Re: Squid-3 and HTTP/1.1 from Alex Rousskov on 2010-01-27 (squid-dev)

From: Alex Rousskov <rousskov_at_measurement-factory.com>
Date: Wed, 27 Jan 2010 22:49:58 -0700

On 01/09/2010 04:10 AM, Amos Jeffries wrote:
> Alex Rousskov wrote:
>> On 09/12/2009 05:36 AM, Amos Jeffries wrote:
>>> Updating the checklist today I again wonder if we can repeat the step
>>> from 2.7 and enable HTTP/1.1 on requests sent to servers
>>>
>>> As far as I can see the missing bits 3.2 needs to take that step are:
>>>
>>> - reject http-Upgrade requests from clients.
>>> - reject Expect-100 requests from clients.
>>>
>>> anything else?
>>>
>>> NP: both of those are temporary measures to prevent passing something
>>> through to the server that will get us into trouble. Until we get real
>>> support for them ready.
>>>
>>>
>>> PS... Alex and co, what hardware/system requirements are needed to run
>>> one of the audits?
>>
>> There are pretty much no special requirements other than internet
>> connectivity because one can use Co-Advisor hosted on the Factory
>> server. Linux RPMs can be used if remote testing is not possible. The
>> tool does not require a fast CPU and 512MB RAM should be sufficient.
>>
>> Alex.
>
> Okay, wonderful.
> Then could we get things moving towards an audit of 3.1.0.16 when it
> happens next month please? possibly with a followup for 3.1.1 when the
> bits that first audit finds are fixed.

Will do. I should update Sheet2 of the wonderful Features/HTTP11
spreadsheet, right? Please consider it "locked" for a few weeks.

I have a few related questions:

a) We have a 3.1 patch (currently being tested in production) that
forces HTTP/1.1 version string for ACL-matching responses. Should we add
that and turn in on for this audit? IIRC, a few test cases fail because
Squid does not claim to be HTTP/1.1 compliant and that would allow us to
pass those.

b) We can (and may even have to) write a patch to force HTTP/1.1 version
string for ACL-matching requests. Should we write and enable that as
well for this audit? Same rationale as in (a).

c) Co-Advisor currently only tests MUST-level requirements. Old Robert's
checklist contained some SHOULD-level requirements as well. I see that
Sheet1 on the spreadsheet has SHOULDs. Are we kind of ignoring them (and
Sheet1) for now, until all MUSTs on Sheet2 are satisfied?

d) I do not know who created the spreadsheet. Whoever it was, thank you!
Is there a script that takes Co-Advisor results and produces a
spreadsheet column for cut-and-pasting?

Thank you,

Alex.
Received on Thu Jan 28 2010 - 05:49:40 MST

This archive was generated by hypermail 2.2.0 : Thu Jan 28 2010 - 12:00:07 MST