BF 3D FE 7E 5B 87 1B 1A 7B 58 73 F3 89 24 C2 E3 ........ .Xs.....
[0080] FD 8C 5B AE 5B B6 D5 .......
ntlm-auth[1400]: checking domain: 'SG', user: 'SERASSIO'
ntlm-auth[1484]: Got 'YR' from Squid
ntlm-auth[1484]: attempting SSPI challenge retrieval
ntlm-auth[1484]: Got it
ntlm-auth[1484]: sending 'TT' to squid with data:
[0000] 4E 54 4C 4D 53 53 50 00 02 00 00 00 00 00 00 00 NTLMSSP. ........
[0010] 30 00 00 00 82 82 00 00 72 1F DF B8 58 A5 54 E1 0....... r...X.T.
[0020] 00 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 ........ ....0...
ntlm-auth[1400]: Login attempt had result 1
ntlm-auth[1400]: credentials: SG\SERASSIO
ntlm-auth[1400]: sending 'AF sg\serassio' to squid
ntlm-auth[1484]: Got 'KK' from Squid with data:
[0000] 4E 54 4C 4D 53 53 50 00 03 00 00 00 18 00 18 00 NTLMSSP. ........
[0010] 57 00 00 00 18 00 18 00 6F 00 00 00 02 00 02 00 W....... o.......
[0020] 48 00 00 00 08 00 08 00 4A 00 00 00 05 00 05 00 H....... J.......
[0030] 52 00 00 00 00 00 00 00 87 00 00 00 06 82 00 02 R....... ........
[0040] 05 02 CE 0E 00 00 00 0F 53 47 53 45 52 41 53 53 ........ SGSERASS
[0050] 49 4F 53 49 52 49 4F 37 46 8D 07 2C BD 34 63 96 IOSIRIO7 F....4c.
[0060] 3A 67 86 BB 1C 1D 67 7F C6 D6 7A C7 4C D9 C1 37 .g....g. ..z.L..7
[0070] 46 8D 07 2C BD 34 63 96 3A 67 86 BB 1C 1D 67 7F F....4c. .g....g.
[0080] C6 D6 7A C7 4C D9 C1 ..z.L..
ntlm-auth[1484]: checking domain: 'SG', user: 'SERASSIO'
ntlm-auth[1484]: Login attempt had result 1
ntlm-auth[1484]: credentials: SG\SERASSIO
ntlm-auth[1484]: sending 'AF sg\serassio' to squid
ntlm-auth[1484]: Got 'KK' from Squid with data:
[0000] 4E 54 4C 4D 53 53 50 00 03 00 00 00 18 00 18 00 NTLMSSP. ........
[0010] 53 00 00 00 18 00 18 00 6B 00 00 00 02 00 02 00 S....... k.......
[0020] 40 00 00 00 0D 00 0D 00 42 00 00 00 04 00 04 00 ........ B.......
[0030] 4F 00 00 00 00 00 00 00 83 00 00 00 02 82 00 00 O....... ........
[0040] 53 47 41 44 4D 49 4E 49 53 54 52 41 54 4F 52 56 SGADMINI STRATORV
[0050] 45 47 41 93 7C F6 9C D0 8B FE AA BC 4D 60 DE 6D EGA..... ....M..m
[0060] 38 14 AE 23 58 CC 86 67 95 96 14 53 67 65 9E D8 8...X..g ...Sge..
[0070] 51 2D 75 30 69 D2 83 6E 71 AD 94 4C 2C E4 D3 80 Q.u0i..n q..L....
[0080] 64 9A DF 00 d...
ntlm-auth[1484]: sending 'BH invalid challenge' to squid
2003/09/09 12:19:52| CACHEMGR: manager@127.0.0.1 requesting 'ntlmauthenticator'
ntlm-auth[1484]: Got 'YR' from Squid
ntlm-auth[1484]: attempting SSPI challenge retrieval
ntlm-auth[1484]: Got it
ntlm-auth[1484]: sending 'TT' to squid with data:
[0000] 4E 54 4C 4D 53 53 50 00 02 00 00 00 00 00 00 00 NTLMSSP. ........
[0010] 30 00 00 00 82 82 00 00 D6 6E 8B 6F 92 5F 9D E5 0....... .n.o....
