On 2024-04-01 23:03, root@xxxxxxxxxx wrote:
after an upgrade from squid 5.4.1 to squid 5.9, unable to parse HTTP chunked response containing whitespace after chunk size.
I could be wrong, but Can you please advise me know if there is a way or patch to fix this issue.
The sender of these malformed chunks is at fault. If you can reach out to them, they may be able to upgrade or fix their software.
Senders with similar behavior were used for attacks on clients or network infrastructure. Squid cannot tell whether an attack is going on and, hence, rejects traffic with such serious message framing-related violations. This is the right default that will never change.
It is, of course, possible to modify Squid code to resume accepting this dangerous whitespace again. However, such changes will not be officially accepted, and running your Squid with such changes does elevate security risks of your Squid deployment or those around it. FWIW, we work in the background to better address this issue, but we are currently too busy with more important Squid problems to make good progress with that work.
Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx https://lists.squid-cache.org/listinfo/squid-users
