On Tue, 29 Mar 2005, Tracey, Michael wrote:
> I've got a site that is required in our business flow that I can not change:
>
> HTTP/1.1 200 OK
> Server: Microsoft-IIS/5.0
> Date: Tue, 29 Mar 2005 19:15:38 GMT
> Content-type: image/jpeg
> Content-length: 38233
> Cache-Control: no-cache
> Pragma: no-cache
> Expires: 0
> Content-Length: 39145
>
> Squid chokes on the two Content-Length headers:
>
> 2005/03/29 14:18:20| ctx: enter level 0: 'http://url/'
> 2005/03/29 14:18:20| WARNING: found two conflicting content-length headers
> 2005/03/29 14:18:20| ctx: exit level 0
>
> Any way that I can get squid allow access to content with two Content-Length
> headers?
Have been pondering about this problem for a while and came up with the
attached patch as a possible solution. This patch cleans up the "bad"
content-length headers when relaxed_header_parser is enabled (on/warn
setting, default is on).
I have also considered making yet another access lists for this but in the
end decided not to (both more complex to implement and hard to configure
right).
The effects of the patch has not yet been fully evaluated to make sure it
doesn't open opportunities for launching the response splitting or request
hiding families of attacks on Squid but from an quick evaluation it
looks safe.
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Wed Jun 01 2005 - 12:00:03 MDT