Re: [squid-users] Squid error with "WARNING: HTTP header contains NULL characters"

 On Wed, 27 Apr 2011 12:04:23 -0500, Sam Klinger wrote:
> Steps to reproduce:
> 1. Go to
>
> http://sourceforge.net/projects/sarg/files/sarg/sarg-2.3.1/sarg-2.3.1.tar.gz/download
> 2. Attempt to download
> 3. Squid will display error page saying "The requested URL could not
> be
> retrieved" and "The HTTP Response message received from the contacted
> server could not be understood or was otherwise malformed. Please
> contact the site operator."
>
>
> cache.log contains the error below:
> 2011/04/27 11:53:25| WARNING: HTTP: Invalid Response: Bad header
> encountered from
>
> http://downloads.sourceforge.net/project/sarg/sarg/sarg-2.3.1/sarg-2.3.1.tar.gz?r=&ts=1303923196&use_mirror=cdnetworks-us-1
> AKA
>
> downloads.sourceforge.net/project/sarg/sarg/sarg-2.3.1/sarg-2.3.1.tar.gz?r=&ts=1303923196&use_mirror=cdnetworks-us-1
> 2011/04/27 11:53:25| ctx: enter level 0:
>
> 'http://downloads.sourceforge.net/project/sarg/sarg/sarg-2.3.1/sarg-2.3.1.tar.gz?r=&ts=1303923196&use_mirror=cdnetworks-us-1'
> 2011/04/27 11:53:25| WARNING: HTTP header contains NULL characters
> {Access-Control-Allow-Origin: *
> X-Powered-By: PHP/5.2.9
> Content-Disposition: attachment; filename="sarg-2.3.1.tar.gz}
> NULL
> {Access-Control-Allow-Origin: *
> X-Powered-By: PHP/5.2.9
> Content-Disposition: attachment; filename="sarg-2.3.1.tar.gz
> 2011/04/27 11:53:25| ctx: exit level 0
>
> Here is a squid -v
> Squid Cache: Version 3.1.12.1
> configure options: 'CHOST=i686-pc-linux-gnu' 'CFLAGS=-march=prescott
> -O2 -pipe -fomit-frame-pointer' 'CXXFLAGS=' '--prefix=/usr'
> '--includedir=/include' '--mandir=/share/man' '--infodir=/share/info'
> '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=/lib/squid3'
> '--disable-maintainer-mode' '--disable-dependency-tracking'
> '--disable-silent-rules' '--srcdir=.' '--datadir=/usr/share/squid3'
> '--sysconfdir=/etc/squid3' '--mandir=/usr/share/man'
> '--enable-inline'
> '--enable-async-io=8' '--with-cppunit-basedir=/usr'
> '--enable-storeio=ufs,aufs,diskd' '--enable-removal-policies=heap'
> '--enable-delay-pools' '--enable-cache-digests'
> '--enable-icap-client'
> '--enable-underscore' '--enable-follow-x-forwarded-for'
> '--enable-auth=basic,digest,ntlm,negotiate'
>
> '--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,YP,getpwnam,multi-domain-NTLM'
> '--enable-digest-auth-helpers=ldap,password'
> '--enable-negotiate-auth-helpers=squid_kerb_auth'
>
> '--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group'
> '--enable-snmp' '--enable-epoll'
> '--with-large-files--with-filedescriptors=65536' '--enable-arp-acl'
> '--enable-zph-qos' '--enable-esi' '--with-logdir=/var/log/squid3'
> '--with-pidfile=/var/run/squid3.pid' '--with-filedescriptors=65536'
> '--with-large-files' '--enable-linux-netfilter'
> '--with-default-user=proxy' --with-squid=/opt/squid-3.1.12.1
>
> Sourceforge is not the only website that does it, not all websites do
> it, but some. So far all affected websites have been affected in the
> header line "Content-Disposition".
>
> I also have wireshark captures from a machine running outside squid
> and one running inside. Any help with this issue would be
> appreciated.
> Thank you.

 Squid is doing all that is possible to be done in these circumstances.
 The HTTP headers are sent with a binary connection terminator (NULL)
 right in the middle of an ASCII-only portion of the protocol.

 The cache.log trace shows a full trace of the header block with " NULL
 " in the middle where the NULL is occuring. Do not be fooled by the
 duplicate nature of headers in that trace. That is actually what squid
 has received:

   Access-Control-Allow-Origin: *\r\n
   X-Powered-By: PHP/5.2.9\r\n
   Content-Disposition: attachment; filename="sarg-2.3.1.tar.gz\0
   Access-Control-Allow-Origin: *\r\n
   X-Powered-By: PHP/5.2.9\r\n
   Content-Disposition: attachment; filename="sarg-2.3.1.tar.gz\0

 Normally one needed only to report it to the source website that their
 server or script is broken. Nowdays you may also have to trace the whole
 relay path looking for broken content adapters.

 Amos
Received on Wed Apr 27 2011 - 23:16:39 MDT