On Wed, 02 Mar 2011 10:27:59 -0300, Leonardo Rodrigues wrote:
Hi,
I have a squid 2.7 stable9 running and i'm having problems with
some softwares that i'm required to use by the brazilian government.
They generate HTTP connections, which are transparently intercepted
(linux box) and directed to squid. I have enabled a full debug
(ALL,9)
and captured the connection, but i really cant understand what's
wrong
and, if it's something squid related, what can i do to workaround it.
The only interesting thing is that it seems to be triggering an
ERR_INVALID_REQ error ...
would you mind helping me analyze the following connection log,
generated with ALL,9 ?
is the connection really HTTP/1.0 or HTTP/1.1 invalid ? is there
something i can tweak on squid to get this working ? bypassing these
connections and getting them to go on NAT instead of transparent
proxy
would be the only solution here ?
In the Log I spy "411 Length Required" being the status.
For a POST with no content-length header this is invalid according to
HTTP/1.0 and extremely dangerous to permit.
HTTP/1.1 chunking makes this okay, I see the client has attempted to do
that. Unfortunately squid-2.7 is HTTP/1.0 with basic support for a few
1.1 features and only really supports chunking on GET.
You could try altering the client app, so that it uses a HTTP/1.0
compliant request without chunking its POSTs. Or upgrading to
squid-3.1.10 or later.
Amos
