On 06/04/11 10:41, Alex Rousskov wrote:
> Hello,
>
> ICAP prohibits forwarding of hop-by-hop headers in HTTP headers. If
> the virgin request has a "Transfer-Encoding: chunked" header, the ICAP
> server will not receive it. Thus, when the ICAP server responds with a
> 200 OK and what it thinks is an identical copy of the HTTP request, the
> adapted request will be missing the Transfer-Encoding header.
>
> One the server side, Squid used to test whether the request had a
> Transfer-Encoding header to determine whether request chunking is needed
> when talking to the next HTTP hop. That test would fail in ICAP presence.
>
> This change implements a more direct/robust check: if we do not know the
> request content length, we chunk the request.
>
> We also no longer forward the Content-Length header if we are chunking.
> It should not really be there in most cases, but an explicit check is
> safer and may also prevent request smuggling attacks via Connection:
> Content-Length tricks.
>
> This fix has been tested in a production environment.
>
>
> Thank you,
>
> Alex.
+1.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.12 Beta testers wanted for 3.2.0.6Received on Wed Apr 06 2011 - 12:23:09 MDT
This archive was generated by hypermail 2.2.0 : Wed Apr 06 2011 - 12:00:15 MDT