Re: [squid-users] NONE/411 Length Required
tor 2009-06-18 klockan 10:20 +1000 skrev Mark Nottingham: because the request method is POST. However, the request headers don't have Transfer-Encoding... What am I missing? I know Bijayant is using Squid-3, but I'm observing the same behaviour in my build of 2... I don't. POST without Content-Length gets forwarded just fine here using Squid-2.HEAD but not 2.7. That change sneaked in as part of the unknown methods patch by Benno.. I have now backported this change to 2.7 as well. Regards Henrik
Re: [squid-users] NONE/411 Length Required
On 06/17/2009 12:00 AM, Mark Nottingham wrote: [ moving to squid-dev ] From what I can see, the site is using JavaScript to do autocomplete on a search field. The autocomplete requests use POST, but without a body. With Firefox, this results in a POST request without a body; i.e., it doesn't have transfer-encoding *or* content-length. Such a POST request is legal (although atypical; Safari and I think others will include a Content-Length: 0 to signal no body explicitly). See http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-06#section-4.3. I think the right thing to do here is for Squid to only 411 when there's a transfer-encoding present; if there's no content-length, it's safe to assume 0 length. Would the assume 0 length approach make request smuggling attacks easier? Perhaps we should add Content-Length: 0 to the request then? Alex.
Re: [squid-users] NONE/411 Length Required
Yeah, saw that --- but I observed the same behaviour in 2, and can't
figure out why (from a quick look, at least).
Cheers,
On 18/06/2009, at 2:19 PM, Amos Jeffries wrote:
On Thu, 18 Jun 2009 10:20:09 +1000, Mark Nottingham m...@yahoo-inc.com
wrote:
Weird. The code that I'm assuming generates the 411 is (squid2-HEAD):
Reporter is using 3.0. The header parse and validation code is
similar only
regarding flow and design.
Particular lines and if-else are very different in spots between
each of
the 3 current release of Squid.
if (!clientCheckContentLength(request) || httpHeaderHas(request-
header, HDR_TRANSFER_ENCODING)) {
err = errorCon(ERR_INVALID_REQ, HTTP_LENGTH_REQUIRED, request);
http-al.http.code = err-http_status;
http-log_type = LOG_TCP_DENIED;
http-entry = clientCreateStoreEntry(http, request-method,
null_request_flags);
errorAppendEntry(http-entry, err);
return -1;
}
but clientCheckContentLength doesn't look like it's triggering it:
static int
clientCheckContentLength(request_t * r)
{
switch (r-method-code) {
case METHOD_GET:
case METHOD_HEAD:
/* We do not want to see a request entity on GET/HEAD requests */
return (r-content_length = 0 || Config.onoff.request_entities);
default:
/* For other types of requests we don't care */
return 1;
}
/* NOT REACHED */
}
because the request method is POST. However, the request headers
don't
have Transfer-Encoding...
What am I missing? I know Bijayant is using Squid-3, but I'm
observing
the same behaviour in my build of 2...
On 17/06/2009, at 4:00 PM, Mark Nottingham wrote:
[ moving to squid-dev ]
From what I can see, the site is using JavaScript to do autocomplete
on a search field. The autocomplete requests use POST, but without a
body.
With Firefox, this results in a POST request without a body; i.e.,
it doesn't have transfer-encoding *or* content-length.
Such a POST request is legal (although atypical; Safari and I think
others will include a Content-Length: 0 to signal no body
explicitly). See
http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-06#section-4.3
.
I think the right thing to do here is for Squid to only 411 when
there's a transfer-encoding present; if there's no content-length,
it's safe to assume 0 length.
