Infinite Connection Attempts when provided a bad proxy password

[hhimanshu]

@ndarilek @brianm
This is what I see in my application log trace when I provide the bad password. I am using v1.9.31

Why it keeps flooding the requests? How do I stop it?

08 Oct 2015 15:46:07,937 [DEBUG] [New I/O worker #18] NettyRequestSender       | Using cached Channel [id: 0xeff83813, /192.168.0.15:54291 => /153.92.35.49:9090] for GET 'http://172.16.10.151:8080/app/lp?events=access'
08 Oct 2015 15:46:08,010 [DEBUG] [New I/O worker #18] HttpProtocol             | 

Request DefaultHttpRequest(chunked: false)
GET http://172.16.10.151:8080/app/lp?events=access HTTP/1.1
Connection: keep-alive
Host: 172.16.10.151:8080
Proxy-Authorization: Basic dG9tOmJhZA==
Accept: */*
User-Agent: AHC/1.0

Response DefaultHttpResponse(chunked: false)
HTTP/1.1 407 authenticationrequired
Via: 1.1 10.10.100.254 (McAfee Web Gateway 7.5.2.3.0.20202)
Date: Thu, 08 Oct 2015 22:46:07 GMT
Content-Type: text/html
Cache-Control: no-cache
Content-Length: 3986
Proxy-Connection: Keep-Alive
Proxy-Authenticate: NTLM
Proxy-Authenticate: Basic realm="McAfee Web Gateway"

08 Oct 2015 15:46:08,010 [DEBUG] [New I/O worker #18] HttpProtocol             | Sending proxy authentication to http://172.16.10.151:8080/app/lp?events=access
08 Oct 2015 15:46:08,011 [DEBUG] [New I/O worker #18] HttpProtocol             | Sending proxy authentication to http://172.16.10.151:8080/app/lp?events=access
08 Oct 2015 15:46:08,011 [DEBUG] [New I/O worker #18] NettyRequestSender       | Using cached Channel [id: 0xeff83813, /192.168.0.15:54291 => /153.92.35.49:9090] for GET 'http://172.16.10.151:8080/app/lp?events=access'
08 Oct 2015 15:46:08,178 [DEBUG] [New I/O worker #18] HttpProtocol             | 

Request DefaultHttpRequest(chunked: false)
GET http://172.16.10.151:8080/app/lp?events=access HTTP/1.1
Connection: keep-alive
Host: 172.16.10.151:8080
Proxy-Authorization: Basic dG9tOmJhZA==
Accept: */*
User-Agent: AHC/1.0

Response DefaultHttpResponse(chunked: false)
HTTP/1.1 407 authenticationrequired
Via: 1.1 10.10.100.254 (McAfee Web Gateway 7.5.2.3.0.20202)
Date: Thu, 08 Oct 2015 22:46:08 GMT
Content-Type: text/html
Cache-Control: no-cache
Content-Length: 3986
Proxy-Connection: Keep-Alive
Proxy-Authenticate: NTLM
Proxy-Authenticate: Basic realm="McAfee Web Gateway"

This is how we set it

    private static AsyncHttpClientConfig createConfig(
            HttpCredentials credentialsProvider, boolean useAuth,
            int connTimeOutMillis, int readTimeOutMillis, int retryCount) {
        try {
            ShnHttpConfigBuilder builder = new ShnHttpConfigBuilder(
                    credentialsProvider, useAuth);

            builder.setConnectTimeout(connTimeOutMillis);
            builder.setRequestTimeout(readTimeOutMillis);
            builder.setMaxRequestRetry(retryCount);
            builder.setCompressionEnforced(true);
            builder.setFollowRedirect(true);
            return builder.build();
        } catch (Exception e) {
            throw new RuntimeException(e);
        } 

[slandelle]

• Why doesn't your proxy respond with 403 forbidden on invalid credentials, instead of keeping on answering 407 -authentication required?
• Why does it respond with this Proxy-Authenticate: NTLM response header? It's not a valid NTLM message.

[hhimanshu]

Thank you @slandelle, when is 2.0.0 scheduled?

[slandelle]

Not ETA yet. Months

[zengelan]

@slandelle Can you port this fix to the 1.9.x branch?

[slandelle]

@zengelan That wouldn't be a backport but a full new fix, as the code as diverged a lot.

[slandelle]

I guess I'll be able to release 2.0 in one month, two at most.