Senthil Kumar .R wrote:
> I have fixed only in two places :-
>
>
> Here I am skiping the headers from the End-user for trace Request to the
> Orginn Server.
>
> if ( orig_request->method != METHOD_TRACE)
> httpHeaderAddEntry(hdr_out, httpHeaderEntryClone(e));
> else
> continue ;
> }
What I don't get is why?
TRACE allows headers to be included, and should.. This is one of the important
aspects of TRACE, allowing the client to see what happened with ALL the
headers during transit..
If you make Squid not forward the headers then you invalidate the value of
TRACE as the TRACE then incorrectly will show that custom or extension
headers is stripped out from requests in transit..
> Here is the correct one , Now this will handle for the methods which has
> Entity body.
>
> if (httpState->orig_request->content_length > 0)
> if ((httpState->orig_request->content_length > 0) && (req->method !=
> METHOD_TRACE))
> sendHeaderDone = httpSendRequestEntry;
> else
> sendHeaderDone = httpSendComplete;
>
> I have Tested PUT and POST.
This is not the correct place to deny forwarding of request entity bodies. If
you want to make Squid strict about not allowing request entity bodies in
TRACE then see clientCheckContentLength.
By doing what you do above you break the HTTP protocol as the request will
still signal that there is a request entity following the headers...
Regards
Henrik
Received on Fri Jun 07 2002 - 03:20:53 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:15:40 MST