Cheers,
On 17/06/2009, at 2:07 PM, Bijayant Kumar wrote:
Bijayant Kumar
--- On Mon, 15/6/09, Bijayant Kumar bijayan...@yahoo.com wrote:
From: Bijayant Kumar bijayan...@yahoo.com
Subject: Re: [squid-users] NONE/411 Length Required
To: squid users squid-us...@squid-cache.org
Date: Monday, 15 June, 2009, 6:48 PM
--- On Mon, 15/6/09, Amos Jeffries squ...@treenet.co.nz
wrote:
From: Amos Jeffries squ...@treenet.co.nz
Subject: Re: [squid-users] NONE/411 Length Required
To: Bijayant Kumar bijayan...@yahoo.com
Cc: squid users squid-us...@squid-cache.org
Date: Monday, 15 June, 2009, 6:06 PM
Bijayant Kumar wrote:
Hello list,
I have Squid version 3.0.STABLE 10 installed on
Gentoo
linux box. All things are working fine, means caching
proxying etc. There is a problem with some sites. When
I am
accessing one of those sites, in access.log I am
getting
NONE/411 3692 POST
http://.justdial.com/autosuggest_category_query_main.php?
- NONE/- text/html
And on the webpage I am getting whole error page
of
squid. Actually its a search related page. In the
search
criteria field as soon as I am typing after two words
I am
getting this error. The website in a question is http://justdial.com
. But it works without the Squid.
I tried to capture the http headers also which
are as
below
http://.justdial.com/autosuggest_category_query_main.php?city=Bangaloresearch=Ka
POST
/autosuggest_category_query_main.php?city=Bangaloresearch=Ka
HTTP/1.1
Host: .justdial.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686;
en-US;
rv:1.8.1.16) Gecko/20080807 Firefox/2.0.0.16
Accept:
text/xml,application/xml,application/xhtml+xml,text/
html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.7,hi;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://.justdial.com/
Cookie:
PHPSESSID=d1d12004187d4bf1f084a1252ec46cef;
__utma=79653650.2087995718.1245064656.1245064656.1245064656.1;
__utmb=79653650; __utmc=79653650;
__utmz=79653650.1245064656.1.1.utmccn=(direct)|utmcsr=(direct)|
utmcmd=(none);
CITY=Bangalore
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.x 411 Length Required
Server: squid/3.0.STABLE10
Mime-Version: 1.0
Date: Mon, 15 Jun 2009 11:18:10 GMT
Content-Type: text/html
Content-Length: 3287
Expires: Mon, 15 Jun 2009 11:18:10 GMT
X-Squid-Error: ERR_INVALID_REQ 0
X-Cache: MISS from bijayant.kavach.blr
X-Cache-Lookup: NONE from
bijayant.kavach.blr:3128
Via: 1.0 bijayant.kavach.blr
Re: [squid-users] NONE/411 Length Required
[ moving to squid-dev ] From what I can see, the site is using JavaScript to do autocomplete on a search field. The autocomplete requests use POST, but without a body. With Firefox, this results in a POST request without a body; i.e., it doesn't have transfer-encoding *or* content-length. Such a POST request is legal (although atypical; Safari and I think others will include a Content-Length: 0 to signal no body explicitly). See http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-06#section-4.3 . I think the right thing to do here is for Squid to only 411 when there's a transfer-encoding present; if there's no content-length, it's safe to assume 0 length. Cheers, On 17/06/2009, at 2:07 PM, Bijayant Kumar wrote: Bijayant Kumar --- On Mon, 15/6/09, Bijayant Kumar bijayan...@yahoo.com wrote: From: Bijayant Kumar bijayan...@yahoo.com Subject: Re: [squid-users] NONE/411 Length Required To: squid users squid-us...@squid-cache.org Date: Monday, 15 June, 2009, 6:48 PM --- On Mon, 15/6/09, Amos Jeffries squ...@treenet.co.nz wrote: From: Amos Jeffries squ...@treenet.co.nz Subject: Re: [squid-users] NONE/411 Length Required To: Bijayant Kumar bijayan...@yahoo.com Cc: squid users squid-us...