[0020] 00 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 ........ ....0...
ntlm-auth[1484]: Got 'KK' from Squid with data:
[0000] 4E 54 4C 4D 53 53 50 00 03 00 00 00 18 00 18 00 NTLMSSP. ........
[0010] 53 00 00 00 18 00 18 00 6B 00 00 00 02 00 02 00 S....... k.......
[0020] 40 00 00 00 0D 00 0D 00 42 00 00 00 04 00 04 00 ........ B.......
[0030] 4F 00 00 00 00 00 00 00 83 00 00 00 02 82 00 00 O....... ........
[0040] 53 47 41 44 4D 49 4E 49 53 54 52 41 54 4F 52 56 SGADMINI STRATORV
[0050] 45 47 41 7B D6 C2 86 E2 62 9C 89 B6 B3 EC 49 D2 EGA..... b.....I.
[0060] C3 83 49 B8 50 A8 CE 6D 10 EF B1 44 94 DE 66 73 ..I.P..m ...D..fs
[0070] B5 47 96 00 53 1C 5F 21 D8 A1 69 E9 D4 CC 57 44 .G..S... ..i...WD
[0080] 9D 4F 7C 00 .O..
ntlm-auth[1484]: checking domain: 'SG', user: 'ADMINISTRATOR'
ntlm-auth[1484]: Login attempt had result 1
ntlm-auth[1484]: credentials: SG\ADMINISTRATOR
ntlm-auth[1484]: sending 'AF sg\administrator' to squid

and this is the access log fragment:

1063102749.775 234 sirio.sg.private TCP_MISS/200 435 GET
http://winxp.bink.nu/BinkPortal/images/DarkLeftTab.gif sg\serassio
DIRECT/194.109.152.206 image/gif [Accept: */*\r\nReferer:
http://winxp.bink.nu/BinkPortal/DesktopDefault.aspx?tabindex=3&tabid=10\r\nAccept-Language:
it\r\nProxy-Connection: Keep-Alive\r\nUser-Agent: Mozilla/4.0 (compatible;
MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)\r\nHost: winxp.bink.nu\r\n]
[HTTP/1.1 200 OK\r\nContent-Length: 118\r\nContent-Type:
image/gif\r\nLast-Modified: Sat, 30 Aug 2003 23:19:24 GMT\r\nAccept-Ranges:
bytes\r\nETag: "30745a264d6fc31:35d1"\r\nServer:
Microsoft-IIS/6.0\r\nX-Powered-By: ASP.NET\r\nDate: Tue, 09 Sep 2003
10:19:09 GMT\r\nConnection: keep-alive\r\n\r]
1063102749.853 312 sirio.sg.private TCP_MISS/200 409 GET
http://winxp.bink.nu/BinkPortal/images/NormalLeftTab.gif sg\serassio
DIRECT/194.109.152.206 image/gif [Accept: */*\r\nReferer:
http://winxp.bink.nu/BinkPortal/DesktopDefault.aspx?tabindex=3&tabid=10\r\nAccept-Language:
it\r\nProxy-Connection: Keep-Alive\r\nUser-Agent: Mozilla/4.0 (compatible;
MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)\r\nHost: winxp.bink.nu\r\n]
[HTTP/1.1 200 OK\r\nContent-Length: 93\r\nContent-Type:
image/gif\r\nLast-Modified: Sat, 30 Aug 2003 23:20:30 GMT\r\nAccept-Ranges:
bytes\r\nETag: "f0be884d4d6fc31:35d1"\r\nServer:
Microsoft-IIS/6.0\r\nX-Powered-By: ASP.NET\r\nDate: Tue, 09 Sep 2003
10:19:09 GMT\r\nConnection: keep-alive\r\n\r]
1063102750.025 250 sirio.sg.private TCP_MISS/200 288 GET
http://m1.nedstatbasic.net/n? sg\serassio DIRECT/212.72.38.71 image/gif
[Accept: */*\r\nReferer:
http://winxp.bink.nu/BinkPortal/DesktopDefault.aspx?tabindex=3&tabid=10\r\nAccept-Language:
it\r\nProxy-Connection: Keep-Alive\r\nUser-Agent: Mozilla/4.0 (compatible;
MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)\r\nHost:
m1.nedstatbasic.net\r\n] [HTTP/1.0 200 OK\r\nContent-Type:
