I'm behind a squid proxy server (2.5.STABLE13) and am using NTLMAPS to allow another tool to talk through it.
The tool (rubygems) makes HEAD requests to obtain info about whether it needs to do a GET of a resource. The HEAD request fails.
What I've found is the processing of the HEAD response needs to be aware of when the response is associated with doing the authentication against the squid proxy (though which step it is in that process I can't remember).
I've attached a patch that fixes the problem. You'll note that I've added a 'mode' parameter to allow for an exception to the generic handling of HEAD responses.
However, I'm not sure that all HEAD processing cases are correctly handled, so there may need to be some more work done (but please don't ask me because I only know enough python to do a little bit of debugging :-).
NOTE: The patch file _requires_ you to have applied that patch with bug 1647195 (I'm not sure if those features are needed, I just made the change agains 0.9.9.6 patched with that patch).
NOTE: The patch was created assuming you have the 0.9.9.6 distro (ie: the directory name is in the patch).