Re: [squid-users] Squid, Symantec LiveUpdate, and HTTP 1.1 versus HTTP 1.0

From: Marcus Kool <marcus.kool_at_urlfilterdb.com>
Date: Wed, 25 Mar 2009 17:09:15 -0300

The story about Squid and HTTP 1.1 is long...

To get your LiveUpdate working ASAP you might want to
fiddle with the firewall rules and to NOT redirect
port 80 traffic of Symantec servers to Squid, but
simply let the traffic pass.

Nathan Eady wrote:
> Okay, we've got port 80 traffic going transparently to a Squid proxy
> here, and I need to make a small configuration change, and I can't
> seem to find, either in the man pages nor on the web, the
> documentation on how to do it. It's probably one little line in
> squid.conf, but I can't find it.
>
> Here's the deal:
> When I access a site (I tested with Google as well as our own offsite
> web server) from a computer that is NOT behind the transparent squid
> proxy, issuing an HTTP/1.1 request, I get the normal expected HTTP/1.1
> response:
>
> nathan_at_externalbox$ telnet www.galionlibrary.org 80
> Trying 209.143.16.23...
> Connected to galionlibrary.org.
> Escape character is '^]'.
> GET / HTTP/1.1
> Host: www.galionlibrary.org
>
> HTTP/1.1 200 OK
> [snip the rest]
>
> However, when I do the same thing from a system that IS behind the
> proxy, I get an HTTP/1.0 response back:
> nathan_at_donalbain:~$ telnet www.galionlibrary.org 80
> Trying 209.143.16.23...
> Connected to galionlibrary.org.
> Escape character is '^]'.
> GET / HTTP/1.1
> Host: www.galionlibrary.org
>
> HTTP/1.0 200 OK
> [snip the rest]
>
> Until recently I never even noticed this, but now Symantec LiveUpdate
> is failing on all the systems behind the proxy. I posted about that
> on the Norton Community forum, umm, here:
> http://community.norton.com/norton/board/message?board.id=nis_feedback&message.id=42361
>
> The long and short of that thread is that recent updates to LU have
> caused it to no longer support HTTP 1.0. The LU servers are all HTTP
> 1.1, and now the client requires this. Our setup is not the only
> thing breaking as a result (apparently, the built-in "firewalls" on
> some home routers also have problems with it), but now that I'm aware
> Squid is doing this, it ought to be easy to make some small change in
> the configuration and get it to return HTTP 1.1 responses, at least
> when the server does -- right?
>
> But I'm coming up blank on how.
>
> One other note: the version of Squid we have, for reasons that aren't
> worth going into here, is I believe somewhat outdated (-v says
> 2.5.STABLE13). But HTTP 1.1 is certifiably older than dirt, so I'd be
> extremely amazed if the Squid that we have doesn't support it...
> We're going to update it hopefully pretty soon, but getting LiveUpdate
> working again is significantly more urgent (and, hopefully, easier;
> updating Squid in our case probably means a fresh OS install...)
>
> So where and how do I configure what Squid does with HTTP versions?
> Where is this documented?
>
> TIA,
>
> Nathan Eady
> Technology Coordinator
> Galion Public Library
>
Received on Wed Mar 25 2009 - 20:09:31 MDT

This archive was generated by hypermail 2.2.0 : Fri Mar 27 2009 - 12:00:02 MDT