Yes, and I couldn't agree with you more. Thanks for digging up the reference URL, Henrik.
BTW, there was a Cisco PIX in front of the squid box. Now I'm sure that it was that damn pix that was screwing up my headers, because on my other network it works just fine (squid 2.4-STABLE6). Maybe this information should be noted in the FAQ (for future ref): Some firewalls (eg Cisco PIX) allow HTTP filtering based on contents of packets. However, such firewalls may require that the Host: header of a request be in the first packet of a request. Currently, squid rewrites client headers with the result that the Host: header is moved towards the end of the headers. If the request headers span more than a packet (eg, Yahoo/Hotmail requests use large cookies), this may result in the Host: header moving to the second or later packets. In such a case, the firewall may terminate the TCP session, causing a ZSR to be returned to the client. Patch added to Squid-2.5. http://www.squid-cache.org/bugs/show_bug.cgi?id=699 Again, thank you everybody for your help! Regards, Trevor. -----Original Message----- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 4:06 PM To: Trevor Cc: [EMAIL PROTECTED] Subject: RE: [squid-users] Zero Sized Reply What this page refer to is the Host header rearrangement done by squid-2.5.STABLE3 and earlier and which was found to cause some broken web servers / firewalls to break in different manners. More information on this issue can be found from the Squid-2.5 bugs page <url:http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE3-host header> Please note that this is not a Squid bug but yet anoter case of broken firewalls which should be thrown out with yesterdays garbage (or at least the failing function should be immediately disabled). It is truly amasing to see such critical bugs in high profile web site implementations, and even more amasing there apparently is vendors who dare to sell such equipment/software claiming it works fine for such use.... but I guess the high profile web sites trusts big vendors to make correct solutions and don't even bother to verify the functionality before going into production. Regards Henrik On Tue, 9 Dec 2003, Trevor wrote: > From the MIS-Helpdesk Site: "A zero sized reply can be returned for sites > that have complex urls or require the use of cookies (Eg. hotmail and yahoo > webmail sites). In order to prevent this from occurring a new version of > squid will have to be installed which has a patch to alter the requests > squid makes." zero sized reply
