On Wed, 02 Mar 2011 10:27:59 -0300, Leonardo Rodrigues wrote:
> Hi,
>
> I have a squid 2.7 stable9 running and i'm having problems with
> some softwares that i'm required to use by the brazilian government.
> They generate HTTP connections, which are transparently intercepted
> (linux box) and directed to squid. I have enabled a full debug
> (ALL,9)
> and captured the connection, but i really cant understand what's
> wrong
> and, if it's something squid related, what can i do to workaround it.
> The only interesting thing is that it seems to be triggering an
> ERR_INVALID_REQ error ...
>
> would you mind helping me analyze the following connection log,
> generated with ALL,9 ?
>
> is the connection really HTTP/1.0 or HTTP/1.1 invalid ? is there
> something i can tweak on squid to get this working ? bypassing these
> connections and getting them to go on NAT instead of transparent
> proxy
> would be the only solution here ?
In the Log I spy "411 Length Required" being the status.
For a POST with no content-length header this is invalid according to
HTTP/1.0 and extremely dangerous to permit.
HTTP/1.1 chunking makes this okay, I see the client has attempted to do
that. Unfortunately squid-2.7 is HTTP/1.0 with basic support for a few
1.1 features and only really supports chunking on GET.
You could try altering the client app, so that it uses a HTTP/1.0
compliant request without chunking its POSTs. Or upgrading to
squid-3.1.10 or later.
Amos
Received on Wed Mar 02 2011 - 21:41:07 MST
This archive was generated by hypermail 2.2.0 : Thu Mar 03 2011 - 12:00:01 MST