@squid-cache.org Date: Monday, 15 June, 2009, 6:06 PM Bijayant Kumar wrote: Hello list, I have Squid version 3.0.STABLE 10 installed on Gentoo linux box. All things are working fine, means caching proxying etc. There is a problem with some sites. When I am accessing one of those sites, in access.log I am getting NONE/411 3692 POST http://.justdial.com/autosuggest_category_query_main.php? - NONE/- text/html And on the webpage I am getting whole error page of squid. Actually its a search related page. In the search criteria field as soon as I am typing after two words I am getting this error. The website in a question is http://justdial.com . But it works without the Squid. I tried to capture the http headers also which are as below http://.justdial.com/autosuggest_category_query_main.php?city=Bangaloresearch=Ka POST /autosuggest_category_query_main.php?city=Bangaloresearch=Ka HTTP/1.1 Host: .justdial.com User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.16) Gecko/20080807 Firefox/2.0.0.16 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/ plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.7,hi;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://.justdial.com/ Cookie: PHPSESSID=d1d12004187d4bf1f084a1252ec46cef; __utma=79653650.2087995718.1245064656.1245064656.1245064656.1; __utmb=79653650; __utmc=79653650; __utmz=79653650.1245064656.1.1.utmccn=(direct)|utmcsr=(direct)| utmcmd=(none); CITY=Bangalore Pragma: no-cache Cache-Control: no-cache HTTP/1.x 411 Length Required Server: squid/3.0.STABLE10 Mime-Version: 1.0 Date: Mon, 15 Jun 2009 11:18:10 GMT Content-Type: text/html Content-Length: 3287 Expires: Mon, 15 Jun 2009 11:18:10 GMT X-Squid-Error: ERR_INVALID_REQ 0 X-Cache: MISS from bijayant.kavach.blr X-Cache-Lookup: NONE from bijayant.kavach.blr:3128 Via: 1.0 bijayant.kavach.blr (squid/3.0.STABLE10) Proxy-Connection: close Please suggest me what could be the reason and how to resolve this. Any help/pointer can be a very helpful for me. Bijayant Kumar Get your new Email address! Grab the Email name you've always wanted before someone else does! http://mail.promotions.yahoo.com/newdomains/aa/ NONE - no upstream source. 411 - Content-Length missing HTTP requires a Content-Length: header on POST requests. How to resolve this issue. Because the website is on internet and its working fine without the squid. When I am bypassing the proxy, I am not getting any type of error. Can't this website be accessed through the Squid? Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE15 Current Beta Squid 3.1.0.8 or 3.0.STABLE16-RC1 New Email addresses available on Yahoo! Get the Email name you've always wanted on the new @ymail and @rocketmail. Hurry before someone else does! http://mail.promotions.yahoo.com/newdomains/aa/ Get your new Email address! Grab the Email name you#39;ve always wanted before someone else does! http://mail.promotions.yahoo.com/newdomains/aa/ -- Mark Nottingham m...@yahoo-inc.com
Re: [squid-users] NONE/411 Length Required
Weird. The code that I'm assuming generates the 411 is (squid2-HEAD):
if (!clientCheckContentLength(request) || httpHeaderHas(request-
header, HDR_TRANSFER_ENCODING)) {
err = errorCon(ERR_INVALID_REQ, HTTP_LENGTH_REQUIRED, request);
http-al.http.code = err-http_status;
http-log_type = LOG_TCP_DENIED;
http-entry = clientCreateStoreEntry(http, request-method,
null_request_flags);
errorAppendEntry(http-entry, err);
return -1;
}
but clientCheckContentLength doesn't look like it's triggering it:
static int
clientCheckContentLength(request_t * r)
{
switch (r-method-code) {
case METHOD_GET:
case METHOD_HEAD:
/* We do not want to see a request entity on GET/HEAD requests */
return (r-content_length = 0 || Config.onoff.request_entities);
default:
/* For other types of requests we don't care */
return 1;
}
/* NOT REACHED */
}
because the request method is POST. However, the request headers don't
have Transfer-Encoding...
What am I missing? I know Bijayant is using Squid-3, but I'm observing
the same behaviour in my build of 2...
On 17/06/2009, at 4:00 PM, Mark Nottingham wrote:
[ moving to squid-dev ]
From what I can see, the site is using JavaScript to do autocomplete
on a search field. The autocomplete requests use POST, but without a
body.
With Firefox, this results in a POST request without a body; i.e.,
it doesn't have transfer-encoding *or* content-length.
Such a POST request is legal (although atypical; Safari and I think
others will include a Content-Length: 0 to signal no body
explicitly). See http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-06#section-4.3
.
I think the right thing to do here is for Squid to only 411 when
there's a transfer-encoding present; if there's no content-length,
it's safe to assume 0 length.
