On Wed, 2005-03-02 at 16:31 +0100, [EMAIL PROTECTED] wrote:
> Squid 2.5 S7 usese a Bluecoat as parent proxy. Sometimes Bluecoat gives
> access-denied errors and all further requests of the user are denied.
>
> A Bluecoat administrator posted this problem in the appropiate list:
>
> http://forums.bluecoat.com/viewtopic.php?p=382#382
>
> Now there is the question:
>
> What auth mode are you using? Sounds like squid has a persistent single
> connection to ProxySG. ProxySG will remember that that session was
> authenticated as a specific user, and subsequent requests on that same TCP
> connection would be considered authenticated from that first user.
It is a blatant violation of the HTTP protocol specifications (and
incidentally is the way NTLM works).
If that is what's happening, Bluecoat needs to clean its act up. I
sincerely hope that they at least have some configuration option to turn
this behaviour off, or at least that they do not claim HTTP compliance.
Kinkie
