On Wed, 14 Apr 2010 18:10:04 +0100, "Niall O'Cuilinn" <nocuil...@amdocs.com> wrote: > Hi > > I had a look at the null-body values. They correctly match the length of > the HTTP 302 response headers block. The extra two bytes is an extra line > return. You can see that after the last header there are three '\r\n' line > returns. I tried removing one of them but the result was the same. > > I also turned on more detailed debug logging and found this in the > cache.log: > > ---------- > 2010/04/14 17:03:05.494| HttpReply::sanityCheckStartLine: missing or > invalid status number in 'HTTP/1.x 302 Found > content-type: text/html > location: > https://localhost:8443/mib/authentication/checkCookie?backURL=http%3A%2F%2Fc.proxy.com%2Fwww.google.ie > > ' > --------- > > I changed the ICAP Server to return 'HTTP/1.0' instead of 'HTTP/1.x' and > now it is working. > > This worked using 'HTTP/1.x' on Squid 3.0. The version I'm using is > Squid3.1.1 > > Thanks > Niall
Looks like your previous version of 3.0 was vulnerable to CVE2009-2622. Squid-3.1.1 is fixed. Amos
