Squid version: 2.5.12.
I have identified that the half_closed_clients setting does not apply to
connections proxied using the CONNECT method in the proxy.
I have a TCP client behind firewall that connects to a squid proxy that
it is allowed to connect to, and sends this:
CONNECT 1.2.3.4:5678 HTTP/1.0
The client gets a HTTP/1.0 200 Connection established as response. So
far so good. Writing to the remote end works just fine, and if remote
end writes something to me now, I can see that as well.
However, the problem I'm seeing deals with a "synchronous" type of
request-response protocol which uses EOF as signal that request is
complete, and a response is now expected, followed by an EOF. To send
EOF down the socket, I shutdown() the writing side of the socket, which
I expect squid also perform for the proxied connection, meaning squid
should now also shutdown() its writing side of the connection to the
remote server. The other half of the connection should still remain open
between server, squid and client.
Instead, squid will immediately close the whole connection on receiving
EOF from client, discarding any response the remote server is only now
about to construct. The sequence of calls established with trace level 9
seems to be that sslReadClient reads 0 bytes, calls comm_close and
destroys the handles right away. The remote end does get to see the
request, though, but it is not enough for me.
This problem makes squid unworkable for this type of TCP services, which
I would have imagined being quite common. The help text for
half_closed_clients setting makes no mention that it does not apply to
CONNECT requests. Did I miss something?
--
Antti Lankila