Cheers,
On 17/06/2009, at 2:07 PM, Bijayant Kumar wrote:
Bijayant Kumar
--- On Mon, 15/6/09, Bijayant Kumar bijayan...@yahoo.com wrote:
From: Bijayant Kumar bijayan...@yahoo.com
Subject: Re: [squid-users] NONE/411 Length Required
To: squid users squid-us...@squid-cache.org
Date: Monday, 15 June, 2009, 6:48 PM
--- On Mon, 15/6/09, Amos Jeffries squ...@treenet.co.nz
wrote:
From: Amos Jeffries squ...@treenet.co.nz
Subject: Re: [squid-users] NONE/411 Length Required
To: Bijayant Kumar bijayan...@yahoo.com
Cc: squid users squid-us...@squid-cache.org
Date: Monday, 15 June, 2009, 6:06 PM
Bijayant Kumar wrote:
Hello list,
I have Squid version 3.0.STABLE 10 installed on
Gentoo
linux box. All things are working fine, means caching
proxying etc. There is a problem with some sites. When
I am
accessing one of those sites, in access.log I am
getting
NONE/411 3692 POST http://.justdial.com/autosuggest_category_query_main.php?
- NONE/- text/html
And on the webpage I am getting whole error page
of
squid. Actually its a search related page. In the
search
criteria field as soon as I am typing after two words
I am
getting this error. The website in a question is http://justdial.com
. But it works without the Squid.
I tried to capture the http headers also which
are as
below
http://.justdial.com/autosuggest_category_query_main.php?city=Bangaloresearch=Ka
POST
/autosuggest_category_query_main.php?city=Bangaloresearch=Ka
HTTP/1.1
Host: .justdial.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686;
en-US;
rv:1.8.1.16) Gecko/20080807 Firefox/2.0.0.16
Accept:
text/xml,application/xml,application/xhtml+xml,text/
html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.7,hi;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://.justdial.com/
Cookie:
PHPSESSID=d1d12004187d4bf1f084a1252ec46cef;
__utma=79653650.2087995718.1245064656.1245064656.1245064656.1;
__utmb=79653650; __utmc=79653650;
__utmz=79653650.1245064656.1.1.utmccn=(direct)|utmcsr=(direct)|
utmcmd=(none);
CITY=Bangalore
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.x 411 Length Required
Server: squid/3.0.STABLE10
Mime-Version: 1.0
Date: Mon, 15 Jun 2009 11:18:10 GMT
Content-Type: text/html
Content-Length: 3287
Expires: Mon, 15 Jun 2009 11:18:10 GMT
X-Squid-Error: ERR_INVALID_REQ 0
X-Cache: MISS from bijayant.kavach.blr
X-Cache-Lookup: NONE from
bijayant.kavach.blr:3128
Via: 1.0 bijayant.kavach.blr
(squid/3.0.STABLE10)
Proxy-Connection: close
Please suggest me what could be the reason and
how to
resolve this. Any help/pointer can be a very helpful
for me.
Bijayant Kumar
Get your new
Email
address!
Grab the Email name you've always wanted before
someone else does!
http://mail.promotions.yahoo.com/newdomains/aa/
NONE - no upstream source.
411 - Content-Length missing
HTTP requires a Content-Length: header on POST
requests.
How to resolve
Re: [squid-users] NONE/411 Length Required
On Thu, 18 Jun 2009 10:20:09 +1000, Mark Nottingham m...@yahoo-inc.com
wrote:
Weird. The code that I'm assuming generates the 411 is (squid2-HEAD):
Reporter is using 3.0. The header parse and validation code is similar only
regarding flow and design.
Particular lines and if-else are very different in spots between each of
the 3 current release of Squid.
if (!clientCheckContentLength(request) || httpHeaderHas(request-
header, HDR_TRANSFER_ENCODING)) {
err = errorCon(ERR_INVALID_REQ, HTTP_LENGTH_REQUIRED, request);
http-al.http.code = err-http_status;
http-log_type = LOG_TCP_DENIED;
http-entry = clientCreateStoreEntry(http, request-method,
null_request_flags);
errorAppendEntry(http-entry, err);
return -1;
}
but clientCheckContentLength doesn't look like it's triggering it:
static int
clientCheckContentLength(request_t * r)
{
switch (r-method-code) {
case METHOD_GET:
case METHOD_HEAD:
/* We do not want to see a request entity on GET/HEAD requests */
return (r-content_length = 0 || Config.onoff.request_entities);
default:
/* For other types of requests we don't care */
return 1;
}
/* NOT REACHED */
}
because the request method is POST. However, the request headers don't
have Transfer-Encoding...
