Re: [squid-users] NONE/411 Length Required
tor 2009-06-18 klockan 10:20 +1000 skrev Mark Nottingham: because the request method is POST. However, the request headers don't have Transfer-Encoding... What am I missing? I know Bijayant is using Squid-3, but I'm observing the same behaviour in my build of 2... I don't. POST without Content-Length gets forwarded just fine here using Squid-2.HEAD but not 2.7. That change sneaked in as part of the unknown methods patch by Benno.. I have now backported this change to 2.7 as well. Regards Henrik
Re: [squid-users] NONE/411 Length Required
On 06/17/2009 12:00 AM, Mark Nottingham wrote: [ moving to squid-dev ] From what I can see, the site is using JavaScript to do autocomplete on a search field. The autocomplete requests use POST, but without a body. With Firefox, this results in a POST request without a body; i.e., it doesn't have transfer-encoding *or* content-length. Such a POST request is legal (although atypical; Safari and I think others will include a Content-Length: 0 to signal no body explicitly). See http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-06#section-4.3. I think the right thing to do here is for Squid to only 411 when there's a transfer-encoding present; if there's no content-length, it's safe to assume 0 length. Would the assume 0 length approach make request smuggling attacks easier? Perhaps we should add Content-Length: 0 to the request then? Alex.
Re: [squid-users] NONE/411 Length Required
Yeah, saw that --- but I observed the same behaviour in 2, and can't figure out why (from a quick look, at least). Cheers, On 18/06/2009, at 2:19 PM, Amos Jeffries wrote: On Thu, 18 Jun 2009 10:20:09 +1000, Mark Nottingham m...@yahoo-inc.com wrote: Weird. The code that I'm assuming generates the 411 is (squid2-HEAD): Reporter is using 3.0. The header parse and validation code is similar only regarding flow and design. Particular lines and if-else are very different in spots between each of the 3 current release of Squid. if (!clientCheckContentLength(request) || httpHeaderHas(request- header, HDR_TRANSFER_ENCODING)) { err = errorCon(ERR_INVALID_REQ, HTTP_LENGTH_REQUIRED, request); http-al.http.code = err-http_status; http-log_type = LOG_TCP_DENIED; http-entry = clientCreateStoreEntry(http, request-method, null_request_flags); errorAppendEntry(http-entry, err); return -1; } but clientCheckContentLength doesn't look like it's triggering it: static int clientCheckContentLength(request_t * r) { switch (r-method-code) { case METHOD_GET: case METHOD_HEAD: /* We do not want to see a request entity on GET/HEAD requests */ return (r-content_length = 0 || Config.onoff.request_entities); default: /* For other types of requests we don't care */ return 1; } /* NOT REACHED */ } because the request method is POST. However, the request headers don't have Transfer-Encoding... What am I missing? I know Bijayant is using Squid-3, but I'm observing the same behaviour in my build of 2... On 17/06/2009, at 4:00 PM, Mark Nottingham wrote: [ moving to squid-dev ] From what I can see, the site is using JavaScript to do autocomplete on a search field. The autocomplete requests use POST, but without a body. With Firefox, this results in a POST request without a body; i.e., it doesn't have transfer-encoding *or* content-length. Such a POST request is legal (although atypical; Safari and I think others will include a Content-Length: 0 to signal no body explicitly). See http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-06#section-4.3 . I think the right thing to do here is for Squid to only 411 when there's a transfer-encoding present; if there's no content-length, it's safe to assume 0 length. Cheers, On 17/06/2009, at 2:07 PM, Bijayant Kumar wrote: Bijayant Kumar --- On Mon, 15/6/09, Bijayant Kumar bijayan...@yahoo.com wrote: From: Bijayant Kumar bijayan...