Re: Proxy-Authenticate/Proxy-Authorization headers

From: Tsantilas Christos <chtsanti@dont-contact.us>
Date: Sat, 03 May 2008 15:25:38 +0300

Henrik Nordstrom wrote:
> On fre, 2008-05-02 at 19:51 +0300, Tsantilas Christos wrote:
>
>> According to the rfc standard the Proxy-Authenticate and
>> Proxy-Authorization are hop-by-hop headers but in practice there are
>> cases where these headers should forwarded.
>> Currently squid2.6 and squid3.0 forward these headers, but squid3-trunk
>> does not.
>
> 2.6 only forwards the response header, not the request header.
> Forwarding of the request header has to be explicitly enabled in
> cache_peer using the login= option. From what I can tell it's the same
> in 3.0.
>

Thanks for the tips, I forgot this option. The related code for
forwarding both the request and response headers is similar for both
squid2.6 and squid3.0, and its behavior is more or less the same.

> The response header SHOULD only get forwarded if we may forward the
> request header for the same path. No need for yet another config option
> for this.
>

Looks OK. I am not sure yet if there is all the required info to the
client side code, to decide if the response header should forwarded or
not, but I will try to find a solution....
Received on Sat May 03 2008 - 12:26:00 MDT

This archive was generated by hypermail 2.2.0 : Tue May 13 2008 - 12:00:04 MDT