On 12/06/2013 8:12 a.m., Sean Boran wrote:
As regards the original post of this thread, after upgrading v3.3.5, my "zero byte" problems have evaporated.
Great news :-)
As regards forwarded_for, I also had it off. However by enabling it one allows internal addresses to be visible. See: http://www.squid-cache.org/Doc/config/forwarded_for/ This opens privacy/tracking issues for me. I think it should be left off, or as suggested below, somehow enabled only for specific sites you really need. I don't see what forwarded_for had to do with "zero byte" problems through :-)
It commonly only contains a single IPv4 address. Some web services assume that the IPv4-only usage of the header is the *only* possible way to use it and will crash when they see the modern IPv6 values, multiple IP addresses, or even the "unknown" anonymous proxy token. Web server crash results in zero byte response" messages out of Squid.
The "unknown" token is set by the Squid directive being OFF (for anonymous proxy usage). You can achieve almost the same thing with "delete". Websites not being ready for IPv6 values have some excuse since that is only been used for 6 years, but "unknown" value has been in active use on many networks sine the very beginning of that headers existence. Downright sloppy coding to omit that.
Amos
