Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Subscribers 1 subscriber
  • Views 2255 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Double request for files from webcid

Placebo

I noticed in the logs of my web-server, running my webcid, that the new Sophos update client (v2.5.8.263) included with 9.7.x does 2 requests for every file.

2011-05-13 11:42:51 xx.xx.xx.xx GET /win/savxp/auto-bpt.ide - 80 - xx.xx.xx.xx SophosAutoUpdate/2.5.8.263+SDDS/1.0+(u="sophosupd"+c="c4fd9cf1-d3c7-4251-969b-d8b045e60698") 401 2 5 0
2011-05-13 11:42:51 xx.xx.xx.xx GET /win/savxp/auto-bpt.ide - 80 sophosupd xx.xx.xx.xx SophosAutoUpdate/2.5.8.263+SDDS/1.0+(u="sophosupd"+c="c4fd9cf1-d3c7-4251-969b-d8b045e60698") 200 0 0 0

The first one without authentication, which gets denied (401) and the second one with authentication.

I have configured authentication so I would expect only a authenticated request. 
Older clients, v2.5.1.212 and v2.5.5.231 don't do this.

I already opened a support ticket for this but I was wondering if anybody else sees this behavior?

:12957


This thread was automatically locked due to age.
Parents
  • 0

    Well, Douglas, IMO it does not make sense to send within milliseconds another unauthorized request to a webserver which only offered basic. Up to and including 9.5 the requests following a 401 response included the necessary Authentication: header. So if AU determines that digest is not available (even if preferred) it should use basic for the current update.  And I wonder why digest should be the method "sought for" as article 27539 (and similarly 12134) says: 'Digest' authentication may fail on some web servers. Change authentication to only Integrated, restart IIS and test updating again.

    Christian

    :13041
Reply
  • 0

    Well, Douglas, IMO it does not make sense to send within milliseconds another unauthorized request to a webserver which only offered basic. Up to and including 9.5 the requests following a 401 response included the necessary Authentication: header. So if AU determines that digest is not available (even if preferred) it should use basic for the current update.  And I wonder why digest should be the method "sought for" as article 27539 (and similarly 12134) says: 'Digest' authentication may fail on some web servers. Change authentication to only Integrated, restart IIS and test updating again.

    Christian

    :13041
Children
No Data