Hi Henrik,
I have checked and modified the clientCheckContentLength function
I have include the METHOD_TRACE where we do not want to see a request
entity on GET/HEAD and TRACE requests .
I have tested the Trace request its working fine.
Thanks
senthil
Henrik Nordstrom wrote:
> Senthil Kumar .R wrote:
>
> > I have fixed only in two places :-
> >
> >
> > Here I am skiping the headers from the End-user for trace Request to the
> > Orginn Server.
> >
> > if ( orig_request->method != METHOD_TRACE)
> > httpHeaderAddEntry(hdr_out, httpHeaderEntryClone(e));
> > else
> > continue ;
> > }
>
> What I don't get is why?
>
> TRACE allows headers to be included, and should.. This is one of the important
> aspects of TRACE, allowing the client to see what happened with ALL the
> headers during transit..
>
> If you make Squid not forward the headers then you invalidate the value of
> TRACE as the TRACE then incorrectly will show that custom or extension
> headers is stripped out from requests in transit..
>
> > Here is the correct one , Now this will handle for the methods which has
> > Entity body.
> >
> > if (httpState->orig_request->content_length > 0)
> > if ((httpState->orig_request->content_length > 0) && (req->method !=
> > METHOD_TRACE))
> > sendHeaderDone = httpSendRequestEntry;
> > else
> > sendHeaderDone = httpSendComplete;
> >
> > I have Tested PUT and POST.
>
> This is not the correct place to deny forwarding of request entity bodies. If
> you want to make Squid strict about not allowing request entity bodies in
> TRACE then see clientCheckContentLength.
>
> By doing what you do above you break the HTTP protocol as the request will
> still signal that there is a request entity following the headers...
>
> Regards
> Henrik
-- Visit us :- http://cdn.hcltech.comReceived on Mon Jun 10 2002 - 07:59:20 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:15:40 MST