On 12/06/2013 8:12 a.m., Sean Boran wrote:
> As regards the original post of this thread, after upgrading v3.3.5,
> my "zero byte" problems have evaporated.
Great news :-)
>
> As regards forwarded_for, I also had it off. However by enabling it
> one allows internal addresses to be visible. See:
> http://www.squid-cache.org/Doc/config/forwarded_for/
> This opens privacy/tracking issues for me. I think it should be left
> off, or as suggested below, somehow enabled only for specific sites
> you really need.
>
> I don't see what forwarded_for had to do with "zero byte" problems through :-)
It commonly only contains a single IPv4 address. Some web services
assume that the IPv4-only usage of the header is the *only* possible way
to use it and will crash when they see the modern IPv6 values, multiple
IP addresses, or even the "unknown" anonymous proxy token. Web server
crash results in zero byte response" messages out of Squid.
The "unknown" token is set by the Squid directive being OFF (for
anonymous proxy usage). You can achieve almost the same thing with
"delete". Websites not being ready for IPv6 values have some excuse
since that is only been used for 6 years, but "unknown" value has been
in active use on many networks sine the very beginning of that headers
existence. Downright sloppy coding to omit that.
Amos
Received on Wed Jun 12 2013 - 07:17:49 MDT
This archive was generated by hypermail 2.2.0 : Wed Jun 12 2013 - 12:00:17 MDT