Re: [squid-users] Re: Problem with unparseable HTTP header field
* Henrik Nordstrom [EMAIL PROTECTED]: I just hope this won't open up for any of the malicious shit the change in 2.5.STABLE8 was designed to prevent in the first place.. It is a very thin balance between what can be considered harmless crap and what may be odd result due to malicious intent. So, will (if all is well) the patch go into new versions? -- Ralf Hildebrandt (i.A. des IT-Zentrum) [EMAIL PROTECTED] Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155 Gemeinsame Einrichtung von FU- und HU-BerlinFax. +49 (0)30-450 570-962 IT-Zentrum Standort CBF send no mail to [EMAIL PROTECTED]
Re: [squid-users] Re: Problem with unparseable HTTP header field
On Sun, 20 Feb 2005, Ralf Hildebrandt wrote: * Henrik Nordstrom [EMAIL PROTECTED]: I just hope this won't open up for any of the malicious shit the change in 2.5.STABLE8 was designed to prevent in the first place.. It is a very thin balance between what can be considered harmless crap and what may be odd result due to malicious intent. So, will (if all is well) the patch go into new versions? It already is in 2.5.STABLE9-RC1... http://www.squid-cache.org/Versions/v2/2.5/bugs/ Regards Henrik
Re: [squid-users] Re: Problem with unparseable HTTP header field
* M A Young [EMAIL PROTECTED]: before the contents of the web page. If you fetch that page by hand (eg. with wget -S) you can see the HTTP headers 1 HTTP/1.0 200 OK 2 Server: Microsoft-IIS/3.0 3 Date: Fri, 18 Feb 2005 19:54:50 GMT 4 HTTP/1.1 200 OK 5 content-type: text/html 6 content-length: 2617 7 Connection: Keep-Alive which is difficult to make sense of if you actually try to understand it; is the answer HTTP/1.1 or HTTP/1.0? I was able to reproduce that. So the server sends TWO HTTP headers? First the HTTP/1.0 header in line 1 and then HTTP/1.1 on line 4? Am I getting this right? Who codes this shit? -- Ralf Hildebrandt (i.A. des IT-Zentrum) [EMAIL PROTECTED] Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155 Gemeinsame Einrichtung von FU- und HU-BerlinFax. +49 (0)30-450 570-962 IT-Zentrum Standort CBF send no mail to [EMAIL PROTECTED]
Re: [squid-users] Re: Problem with unparseable HTTP header field
* Henrik Nordstrom [EMAIL PROTECTED]: And it gets even more interesting if the status codes differs.. Best action is to annoy the server operator to convince them to fix their quite broken server. And the workaround, because It works for everybody, why not for you? (you know how users can be?) -- Ralf Hildebrandt (i.A. des IT-Zentrum) [EMAIL PROTECTED] Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155 Gemeinsame Einrichtung von FU- und HU-BerlinFax. +49 (0)30-450 570-962 IT-Zentrum Standort CBF send no mail to [EMAIL PROTECTED]
Re: [squid-users] Re: Problem with unparseable HTTP header field
* M A Young [EMAIL PROTECTED]: See bug 1242 http://www.squid-cache.org/bugs/show_bug.cgi?id=1242 Just to understand the patch in the bug report correctly: If relaxed_header_parser in on (which is the default setting) NOTICE: unparseable HTTP header field near... is written to the log and squid continues? I got the debian sources, applied the patch, rebuild the package and installed it. I wonder if that webpage works now... -- Ralf Hildebrandt (i.A. des IT-Zentrum) [EMAIL PROTECTED] Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155 Gemeinsame Einrichtung von FU- und HU-BerlinFax. +49 (0)30-450 570-962 IT-Zentrum Standort CBF send no mail to [EMAIL PROTECTED]
Re: [squid-users] Re: Problem with unparseable HTTP header field
* Ralf Hildebrandt [EMAIL PROTECTED]: * Henrik Nordstrom [EMAIL PROTECTED]: And it gets even more interesting if the status codes differs.. Best action is to annoy the server operator to convince them to fix their quite broken server. And the workaround, because It works for everybody, why not for you? (you know how users can be?) After I applied the patch it seems to work: $ wget -S http://www.abstractserver.de/bin46/da2005/avi/e/avicgi.exe --18:07:33-- http://www.abstractserver.de/bin46/da2005/avi/e/avicgi.exe = avicgi.exe' Resolving realproxy.charite.de... 192.168.220.204 Connecting to realproxy.charite.de[192.168.220.204]:888... connected. Proxy request sent, awaiting response... 1 HTTP/1.0 200 OK 2 Server: Microsoft-IIS/3.0 3 Date: Sat, 19 Feb 2005 16:54:52 GMT 4 Content-Type: text/html 5 Content-Length: 2617 6 X-Cache: MISS from spiderboy.charite.de 7 X-Cache-Lookup: MISS from spiderboy.charite.de:888 8 Proxy-Connection: close :) -- Ralf Hildebrandt (i.A. des IT-Zentrum) [EMAIL PROTECTED] Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155 Gemeinsame Einrichtung von FU- und HU-BerlinFax. +49 (0)30-450 570-962 IT-Zentrum Standort CBF send no mail to [EMAIL PROTECTED]
Re: [squid-users] Re: Problem with unparseable HTTP header field
On Sat, 19 Feb 2005, Ralf Hildebrandt wrote: Just to understand the patch in the bug report correctly: If relaxed_header_parser in on (which is the default setting) NOTICE: unparseable HTTP header field near... is written to the log and squid continues? This is the general idea yes. I just hope this won't open up for any of the malicious shit the change in 2.5.STABLE8 was designed to prevent in the first place.. It is a very thin balance between what can be considered harmless crap and what may be odd result due to malicious intent. Regards Henrik
Re: [squid-users] Re: Problem with unparseable HTTP header field
* Henrik Nordstrom [EMAIL PROTECTED]: This is the general idea yes. Good. I just hope this won't open up for any of the malicious shit the change in 2.5.STABLE8 was designed to prevent in the first place.. It is a very thin balance between what can be considered harmless crap and what may be odd result due to malicious intent. Oh, I wasn't aware that this could be used to exploit clients... -- Ralf Hildebrandt (i.A. des IT-Zentrum) [EMAIL PROTECTED] Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155 Gemeinsame Einrichtung von FU- und HU-BerlinFax. +49 (0)30-450 570-962 IT-Zentrum Standort CBF send no mail to [EMAIL PROTECTED]
[squid-users] Re: Problem with unparseable HTTP header field
On Fri, 18 Feb 2005, Ralf Hildebrandt wrote: When I surf to http://www.abstractserver.de/da2005/avi/e/Abs_revi.htm and enter any number/character and click Submit my query, I get an error page (Invalid Response The HTTP Response message received from the contacted server could not be understood or was otherwise malformed. See bug 1242 http://www.squid-cache.org/bugs/show_bug.cgi?id=1242 The issue is that with 2.5S8 (or well patched 2.5S7) squid has become less tolerant of illegal behaviour from web servers in the headers they serve before the contents of the web page. If you fetch that page by hand (eg. with wget -S) you can see the HTTP headers 1 HTTP/1.0 200 OK 2 Server: Microsoft-IIS/3.0 3 Date: Fri, 18 Feb 2005 19:54:50 GMT 4 HTTP/1.1 200 OK 5 content-type: text/html 6 content-length: 2617 7 Connection: Keep-Alive which is difficult to make sense of if you actually try to understand it; is the answer HTTP/1.1 or HTTP/1.0? Michael Young