image/gif\r\nContent-Length: 156\r\n\r]
1063102750.728 953 sirio.sg.private TCP_MISS/200 6552 GET
http://pagead2.googlesyndication.com/pagead/ads? sg\serassio
DIRECT/216.239.41.104 text/html [Accept: image/gif, image/x-xbitmap,
image/jpeg, image/pjpeg, */*\r\nReferer:
http://winxp.bink.nu/BinkPortal/DesktopDefault.aspx?tabindex=3&tabid=10\r\nAccept-Language:
it\r\nProxy-Connection: Keep-Alive\r\nUser-Agent: Mozilla/4.0 (compatible;
MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)\r\nHost:
pagead2.googlesyndication.com\r\n] [HTTP/1.0 200 OK\r\nConnection:
Keep-Alive\r\nDate: Tue, 09 Sep 2003 10:19:10 GMT\r\nContent-Type:
text/html; charset=ISO-8859-1\r\nServer: CAFE/1.0\r\nContent-length:
6344\r\n\r]
1063102762.478 15 vega.sg.private TCP_DENIED/407 1837 GET
http://www.microsoft.com/isapi/redir.dll? - NONE/- text/html [Accept:
*/*\r\nAccept-Language: en-us\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE
6.0; Windows NT 4.0)\r\nHost: www.microsoft.com\r\nProxy-Connection:
Keep-Alive\r\n] [HTTP/1.0 407 Proxy Authentication Required\r\nServer:
squid/2.5.STABLE3-NT-CVS\r\nMime-Version: 1.0\r\nDate: Tue, 09 Sep 2003
10:19:22 GMT\r\nContent-Type: text/html\r\nContent-Length: 1418\r\nExpires:
Tue, 09 Sep 2003 10:19:22 GMT\r\nX-Squid-Error: ERR_CACHE_ACCESS_DENIED
0\r\nProxy-Authenticate: NTLM\r\nProxy-Authenticate: Basic realm="Squid
proxy-caching web server"\r\n\r]
1063102762.963 16 vega.sg.private TCP_DENIED/407 1841 GET
http://www.microsoft.com/isapi/redir.dll? - NONE/- text/html [Accept:
*/*\r\nAccept-Language: en-us\r\nProxy-Authorization: NTLM
TlRMTVNTUAABAAAAB7IIAAIAAgAkAAAABAAEACAAAABWRUdBU0c=\r\nUser-Agent:
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 4.0)\r\nHost:
www.microsoft.com\r\nProxy-Connection: Keep-Alive\r\n] [HTTP/1.0 407 Proxy
Authentication Required\r\nServer:
squid/2.5.STABLE3-NT-CVS\r\nMime-Version: 1.0\r\nDate: Tue, 09 Sep 2003
10:19:22 GMT\r\nContent-Type: text/html\r\nContent-Length: 1418\r\nExpires:
Tue, 09 Sep 2003 10:19:22 GMT\r\nX-Squid-Error: ERR_CACHE_ACCESS_DENIED
0\r\nProxy-Authenticate: NTLM
TlRMTVNTUAACAAAAAAAAADAAAACCggAAch/fuFilVOEAAAAAAAAAAAAAAAAwAAAA\r\n\r]
1063102762.994 16 vega.sg.private TCP_DENIED/407 1771 GET
http://www.microsoft.com/isapi/redir.dll? - NONE/- text/html [Accept:
*/*\r\nAccept-Language: en-us\r\nProxy-Authorization: NTLM
TlRMTVNTUAADAAAAGAAYAFMAAAAYABgAawAAAAIAAgBAAAAADQANAEIAAAAEAAQATwAAAAAAAACDAAAAAoIAAFNHQURNSU5JU1RSQVRPUlZFR0GTfPac0Iv+qrxNYN5tOBSuI1jMhmeVlhRTZ2We2FEtdTBp0oNuca2UTCzk04Bkmt8=\r\nUser-Agent:
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 4.0)\r\nHost:
www.microsoft.com\r\nProxy-Connection: Keep-Alive\r\n] [HTTP/1.0 407 Proxy
Authentication Required\r\nServer:
squid/2.5.STABLE3-NT-CVS\r\nMime-Version: 1.0\r\nDate: Tue, 09 Sep 2003
10:19:22 GMT\r\nContent-Type: text/html\r\nContent-Length: 1418\r\nExpires:
