William K. Hardeman wrote:
I'm hoping someone can help me figure out a resolution to a problem we
are having. Preferably a Squid-based solution, although I'll take
anything that gets this working. :-)
We have 2 users who use a PDA-based application to perform safety
audits on-site. When they return to their office, they connect the PDA
to their computer, log in to the application provider's web-site with
their browser, then, using the PDA, upload the results of the audit to
the provider.
We just deployed a Squid proxy out there this past weekend, and they
cannot now upload to the provider. In investigating the problem, I
have discovered that the PDA application does not properly form the
POST urls. What the PDA sends as the POST url is on the order of
'/url/form.asp' instead of 'http://host.dom.ain/url/form.asp'.
In examining the flow of events on the wire, it looks like the reason
it works without Squid is that the HTTP packet has the host: header
properly set. It looks like Squid doesn't examine that header if there
is no hostname in the url.
Here's a tcpdump of one of the problem packets, with relevant parts
commented to protect the innocent:
POST /comm/login.asp HTTP/1.1
Content-Type: application/x-www-form-urlencoded; charset=unicode
Accept-Charset: unicode
User-Agent: CeHttp
Host: xxxxxxx.xxxxxxxxx.com
Content-Length: 34
Connection: Keep-Alive
Cache-Control: no-cache
sqsuser=xxxxxxx&sqspass=xxxxxxx
I know the most proper answer to solving this is to see if the
application provider has a fix for their broken application, but in
the meantime, I have these users constantly bothering me about not
being able to send their data. Anyone have any suggestions that could
make Squid process these urls?
Thanks,
Will
I can see two possible ways to get Squid to handle this (since is it out
of RFC spec for client-proxy communication):
1) Set Squid up as an accelerator for this domain, and use the
httpd_accel_uses_host_header directive.
2) Use redirectors on these requests (assuming Squid will pass a
non-valid request to a redirector). You can use the redirector_access
with a req_header ACL to limit which requests are passed to the redirector.
I am not sure that either method will actually work, but it would
certainly be fun to try. For what it's worth, Squid is currently an
HTTP/1.0 proxy. It's likely that fact is going to cause further grief
with this broken client.
Chris
