Re: [squid-users] Strange HTTP Header causing error message from squid to user
On Tue, 8 Mar 2005, Mark Wiater wrote: So this is safe? Has anyone looked into the security aspects of very badly implemented HTTP Headers (and their Servers)? I have tried to analyze the impacts of each workaround implemented, but recommends "relaxed_header_parser off" for the security minded even if this makes a large number of web sites inaccessible, especially so if you are in a cache hierarchy with other proxy brands or versions. Regards Henrik
Re: [squid-users] Strange HTTP Header causing error message from squid to user
On Tue, 2005-03-08 at 13:17 +1300, Reuben Farrelly wrote: > I'll put a request in Fedora Core bugzilla, for the maintainer to > upgrade the package to -STABLE9.. > > reuben Wow. thanks. So this is safe? Has anyone looked into the security aspects of very badly implemented HTTP Headers (and their Servers)?
Re: [squid-users] Strange HTTP Header causing error message from squid to user
Hi, Henrik Nordstrom wrote: On Tue, 8 Mar 2005, Henrik Nordstrom wrote: On Mon, 7 Mar 2005, Mark Wiater wrote: What version of squid are you using? (squid -v) 2.5 stable8, it's an rpm package for Fedora Core 3. squid-2.5.STABLE8-1.FC3.1 Upgrading to 2.5.STABLE9 helps some as the parser was relaxed a bit more there by default, but no guarantees as the server you asked on is quite broken... Just verified and Squid-2.5.STABLE9 accepts this response in it's default settings. Regards Henrik I'll put a request in Fedora Core bugzilla, for the maintainer to upgrade the package to -STABLE9.. reuben
Re: [squid-users] Strange HTTP Header causing error message from squid to user
On Tue, 8 Mar 2005, Henrik Nordstrom wrote: On Mon, 7 Mar 2005, Mark Wiater wrote: What version of squid are you using? (squid -v) 2.5 stable8, it's an rpm package for Fedora Core 3. squid-2.5.STABLE8-1.FC3.1 Upgrading to 2.5.STABLE9 helps some as the parser was relaxed a bit more there by default, but no guarantees as the server you asked on is quite broken... Just verified and Squid-2.5.STABLE9 accepts this response in it's default settings. Regards Henrik
Re: [squid-users] Strange HTTP Header causing error message from squid to user
On Mon, 7 Mar 2005, Mark Wiater wrote: What version of squid are you using? (squid -v) 2.5 stable8, it's an rpm package for Fedora Core 3. squid-2.5.STABLE8-1.FC3.1 Upgrading to 2.5.STABLE9 helps some as the parser was relaxed a bit more there by default, but no guarantees as the server you asked on is quite broken... Regards Henrik
Re: [squid-users] Strange HTTP Header causing error message from squid to user
On Tue, 2005-03-08 at 10:42 +1300, Reuben Farrelly wrote: > If it has a malformed Date, Server and Connection header, then it is > very very broken, and likely makes no sense to squid. It probably makes > no sense to your browser either, but it likely just ignores it. You're > really asking "why does something which is obviously broken not work?" ;-) > Afraid of that. I guess I knew I was asking whether that was malformed or not. > Can you tell us what the URL is? I would have included it in the original post, but needed to check on the answer to that question myself. http://survey2.opinionresearch.com/surveys/1417506start.htm? _s=34732ENG-410215 I used both ethereal and liveheaders in firefox to determine what was in the http headers. > Have you specified the relaxed_header_parser directive in your > squid.conf, and if so, what is it set to? There is an explanation about > this in your squid.conf. > I have not. There is not such directive in my squid.conf. > What version of squid are you using? (squid -v) 2.5 stable8, it's an rpm package for Fedora Core 3. squid-2.5.STABLE8-1.FC3.1 > > I know, heaps of questions, but this is coming up as a daily question on > this mailing list... > > Reuben Thanks mark
Re: [squid-users] Strange HTTP Header causing error message from squid to user
Hi, Mark Wiater wrote: Hi, One of my users is getting an error message when accessing a page through Squid but the page loads fine in Firefox, IE & Netscape directly. The headers that the HTTP server is returning look odd to me. First, the Date: field has two dates on the same line, comma separated. Same thing for the Server line. Microsoft-IIS/5.0, Results CASI Net The Connection: header also has close, close And finally, there are two distinct HTTP header lines. The first is the first line in the data section of the IP packet, HTTP/1.x 200 OK. The second comes after the close, the 6th line, and is: HTTP/1.1: 200 OK. Any ideas why Squid is detecting an error while browsers render the page? If it has a malformed Date, Server and Connection header, then it is very very broken, and likely makes no sense to squid. It probably makes no sense to your browser either, but it likely just ignores it. You're really asking "why does something which is obviously broken not work?" ;-) Can you tell us what the URL is? Have you specified the relaxed_header_parser directive in your squid.conf, and if so, what is it set to? There is an explanation about this in your squid.conf. What version of squid are you using? (squid -v) I know, heaps of questions, but this is coming up as a daily question on this mailing list... Reuben
[squid-users] Strange HTTP Header causing error message from squid to user
Hi, One of my users is getting an error message when accessing a page through Squid but the page loads fine in Firefox, IE & Netscape directly. The headers that the HTTP server is returning look odd to me. First, the Date: field has two dates on the same line, comma separated. Same thing for the Server line. Microsoft-IIS/5.0, Results CASI Net The Connection: header also has close, close And finally, there are two distinct HTTP header lines. The first is the first line in the data section of the IP packet, HTTP/1.x 200 OK. The second comes after the close, the 6th line, and is: HTTP/1.1: 200 OK. Any ideas why Squid is detecting an error while browsers render the page? Thanks -- Mark signature.asc Description: This is a digitally signed message part