Tue, 09 Sep 2003 10:19:22 GMT\r\nX-Squid-Error: ERR_CACHE_ACCESS_DENIED
0\r\nProxy-Authenticate: NTLM\r\n\r]
1063102792.385 0 localhost TCP_MISS/200 1057 GET
cache_object://localhost.sg.private/ntlmauthenticator - NONE/- text/plain
[Accept: */*\r\nAuthorization: Basic
bWFuYWdlcjpzZWNyZXQ=\r\nProxy-Authorization: Basic
bWFuYWdlcjpzZWNyZXQ=\r\n] [HTTP/1.0 200 OK\r\nServer:
squid/2.5.STABLE3-NT-CVS\r\nMime-Version: 1.0\r\nDate: Tue, 09 Sep 2003
10:19:52 GMT\r\nContent-Type: text/plain\r\nExpires: Tue, 09 Sep 2003
10:19:52 GMT\r\nLast-Modified: Tue, 09 Sep 2003 10:19:52 GMT\r\n\r]
1063102888.557 0 vega.sg.private TCP_DENIED/407 1855 GET
http://gw.virgilio.it/webkit/102000.scud_o2.gif - NONE/- text/html [Accept:
*/*\r\nReferer: http://www.sg.private/menu.htm\r\nAccept-Language:
en-us\r\nProxy-Connection: Keep-Alive\r\nUser-Agent: Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 4.0)\r\nHost: gw.virgilio.it\r\n]
[HTTP/1.0 407 Proxy Authentication Required\r\nServer:
squid/2.5.STABLE3-NT-CVS\r\nMime-Version: 1.0\r\nDate: Tue, 09 Sep 2003
10:21:28 GMT\r\nContent-Type: text/html\r\nContent-Length: 1436\r\nExpires:
Tue, 09 Sep 2003 10:21:28 GMT\r\nX-Squid-Error: ERR_CACHE_ACCESS_DENIED
0\r\nProxy-Authenticate: NTLM\r\nProxy-Authenticate: Basic realm="Squid
proxy-caching web server"\r\n\r]
1063102888.604 16 vega.sg.private TCP_DENIED/407 1859 GET
http://gw.virgilio.it/webkit/102000.scud_o2.gif - NONE/- text/html [Accept:
*/*\r\nReferer: http://www.sg.private/menu.htm\r\nAccept-Language:
en-us\r\nProxy-Connection: Keep-Alive\r\nUser-Agent: Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 4.0)\r\nHost:
gw.virgilio.it\r\nProxy-Authorization: NTLM
TlRMTVNTUAABAAAAB7IIAAIAAgAkAAAABAAEACAAAABWRUdBU0c=\r\n] [HTTP/1.0 407
Proxy Authentication Required\r\nServer:
squid/2.5.STABLE3-NT-CVS\r\nMime-Version: 1.0\r\nDate: Tue, 09 Sep 2003
10:21:28 GMT\r\nContent-Type: text/html\r\nContent-Length: 1436\r\nExpires:
Tue, 09 Sep 2003 10:21:28 GMT\r\nX-Squid-Error: ERR_CACHE_ACCESS_DENIED
0\r\nProxy-Authenticate: NTLM
TlRMTVNTUAACAAAAAAAAADAAAACCggAA1m6Lb5JfneUAAAAAAAAAAAAAAAAwAAAA\r\n\r]
1063102889.041 406 vega.sg.private TCP_MISS/302 579 GET
http://gw.virgilio.it/webkit/102000.scud_o2.gif sg\administrator
DIRECT/212.48.3.35 text/html [Accept: */*\r\nReferer:
http://www.sg.private/menu.htm\r\nAccept-Language:
en-us\r\nProxy-Connection: Keep-Alive\r\nUser-Agent: Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 4.0)\r\nHost:
gw.virgilio.it\r\nProxy-Authorization: NTLM
TlRMTVNTUAADAAAAGAAYAFMAAAAYABgAawAAAAIAAgBAAAAADQANAEIAAAAEAAQATwAAAAAAAACDAAAAAoIAAFNHQURNSU5JU1RSQVRPUlZFR0F71sKG4mKcibaz7EnSw4NJuFCozm0Q77FElN5mc7VHlgBTHF8h2KFp6dTMV0SdT3w=\r\n]
[HTTP/1.1 302 Found\r\nDate: Tue, 09 Sep 2003 10:21:29 GMT\r\nServer:
Apache/1.3.27 (Unix) mod_perl/1.27\r\nLocation:
http://www.virgilio.it/tools/webkit/scud_o2.gif\r\nConnection:
