I have a setup with squid 5.0.4 with ICAP server handling responses. The ICAP server redirects based on some parameters of the response.
To test this setup, I use cURL like this:
curl -k -s --proxy localhost:8000 -o /dev/null -v <URL>
Now, for some URLs, cURL hangs and for others it exits after receiving the 307 response.
When it hangs, I see this as the output of cURL (I removed what seemed to me as non-related logs from the beginning):
} [5 bytes data]
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
} [1 bytes data]
> GET / HTTP/1.1
> Host: www.one.co.il
> User-Agent: curl/7.58.0
> Accept: */*
>
{ [5 bytes data]
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [217 bytes data]
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [217 bytes data]
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
{ [1 bytes data]
< HTTP/1.1 307 Temporary Redirect
< Location: <REDIRECTION-URL>
< Cache-Control: no-cache, no-store, must-revalidate
< Pragma: no-cache
< Date: Wed, 30 Dec 2020 13:58:51 GMT
< X-Cache: MISS from a0e59ea22cf8
< X-Cache-Lookup: MISS from a0e59ea22cf8:3128
< Transfer-Encoding: chunked
< Via: 1.1 a0e59ea22cf8 (squid/5.0.4)
< Connection: keep-alive
<
Using tcpdump I didn't see squid send any other ICAP requests (besides OPTIONS which the ICAP server replied to properly).
For some of the URLs where it hangs, I saw that running the same cURL command with the --compressed switch, makes cURL exit as expected:
} [5 bytes data]
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
} [1 bytes data]
> GET / HTTP/1.1
> Host: www.one.co.il
> User-Agent: curl/7.58.0
> Accept: */*
> Accept-Encoding: deflate, gzip
>
{ [5 bytes data]
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [217 bytes data]
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [217 bytes data]
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
{ [1 bytes data]
< HTTP/1.1 307 Temporary Redirect
< Location: <REDIRECTION URL>
< Cache-Control: no-cache, no-store, must-revalidate
< Pragma: no-cache
< Date: Wed, 30 Dec 2020 14:00:31 GMT
< X-Cache: MISS from a0e59ea22cf8
< X-Cache-Lookup: MISS from a0e59ea22cf8:3128
< Transfer-Encoding: chunked
< Via: 1.1 a0e59ea22cf8 (squid/5.0.4)
< Connection: keep-alive
<
{ [5 bytes data]
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
{ [1 bytes data]
* Connection #0 to host localhost left intact
When I skip the adaptation in REQMOD, I get the page and the connection is terminated.
When the ICAP works in REQMOD and redirects on the same URLs, everything seems to work properly.
What could make squid not to terminate the connection? Could it be that it still holds connection with the HTTP server?
Thanks
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
