Different Header Response for POST and GET

WinGate Proxy Server and other Qbik products

Switch to full style
Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems
Post a reply
PaulG
  • PaulG
  • Posts: 1
  • Joined: Jul 03 24 1:39 am

Different Header Response for POST and GET

Jul 03 24 2:24 am

WinGate V 9.4.5 Build 6015

I have configured WinGate to act as a proxy with NTLM authentication. This works with my software for GET requests, but does not work for POST requests - they return (after 3 attempts) with a 407 Authentication required.
Digging into the logs, when a GET request is issued, WinGate responds with
HTTP/1.1 407 Proxy authorization required<EOL>Proxy-Authenticate: NTLM<EOL>.....<EOL>Connection: Keep-Alive<EOL>...
The POST request response is as follows:
HTTP/1.1 407 Proxy authorization required<EOL>Proxy-Authenticate: NTLM<EOL>.....<EOL>Proxy-Connection: Keep-Alive<EOL>.....

My software responds to the GET 407 message with the initial message plus an <EOL>Proxy-Authorization: NTLM ....." header, but with the POST, it disconnects and retries the first message.
The only difference I see is the Keep-Alive header. I don't know if this is different header is correct or not - I am very new to configuring Proxies.

Is there any way of changing the response in WinGate to respond with Connection: Keep-Alive rather than Proxy-Connection: Keep-Alive?

I am also checking with the software supplier if the different messaging is causing the disconnect/reconnect cycle failure

Thanks
adrien
  • adrien
  • Posts: 5448
  • Joined: Sep 03 03 2:54 pm
  • Location: Auckland
  • Website

Re: Different Header Response for POST and GET

Jul 04 24 8:09 pm

Hi

What is the Content-Length header in the initial POST request?

There's a hack to cope with Internet Explorer who sends 0 length POSTS when it expects to be bounced for auth.

I don't think flow-chart policy will allow you to replace the Proxy-Connection header, but the software should honour it. What is the client software?

Are you certain about which party terminates the connection? You may need to check with wireshark.

Regards

Adrien
adrien
  • adrien
  • Posts: 5448
  • Joined: Sep 03 03 2:54 pm
  • Location: Auckland
  • Website

Re: Different Header Response for POST and GET

Jul 04 24 8:11 pm

p.s. in general it's troublesome to have an auth handshake (especially with NTLM) for POST, since the entire request body needs to be transferred each time in order to keep message framing and connection keepalives working. It may be possible to use some other method first (e.g. OPTIONS) to establish the connection and Auth, then send a single POST.
Post a reply
Switch to full style

Powered by phpBB © phpBB Group.

phpBB Mobile / SEO by Artodia.

Board index