On Thu, 2006-10-19 at 21:42 +1000, Marcus Ogden wrote:
> Hello,
>
> A client of ours using the Squid proxy server (version
> 2.5.STABLE6-3.4E.12.1) on Red Hat Enterprise Linux 4 is experiencing a
> problem when running our .NET 2.0 client application, which communicates
> with a .NET 2.0 web service on our server.
>
> When our client application sends an HTTP 1.1 request through the Squid
> proxy to our server, it receives the error:
>
> "The server committed a protocol violation. Section=ResponseStatusLine"
>
> Other clients not using Squid are not experiencing this problem.
>
> Researching this, we've found a few posts that report similar problems
> using .NET 2.0 web services and/or the HTTP 1.1 protocol through Squid,
> e.g.
>
> http://forums.asp.net/thread/1194960.aspx
> http://groups.google.to/group/microsoft.public.dotnet.framework.remoting
> /msg/dae1a8e9eed3dcf3?dmode=source
> http://www.squid-cache.org/mail-archive/squid-users/200606/0534.html
>
> We've also tried the suggestion in
> http://forums.asp.net/thread/1284850.aspx to set the
> useUnsafeHeaderParsing property in the client .NET application's config
> file to "true", but our client reports this hasn't solved the problem.
>
> Any suggestions on how we can resolve this issue would be much
> appreciated.
The server is sending malformed HTTP headers. This could be either:
* The server is non conformant
or
* Someone is attempting an HTTP smuggling attack against your client.
For the former you can tell squid to be more relaxed about HTTP parsing
[see squid.conf.default] : this will disable the protection against HTTP
smuggling attacks though. For the latter - get a log of the traffic and
you can inspect it for validity.
-Rob
-- GPG key available at: <http://www.robertcollins.net/keys.txt>.
This archive was generated by hypermail pre-2.1.9 : Wed Nov 01 2006 - 12:00:04 MST