diff --git a/doc/configuration.txt b/doc/configuration.txt index aac245e95..f92653975 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -7599,7 +7599,11 @@ http-reuse { never | safe | aggressive | always } with the request. Also note that connections with certain bogus authentication schemes (relying - on the connection) like NTLM are marked private and never shared. + on the connection) like NTLM are marked private if possible and never shared. + This won't be the case however when using a protocol with multiplexing + abilities and using reuse mode level value greater than the default "safe" + strategy as in this case nothing prevents the connection from being already + shared. A connection pool is involved and configurable with "pool-max-conn". diff --git a/src/http_ana.c b/src/http_ana.c index 25123265f..91aaeb451 100644 --- a/src/http_ana.c +++ b/src/http_ana.c @@ -1557,11 +1557,17 @@ int http_wait_for_response(struct stream *s, struct channel *rep, int an_bit) txn->flags |= TX_CON_WANT_TUN; } - /* check for NTML authentication headers in 401 (WWW-Authenticate) and - * 407 (Proxy-Authenticate) responses and set the connection to private + /* Check for NTML authentication headers in 401 (WWW-Authenticate) and + * 407 (Proxy-Authenticate) responses and set the connection to + * private. + * + * Note that this is not performed when using a true multiplexer unless + * connection is already attached to the session as nothing prevents it + * from being shared already by several sessions here. */ srv_conn = sc_conn(s->scb); - if (srv_conn) { + if (srv_conn && + (LIST_INLIST(&srv_conn->sess_el) || strcmp(srv_conn->mux->name, "H1") == 0)) { struct ist hdr; struct http_hdr_ctx ctx;