Different Header Response for POST and GET

Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems

Moderator: Qbik Staff

Different Header Response for POST and GET

Postby PaulG » Jul 03 24 2:24 am

WinGate V 9.4.5 Build 6015

I have configured WinGate to act as a proxy with NTLM authentication. This works with my software for GET requests, but does not work for POST requests - they return (after 3 attempts) with a 407 Authentication required.
Digging into the logs, when a GET request is issued, WinGate responds with
HTTP/1.1 407 Proxy authorization required<EOL>Proxy-Authenticate: NTLM<EOL>.....<EOL>Connection: Keep-Alive<EOL>...
The POST request response is as follows:
HTTP/1.1 407 Proxy authorization required<EOL>Proxy-Authenticate: NTLM<EOL>.....<EOL>Proxy-Connection: Keep-Alive<EOL>.....

My software responds to the GET 407 message with the initial message plus an <EOL>Proxy-Authorization: NTLM ....." header, but with the POST, it disconnects and retries the first message.
The only difference I see is the Keep-Alive header. I don't know if this is different header is correct or not - I am very new to configuring Proxies.

Is there any way of changing the response in WinGate to respond with Connection: Keep-Alive rather than Proxy-Connection: Keep-Alive?

I am also checking with the software supplier if the different messaging is causing the disconnect/reconnect cycle failure

Thanks
PaulG
 
Posts: 1
Joined: Jul 03 24 1:39 am

Re: Different Header Response for POST and GET

Postby adrien » Jul 04 24 8:09 pm

Hi

What is the Content-Length header in the initial POST request?

There's a hack to cope with Internet Explorer who sends 0 length POSTS when it expects to be bounced for auth.

I don't think flow-chart policy will allow you to replace the Proxy-Connection header, but the software should honour it. What is the client software?

Are you certain about which party terminates the connection? You may need to check with wireshark.

Regards

Adrien
adrien
Qbik Staff
 
Posts: 5448
Joined: Sep 03 03 2:54 pm
Location: Auckland

Re: Different Header Response for POST and GET

Postby adrien » Jul 04 24 8:11 pm

p.s. in general it's troublesome to have an auth handshake (especially with NTLM) for POST, since the entire request body needs to be transferred each time in order to keep message framing and connection keepalives working. It may be possible to use some other method first (e.g. OPTIONS) to establish the connection and Auth, then send a single POST.
adrien
Qbik Staff
 
Posts: 5448
Joined: Sep 03 03 2:54 pm
Location: Auckland


Return to WinGate

Who is online

Users browsing this forum: Google [Bot] and 7 guests