put keep at off but no change. I don't think's that it's malware, it's not all time the same username
today, 5 new usernames with the same problems between 13:20 and 16:15 i don't understand the problems :< 2016-03-30 12:56 GMT+02:00 Amos Jeffries <squ...@treenet.co.nz>: > On 30/03/2016 9:40 p.m., Olivier CALVANO wrote: > > Hi > > > > I use: > > > > ## negotiate kerberos and ntlm authentication > > auth_param negotiate program /usr/local/bin/negotiate_wrapper --ntlm > > /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp > > --kerberos /usr/lib64/squid/squid_kerb_auth -d -s GSS_C_NO_NAME > > auth_param negotiate children 100 startup=10 idle=1 > > auth_param negotiate keep_alive on > > > > ## Module d'authentification NTLM > > auth_param ntlm program /usr/bin/ntlm_auth --diagnostics > > --helper-protocol=squid-2.5-ntlmssp > > auth_param ntlm children 100 startup=10 idle=1 > > auth_param ntlm keep_alive on > > > Try with "keep_alive off" on both of those auth methods. This does not > conflict with connection keep-alive in genral, just closes the > connection at a very specific time in the auth handshake. Without that > certain IE and Firefox can have problems authenticating properly. > > Given that the client waited 20 minutes for those WU requests to happen > I doubt it is an actual user. Probably an automated WU background > process doing its thing while they happen to be logged in. Which means > the IE behaviour is relevant. > > The yahoo.fr request being 1 hr long is very odd though. That is > something I'd expect to see from a real person user. But not waiting an > hour for. Could they be infected with some toolbar malware? > > Amos > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
