On Tue, Dec 31, 2013 at 02:04:02PM +0800, Delta Yeh wrote: > Hi Lukas, > I know the response is crappy like Baptiste said. > But as a reverse proxy, nginx works OK for this website, it would be > better if haproxy also works for such website. > > The debug output of wget is:
Could you please provide a PCAP output instead ? Your copy-paste is clearly missing some parts. The fact that some "headers" are left in the body should not block anything, they will just be delivered as a body to the client. So there's something else. Also, the fact that proxy X or browser Y accepts to deliver non-compliant contents isn't a good sign in general, it often means that it's vulnerable to security issues. Just like haproxy when you enable option "accept-invalid-http-responses". If someone told me that haproxy works with this option and squid does not, I would not consider it squid's fault. And as Lukas said, please check with Fortinet's support, this bug seems so huge that it there's obviously a fix already. Best regards, Willy