What am I missing? I know Bijayant is using Squid-3, but I'm observing
the same behaviour in my build of 2...
On 17/06/2009, at 4:00 PM, Mark Nottingham wrote:
[ moving to squid-dev ]
From what I can see, the site is using JavaScript to do autocomplete
on a search field. The autocomplete requests use POST, but without a
body.
With Firefox, this results in a POST request without a body; i.e.,
it doesn't have transfer-encoding *or* content-length.
Such a POST request is legal (although atypical; Safari and I think
others will include a Content-Length: 0 to signal no body
explicitly). See
http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-06#section-4.3
.
I think the right thing to do here is for Squid to only 411 when
there's a transfer-encoding present; if there's no content-length,
it's safe to assume 0 length.
Cheers,
On 17/06/2009, at 2:07 PM, Bijayant Kumar wrote:
Bijayant Kumar
--- On Mon, 15/6/09, Bijayant Kumar bijayan...@yahoo.com wrote:
From: Bijayant Kumar bijayan...@yahoo.com
Subject: Re: [squid-users] NONE/411 Length Required
To: squid users squid-us...@squid-cache.org
Date: Monday, 15 June, 2009, 6:48 PM
--- On Mon, 15/6/09, Amos Jeffries squ...@treenet.co.nz
wrote:
From: Amos Jeffries squ...@treenet.co.nz
Subject: Re: [squid-users] NONE/411 Length Required
To: Bijayant Kumar bijayan...@yahoo.com
Cc: squid users squid-us...@squid-cache.org
Date: Monday, 15 June, 2009, 6:06 PM
Bijayant Kumar wrote:
Hello list,
I have Squid version 3.0.STABLE 10 installed on
Gentoo
linux box. All things are working fine, means caching
proxying etc. There is a problem with some sites. When
I am
accessing one of those sites, in access.log I am
getting
NONE/411 3692 POST
http://.justdial.com/autosuggest_category_query_main.php?
- NONE/- text/html
And on the webpage I am getting whole error page
of
squid. Actually its a search related page. In the
search
criteria field as soon as I am typing after two words
I am
getting this error. The website in a question is http://justdial.com
. But it works without the Squid.
I tried to capture the http headers also which
are as
below
http://.justdial.com/autosuggest_category_query_main.php?city=Bangaloresearch=Ka
POST
/autosuggest_category_query_main.php?city=Bangaloresearch=Ka
HTTP/1.1
Host: .justdial.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686;
en-US;
rv:1.8.1.16) Gecko/20080807 Firefox/2.0.0.16
Accept:
text/xml,application/xml,application/xhtml+xml,text/
html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.7,hi;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://.justdial.com/
Cookie:
PHPSESSID=d1d12004187d4bf1f084a1252ec46cef;
__utma=79653650.2087995718.1245064656.1245064656.1245064656.1;
__utmb=79653650; __utmc=79653650;
__utmz=79653650.1245064656.1.1.utmccn=(direct)|utmcsr=(direct)|
utmcmd=(none);
CITY=Bangalore
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.x 411 Length Required
Server: squid/3.0.STABLE10
Mime-Version: 1.0
Date: Mon, 15 Jun 2009 11:18:10 GMT
Content-Type: text/html
Content-Length: 3287
Expires: Mon, 15 Jun 2009 11:18:10 GMT
X-Squid-Error: ERR_INVALID_REQ 0
X-Cache: MISS from bijayant.kavach.blr
X-Cache-Lookup: NONE from
bijayant.kavach.blr:3128
Via: 1.0 bijayant.kavach.blr
(squid/3.0.STABLE10)
Proxy-Connection: close
Please suggest me what could be the reason and
how to
resolve
