Marcus Kool <marcus.kool_at_urlfilterdb.com> writes:
> The story about Squid and HTTP 1.1 is long...
Holy cow, it would have to be. Squid is barely even older than HTTP 1.1.
> To get your LiveUpdate working ASAP you might want to
> fiddle with the firewall rules and to NOT redirect
> port 80 traffic of Symantec servers to Squid, but
> simply let the traffic pass.
*Groan*. Yeah, okay, I will look into that.
Off the top of my head, I don't actually know HOW to exclude certain
traffic from prerouting that would otherwise match the rule. (Does
REJECT even make sense in the context of the nat table?) I'll have to
look that up, I guess. I've been writing firewall rulesets long
enough to remember the transition from IP Chains to IP Tables, but
this is not something that has ever come up. But the documentation
presumably covers it...
Gavin McCullagh <gavin.mccullagh_at_gcd.ie> writes:
> I hadn't realised the lack of HTTP/1.1 in squid would break websites.
Amos Jeffries <squid3_at_treenet.co.nz> writes:
> Part of the HTTP/1.1 spec requires that HTTP/1.0 visitors be accepted
It's a change in the client, not the server, that's triggering the problem.
The LU client refuses to work with a server that doesn't return
HTTP/1.1. "No valid LiveUpdate server was found", because a server
that returns an HTTP/1.0 response is not a valid LiveUpdate server.
This is supposed to be a security feature. I'm not sure I understand
what kind of security it adds, but I don't know enough about the issue
to argue that with the Norton people.
-- $\=$/;$=+=$^F**$^F;$:=chr$=;s;; ############################### Visit: http://galionlibrary.com ;;($_)=map{$_}reverse split/\// ;s!(?=[.])!$:gmail!;print if$=;Received on Thu Mar 26 2009 - 15:46:31 MDT
This archive was generated by hypermail 2.2.0 : Fri Mar 27 2009 - 12:00:02 MDT