@yahoo.com Subject: Re: [squid-users] NONE/411 Length Required To: squid users squid-us...@squid-cache.org Date: Monday, 15 June, 2009, 6:48 PM --- On Mon, 15/6/09, Amos Jeffries squ...@treenet.co.nz wrote: From: Amos Jeffries squ...@treenet.co.nz Subject: Re: [squid-users] NONE/411 Length Required To: Bijayant Kumar bijayan...@yahoo.com Cc: squid users squid-us...@squid-cache.org Date: Monday, 15 June, 2009, 6:06 PM Bijayant Kumar wrote: Hello list, I have Squid version 3.0.STABLE 10 installed on Gentoo linux box. All things are working fine, means caching proxying etc. There is a problem with some sites. When I am accessing one of those sites, in access.log I am getting NONE/411 3692 POST http://.justdial.com/autosuggest_category_query_main.php? - NONE/- text/html And on the webpage I am getting whole error page of squid. Actually its a search related page. In the search criteria field as soon as I am typing after two words I am getting this error. The website in a question is http://justdial.com . But it works without the Squid. I tried to capture the http headers also which are as below http://.justdial.com/autosuggest_category_query_main.php?city=Bangaloresearch=Ka POST /autosuggest_category_query_main.php?city=Bangaloresearch=Ka HTTP/1.1 Host: .justdial.com User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.16) Gecko/20080807 Firefox/2.0.0.16 Accept: text/xml,application/xml,application/xhtml+xml,text/ html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.7,hi;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://.justdial.com/ Cookie: PHPSESSID=d1d12004187d4bf1f084a1252ec46cef; __utma=79653650.2087995718.1245064656.1245064656.1245064656.1; __utmb=79653650; __utmc=79653650; __utmz=79653650.1245064656.1.1.utmccn=(direct)|utmcsr=(direct)| utmcmd=(none); CITY=Bangalore Pragma: no-cache Cache-Control: no-cache HTTP/1.x 411 Length Required Server: squid/3.0.STABLE10 Mime-Version: 1.0 Date: Mon, 15 Jun 2009 11:18:10 GMT Content-Type: text/html Content-Length: 3287 Expires: Mon, 15 Jun 2009 11:18:10 GMT X-Squid-Error: ERR_INVALID_REQ 0 X-Cache: MISS from bijayant.kavach.blr X-Cache-Lookup: NONE from bijayant.kavach.blr:3128 Via: 1.0 bijayant.kavach.blr
Re: [squid-users] NONE/411 Length Required
[ moving to squid-dev ] From what I can see, the site is using JavaScript to do autocomplete on a search field. The autocomplete requests use POST, but without a body. With Firefox, this results in a POST request without a body; i.e., it doesn't have transfer-encoding *or* content-length. Such a POST request is legal (although atypical; Safari and I think others will include a Content-Length: 0 to signal no body explicitly). See http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-06#section-4.3 . I think the right thing to do here is for Squid to only 411 when there's a transfer-encoding present; if there's no content-length, it's safe to assume 0 length. Cheers, On 17/06/2009, at 2:07 PM, Bijayant Kumar wrote: Bijayant Kumar --- On Mon, 15/6/09, Bijayant Kumar bijayan...@yahoo.com wrote: From: Bijayant Kumar bijayan...@yahoo.com Subject: Re: [squid-users] NONE/411 Length Required To: squid users squid-us...@squid-cache.org Date: Monday, 15 June, 2009, 6:48 PM --- On Mon, 15/6/09, Amos Jeffries squ...@treenet.co.nz wrote: From: Amos Jeffries squ...@treenet.co.nz Subject: Re: [squid-users] NONE/411 Length Required To: Bijayant Kumar bijayan...@yahoo.com Cc: squid users squid-us...