Amos Jeffries wrote:
So of course the problem is proventia corrupting the HTTP headers and
we will raise an issue about that with IBM.
But for the time being: is there a chance to make squid more
"tolerant" about those kind of problems? Without surprize I did not
find any fitting config options :-)
Not nearly as easy as it will be for IBM to issue a fix for it. Or even
to replace the box with free software that works well.
Hehe, sure, no objections, it is just the world being far from perfect :-)
Not also without opening some potential data-injection and cache
poisoning flaws into Squid.
Consider what happens with:
HTTP/1.1 200 OK
Bwahaha: "
Cache-Control: private
...something you really did not want public...
.
vs:
HTTP/1.1 200 OK
Content-Type: "fu
bar: tender: and: wine"
Cache-Control: private
Hmm, reading the specs for HTTP message headers [1] I think this could
be done without imposing security issues. As per specification your last
example would read correctly:
-------CUT-------
HTTP/1.1 200 OK
Content-Type: "fu
bar: tender: and: wine"
Cache-Control: private
-------CUT-------
note the leading whitespace.
[1] http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2
--
Udo Rader, CTO
http://www.bestsolution.at
http://riaschissl.blogspot.com
