- From: Jamie Lokier <jamie@shareable.org>
- Date: Fri, 2 Apr 2010 23:20:04 +0100
- To: Mark Pauley <mpauley@apple.com>
- Cc: Adrien de Croy <adrien@qbik.com>, ietf-http-wg@w3.org
Mark Pauley wrote: > Practically however: I've seen that Microsoft proxy servers and web > servers that use NTLM authentication always ignore payload sent with > the initiation of the NTLM authentication. In essence, the first > request isn't really HTTP because the client really expects the > server to respond only with a 4xx message. A proxy is free to forward your request to IIS between 10am and 2pm, and to forward your request to Apache on a Linux box with no authentication after 2pm. So it is, alas, broken in this scenario. But that's the nature of the NTLM beast. -- Jamie
Received on Friday, 2 April 2010 22:20:37 UTC