@squid-cache.org Date: Monday, 15 June, 2009, 6:06 PM Bijayant Kumar wrote: Hello list, I have Squid version 3.0.STABLE 10 installed on Gentoo linux box. All things are working fine, means caching proxying etc. There is a problem with some sites. When I am accessing one of those sites, in access.log I am getting NONE/411 3692 POST http://.justdial.com/autosuggest_category_query_main.php? - NONE/- text/html And on the webpage I am getting whole error page of squid. Actually its a search related page. In the search criteria field as soon as I am typing after two words I am getting this error. The website in a question is http://justdial.com . But it works without the Squid. I tried to capture the http headers also which are as below http://.justdial.com/autosuggest_category_query_main.php?city=Bangaloresearch=Ka POST /autosuggest_category_query_main.php?city=Bangaloresearch=Ka HTTP/1.1 Host: .justdial.com User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.16) Gecko/20080807 Firefox/2.0.0.16 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/ plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.7,hi;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://.justdial.com/ Cookie: PHPSESSID=d1d12004187d4bf1f084a1252ec46cef; __utma=79653650.2087995718.1245064656.1245064656.1245064656.1; __utmb=79653650; __utmc=79653650; __utmz=79653650.1245064656.1.1.utmccn=(direct)|utmcsr=(direct)| utmcmd=(none); CITY=Bangalore Pragma: no-cache Cache-Control: no-cache HTTP/1.x 411 Length Required Server: squid/3.0.STABLE10 Mime-Version: 1.0 Date: Mon, 15 Jun 2009 11:18:10 GMT Content-Type: text/html Content-Length: 3287 Expires: Mon, 15 Jun 2009 11:18:10 GMT X-Squid-Error: ERR_INVALID_REQ 0 X-Cache: MISS from bijayant.kavach.blr X-Cache-Lookup: NONE from bijayant.kavach.blr:3128 Via: 1.0 bijayant.kavach.blr (squid/3.0.STABLE10) Proxy-Connection: close Please suggest me what could be the reason and how to resolve this. Any help/pointer can be a very helpful for me. Bijayant Kumar Get your new Email address! Grab the Email name you've always wanted before someone else does! http://mail.promotions.yahoo.com/newdomains/aa/ NONE - no upstream source. 411 - Content-Length missing HTTP requires a Content-Length: header on POST requests. How to resolve this issue. Because the website is on internet and its working fine without the squid. When I am bypassing the proxy, I am not getting any type of error. Can't this website be accessed through the Squid? Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE15 Current Beta Squid 3.1.0.8 or 3.0.STABLE16-RC1 New Email addresses available on Yahoo! Get the Email name you've always wanted on the new @ymail and @rocketmail. Hurry before someone else does! http://mail.promotions.yahoo.com/newdomains/aa/ Get your new Email address! Grab the Email name you#39;ve always wanted before someone else does! http://mail.promotions.yahoo.com/newdomains/aa/ -- Mark Nottingham m...@yahoo-inc.com
Re: [squid-users] NONE/411 Length Required
Weird. The code that I'm assuming generates the 411 is (squid2-HEAD): if (!clientCheckContentLength(request) || httpHeaderHas(request- header, HDR_TRANSFER_ENCODING)) { err = errorCon(ERR_INVALID_REQ, HTTP_LENGTH_REQUIRED, request); http-al.http.code = err-http_status; http-log_type = LOG_TCP_DENIED; http-entry = clientCreateStoreEntry(http, request-method, null_request_flags); errorAppendEntry(http-entry, err); return -1; } but clientCheckContentLength doesn't look like it's triggering it: static int clientCheckContentLength(request_t * r) { switch (r-method-code) { case METHOD_GET: case METHOD_HEAD: /* We do not want to see a request entity on GET/HEAD requests */ return (r-content_length = 0 || Config.onoff.request_entities); default: /* For other types of requests we don't care */ return 1; } /* NOT REACHED */ } because the request method is POST. However, the request headers don't have Transfer-Encoding... What am I missing? I know Bijayant is using Squid-3, but I'm observing the same behaviour in my build of 2... On 17/06/2009, at 4:00 PM, Mark Nottingham wrote: [ moving to squid-dev ] From what I can see, the site is using JavaScript to do autocomplete on a search field. The autocomplete requests use POST, but without a body. With Firefox, this results in a POST request without a body; i.e., it doesn't have transfer-encoding *or* content-length. Such a POST request is legal (although atypical; Safari and I think others will include a Content-Length: 0 to signal no body explicitly). See http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-06#section-4.3 . I think the right thing to do here is for Squid to only 411 when there's a transfer-encoding present; if there's no content-length, it's safe to assume 0 length. Cheers, On 17/06/2009, at 2:07 PM, Bijayant Kumar wrote: Bijayant Kumar --- On Mon, 15/6/09, Bijayant Kumar bijayan...