close\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r]
1063102889.104 16 vega.sg.private TCP_DENIED/407 1855 GET
http://www.virgilio.it/tools/webkit/scud_o2.gif - NONE/- text/html [Accept:
*/*\r\nReferer: http://www.sg.private/menu.htm\r\nAccept-Language:
en-us\r\nProxy-Connection: Keep-Alive\r\nUser-Agent: Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 4.0)\r\nIf-Modified-Since: Mon, 20 Dec
1999 11:31:46 GMT; length=460\r\nHost: www.virgilio.it\r\n] [HTTP/1.0 407
Proxy Authentication Required\r\nServer:
squid/2.5.STABLE3-NT-CVS\r\nMime-Version: 1.0\r\nDate: Tue, 09 Sep 2003
10:21:29 GMT\r\nContent-Type: text/html\r\nContent-Length: 1436\r\nExpires:
Tue, 09 Sep 2003 10:21:29 GMT\r\nX-Squid-Error: ERR_CACHE_ACCESS_DENIED
0\r\nProxy-Authenticate: NTLM\r\nProxy-Authenticate: Basic realm="Squid
proxy-caching web server"\r\n\r]
1063102889.135 15 vega.sg.private TCP_DENIED/407 1859 GET
http://www.virgilio.it/tools/webkit/scud_o2.gif - NONE/- text/html [Accept:
*/*\r\nReferer: http://www.sg.private/menu.htm\r\nAccept-Language:
en-us\r\nProxy-Connection: Keep-Alive\r\nUser-Agent: Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 4.0)\r\nIf-Modified-Since: Mon, 20 Dec
1999 11:31:46 GMT; length=460\r\nProxy-Authorization: NTLM
TlRMTVNTUAABAAAAB7IIAAIAAgAkAAAABAAEACAAAABWRUdBU0c=\r\nHost:
www.virgilio.it\r\n] [HTTP/1.0 407 Proxy Authentication Required\r\nServer:
squid/2.5.STABLE3-NT-CVS\r\nMime-Version: 1.0\r\nDate: Tue, 09 Sep 2003
10:21:29 GMT\r\nContent-Type: text/html\r\nContent-Length: 1436\r\nExpires:
Tue, 09 Sep 2003 10:21:29 GMT\r\nX-Squid-Error: ERR_CACHE_ACCESS_DENIED
0\r\nProxy-Authenticate: NTLM
TlRMTVNTUAACAAAAAAAAADAAAACCggAA1m6Lb5JfneUAAAAAAAAAAAAAAAAwAAAA\r\n\r]
1063102889.166 0 vega.sg.private TCP_IMS_HIT/304 214 GET
http://www.virgilio.it/tools/webkit/scud_o2.gif sg\administrator NONE/-
image/gif [Accept: */*\r\nReferer:
http://www.sg.private/menu.htm\r\nAccept-Language:
en-us\r\nProxy-Connection: Keep-Alive\r\nUser-Agent: Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 4.0)\r\nIf-Modified-Since: Mon, 20 Dec
1999 11:31:46 GMT; length=460\r\nProxy-Authorization: NTLM
TlRMTVNTUAADAAAAGAAYAFMAAAAYABgAawAAAAIAAgBAAAAADQANAEIAAAAEAAQATwAAAAAAAACDAAAAAoIAAFNHQURNSU5JU1RSQVRPUlZFR0F71sKG4mKcibaz7EnSw4NJuFCozm0Q77FElN5mc7VHlgBTHF8h2KFp6dTMV0SdT3w=\r\nHost:
www.virgilio.it\r\n] [HTTP/1.0 304 Not Modified\r\nDate: Fri, 20 Dec 2002
19:44:57 GMT\r\nContent-Type: image/gif\r\nLast-Modified: Mon, 20 Dec 1999
11:31:46 GMT\r\n\r]

Regards

Guido

-
========================================================
Guido Serassio
Acme Consulting S.r.l.
Via Gorizia, 69 10136 - Torino - ITALY
Tel. : +39.011.3249426 Fax. : +39.011.3293665
Email: guido.serassio@acmeconsulting.it
WWW: http://www.acmeconsulting.it/
Received on Tue Sep 09 2003 - 04:34:46 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:20:41 MST