RE: [squid-users] Zero Sized Reply

Yes, and I couldn't agree with you more. Thanks for digging up the
reference URL, Henrik.

BTW, there was a Cisco PIX in front of the squid box. Now I'm sure that it
was that damn pix that was screwing up my headers, because on my other
network it works just fine (squid 2.4-STABLE6). Maybe this information
should be noted in the FAQ (for future ref):

Some firewalls (eg Cisco PIX) allow HTTP filtering based on contents of
packets. However, such firewalls may require that the Host: header of a
request be in the first packet of a request. Currently, squid rewrites
client headers with the result that the Host: header is moved towards the
end of the headers. If the request headers span more than a packet
(eg, Yahoo/Hotmail requests use large cookies), this may result in the Host:
header moving to the second or later packets. In such a case, the firewall
may terminate the TCP session, causing a ZSR to be returned to the client.
Patch added to Squid-2.5.
http://www.squid-cache.org/bugs/show_bug.cgi?id=699

Again, thank you everybody for your help!

Regards,
Trevor.

-----Original Message-----
From: Henrik Nordstrom [mailto:hno@squid-cache.org]
Sent: Tuesday, December 09, 2003 4:06 PM
To: Trevor
Cc: squid-users@squid-cache.org
Subject: RE: [squid-users] Zero Sized Reply

What this page refer to is the Host header rearrangement done by
squid-2.5.STABLE3 and earlier and which was found to cause some broken web
servers / firewalls to break in different manners. More information on
this issue can be found from the Squid-2.5 bugs page
<url:http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE3-host
header>

Please note that this is not a Squid bug but yet anoter case of broken
firewalls which should be thrown out with yesterdays garbage (or at least
the failing function should be immediately disabled). It is truly amasing
to see such critical bugs in high profile web site implementations, and
even more amasing there apparently is vendors who dare to sell such
equipment/software claiming it works fine for such use.... but I guess the
high profile web sites trusts big vendors to make correct solutions and
don't even bother to verify the functionality before going into
production.

Regards
Henrik

On Tue, 9 Dec 2003, Trevor wrote:

> From the MIS-Helpdesk Site: "A zero sized reply can be returned for sites
> that have complex urls or require the use of cookies (Eg. hotmail and
yahoo
> webmail sites). In order to prevent this from occurring a new version of
> squid will have to be installed which has a patch to alter the requests
> squid makes."

zero sized reply
Received on Tue Dec 09 2003 - 16:20:05 MST