@yahoo.com wrote: From: Bijayant Kumar bijayan...@yahoo.com Subject: Re: [squid-users] NONE/411 Length Required To: squid users squid-us...@squid-cache.org Date: Monday, 15 June, 2009, 6:48 PM --- On Mon, 15/6/09, Amos Jeffries squ...@treenet.co.nz wrote: From: Amos Jeffries squ...@treenet.co.nz Subject: Re: [squid-users] NONE/411 Length Required To: Bijayant Kumar bijayan...@yahoo.com Cc: squid users squid-us...@squid-cache.org Date: Monday, 15 June, 2009, 6:06 PM Bijayant Kumar wrote: Hello list, I have Squid version 3.0.STABLE 10 installed on Gentoo linux box. All things are working fine, means caching proxying etc. There is a problem with some sites. When I am accessing one of those sites, in access.log I am getting NONE/411 3692 POST http://.justdial.com/autosuggest_category_query_main.php? - NONE/- text/html And on the webpage I am getting whole error page of squid. Actually its a search related page. In the search criteria field as soon as I am typing after two words I am getting this error. The website in a question is http://justdial.com . But it works without the Squid. I tried to capture the http headers also which are as below http://.justdial.com/autosuggest_category_query_main.php?city=Bangaloresearch=Ka POST /autosuggest_category_query_main.php?city=Bangaloresearch=Ka HTTP/1.1 Host: .justdial.com User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.16) Gecko/20080807 Firefox/2.0.0.16 Accept: text/xml,application/xml,application/xhtml+xml,text/ html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.7,hi;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://.justdial.com/ Cookie: PHPSESSID=d1d12004187d4bf1f084a1252ec46cef; __utma=79653650.2087995718.1245064656.1245064656.1245064656.1; __utmb=79653650; __utmc=79653650; __utmz=79653650.1245064656.1.1.utmccn=(direct)|utmcsr=(direct)| utmcmd=(none); CITY=Bangalore Pragma: no-cache Cache-Control: no-cache HTTP/1.x 411 Length Required Server: squid/3.0.STABLE10 Mime-Version: 1.0 Date: Mon, 15 Jun 2009 11:18:10 GMT Content-Type: text/html Content-Length: 3287 Expires: Mon, 15 Jun 2009 11:18:10 GMT X-Squid-Error: ERR_INVALID_REQ 0 X-Cache: MISS from bijayant.kavach.blr X-Cache-Lookup: NONE from bijayant.kavach.blr:3128 Via: 1.0 bijayant.kavach.blr (squid/3.0.STABLE10) Proxy-Connection: close Please suggest me what could be the reason and how to resolve this. Any help/pointer can be a very helpful for me. Bijayant Kumar Get your new Email address! Grab the Email name you've always wanted before someone else does! http://mail.promotions.yahoo.com/newdomains/aa/ NONE - no upstream source. 411 - Content-Length missing HTTP requires a Content-Length: header on POST requests. How to resolve
Re: [squid-users] NONE/411 Length Required
On Thu, 18 Jun 2009 10:20:09 +1000, Mark Nottingham m...