On 2/02/2012 10:27 p.m., Per Jessen wrote:
> Brian Andersen wrote:
>
>> Hi I have squid running on a ubuntu server with shorewall. I am using
>> the default squid config files and I have only blocked one site (which
>> isn't virk.dk). All sites works perfectly, except http://virk.dk If I
>> do not redirect my traffic through Squid it works perfectly
>>
>> Can any here please check that site (it is a public company site in
>> Denmark), and maybe enlighten me on what settings I have to change to
>> get it to work.
> It doesn't work here either - to start with, I've blacklisted it:
>
> acl virkdk dstdomain .virk.dk
> cache deny virkdk
>
> I'm not sure if that works, I'm pretty certain I see this message in the
> log on every first attempt to access http://virk.dk:
>
> Invalid chunk header '#037213#010'
>
Aha. That would be one of the problem.
I've just run a few tests.
The server seems to be very broken.
When HTTP/1.1 clients send it an invalid request (missing Host) it works
fine. WTF?
When HTTP/1.1 clients send it a valid a request it responds with
Transfer-Encoding headers stating that the response is chunked encoded
twice (two layers to decode).
BUT... the response is only chunked once.
When HTTP/1.0 clients send it any request it still responds with
Transfer-Encoding headers.
* Only one encoding is indicated, BUT HTTP/1.0 clients do not support
chunked encoding and MUST NOT be sent such headers.
* On top of that mess, the body is not actually encoded.
'GET /cms/render/live/da/sites/virk/home.html HTTP/1.0
Host: virk.dk
User-Agent: squidclient/3.3
Accept: */*
Connection: close
'
Resolving... virk.dk
Connecting... virk.dk(213.174.73.30)
Connected to: virk.dk (213.174.73.30)
HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=E2059352BD9CAA154835BE95F9597AF2; Path=/; HttpOnly
Server: Apache-Coyote/1.1
Expires: Wed, 09 May 1979 05:30:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, proxy-revalidate,
max-age=0
Pragma: no-cache
Transfer-Encoding: chunked <--- Problem #1: HTTP/1.0 client getting
chunked header.
Vary: Accept-Encoding
Date: Sat, 04 Feb 2012 00:46:04 GMT
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/html;charset=UTF-8
Connection: close
<--- Problem #2: no chunked encoding.
<!DOCTYPE html PUBLIC ...
...
'GET /cms/render/live/da/sites/virk/home.html HTTP/1.1
Host: virk.dk
User-Agent: squidclient/3.3
Accept: */*
Connection: close
'
Resolving... virk.dk
Connecting... virk.dk(213.174.73.30)
Connected to: virk.dk (213.174.73.30)
HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=53C47E3818BC600A142F935214BB8CCA; Path=/; HttpOnly
Server: Apache-Coyote/1.1
Expires: Wed, 09 May 1979 05:30:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, proxy-revalidate,
max-age=0
Pragma: no-cache
Transfer-Encoding: chunked <--- NOTE: first encoding: the body is
encoded using chunked
Vary: Accept-Encoding
Date: Sat, 04 Feb 2012 00:59:54 GMT
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked <--- NOTE: second encoding: output of the
first encoding is encoded using chunked.
<-- Problem #3: RFC 2616 requires that chunked MUST NOT have another
encoding applied on top of it (it must be the last encoding). First
encoding was chunked.
Connection: close
2000 <--- NOTE: this is what chunked encoding looks like in HTTP/1.1
<--- Problem #4: the inner layer of chunking does not exist
<!DOCTYPE html PUBLIC ...
...
Amos
Received on Sat Feb 04 2012 - 01:17:34 MST
This archive was generated by hypermail 2.2.0 : Sun Feb 05 2012 - 12:00:02 MST