@yahoo-inc.com wrote: Weird. The code that I'm assuming generates the 411 is (squid2-HEAD): Reporter is using 3.0. The header parse and validation code is similar only regarding flow and design. Particular lines and if-else are very different in spots between each of the 3 current release of Squid. if (!clientCheckContentLength(request) || httpHeaderHas(request- header, HDR_TRANSFER_ENCODING)) { err = errorCon(ERR_INVALID_REQ, HTTP_LENGTH_REQUIRED, request); http-al.http.code = err-http_status; http-log_type = LOG_TCP_DENIED; http-entry = clientCreateStoreEntry(http, request-method, null_request_flags); errorAppendEntry(http-entry, err); return -1; } but clientCheckContentLength doesn't look like it's triggering it: static int clientCheckContentLength(request_t * r) { switch (r-method-code) { case METHOD_GET: case METHOD_HEAD: /* We do not want to see a request entity on GET/HEAD requests */ return (r-content_length = 0 || Config.onoff.request_entities); default: /* For other types of requests we don't care */ return 1; } /* NOT REACHED */ } because the request method is POST. However, the request headers don't have Transfer-Encoding... What am I missing? I know Bijayant is using Squid-3, but I'm observing the same behaviour in my build of 2... On 17/06/2009, at 4:00 PM, Mark Nottingham wrote: [ moving to squid-dev ] From what I can see, the site is using JavaScript to do autocomplete on a search field. The autocomplete requests use POST, but without a body. With Firefox, this results in a POST request without a body; i.e., it doesn't have transfer-encoding *or* content-length. Such a POST request is legal (although atypical; Safari and I think others will include a Content-Length: 0 to signal no body explicitly). See http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-06#section-4.3 . I think the right thing to do here is for Squid to only 411 when there's a transfer-encoding present; if there's no content-length, it's safe to assume 0 length. Cheers, On 17/06/2009, at 2:07 PM, Bijayant Kumar wrote: Bijayant Kumar --- On Mon, 15/6/09, Bijayant Kumar bijayan...@yahoo.com wrote: From: Bijayant Kumar bijayan...@yahoo.com Subject: Re: [squid-users] NONE/411 Length Required To: squid users squid-us...@squid-cache.org Date: Monday, 15 June, 2009, 6:48 PM --- On Mon, 15/6/09, Amos Jeffries squ...@treenet.co.nz wrote: From: Amos Jeffries squ...@treenet.co.nz Subject: Re: [squid-users] NONE/411 Length Required To: Bijayant Kumar bijayan...@yahoo.com Cc: squid users squid-us...@squid-cache.org Date: Monday, 15 June, 2009, 6:06 PM Bijayant Kumar wrote: Hello list, I have Squid version 3.0.STABLE 10 installed on Gentoo linux box. All things are working fine, means caching proxying etc. There is a problem with some sites. When I am accessing one of those sites, in access.log I am getting NONE/411 3692 POST http://.justdial.com/autosuggest_category_query_main.php? - NONE/- text/html And on the webpage I am getting whole error page of squid. Actually its a search related page. In the search criteria field as soon as I am typing after two words I am getting this error. The website in a question is http://justdial.com . But it works without the Squid. I tried to capture the http headers also which are as below http://.justdial.com/autosuggest_category_query_main.php?city=Bangaloresearch=Ka POST /autosuggest_category_query_main.php?city=Bangaloresearch=Ka HTTP/1.1 Host: .justdial.com User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.16) Gecko/20080807 Firefox/2.0.0.16 Accept: text/xml,application/xml,application/xhtml+xml,text/ html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.7,hi;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://.justdial.com/ Cookie: PHPSESSID=d1d12004187d4bf1f084a1252ec46cef; __utma=79653650.2087995718.1245064656.1245064656.1245064656.1; __utmb=79653650; __utmc=79653650; __utmz=79653650.1245064656.1.1.utmccn=(direct)|utmcsr=(direct)| utmcmd=(none); CITY=Bangalore Pragma: no-cache Cache-Control: no-cache HTTP/1.x 411 Length Required Server: squid/3.0.STABLE10 Mime-Version: 1.0 Date: Mon, 15 Jun 2009 11:18:10 GMT Content-Type: text/html Content-Length: 3287 Expires: Mon, 15 Jun 2009 11:18:10 GMT X-Squid-Error: ERR_INVALID_REQ 0 X-Cache: MISS from bijayant.kavach.blr X-Cache-Lookup: NONE from bijayant.kavach.blr:3128 Via: 1.0 bijayant.kavach.blr (squid/3.0.STABLE10) Proxy-Connection: close Please suggest me what could be the reason and how to resolve