Re: [squid-users] HTTP protocol violation error using .NET 2.0 web services through Squid-2.5 proxy

From: Robert Collins <robertc@dont-contact.us>
Date: Fri, 20 Oct 2006 07:00:28 +1000

On Thu, 2006-10-19 at 21:42 +1000, Marcus Ogden wrote:
> Hello,
>
> A client of ours using the Squid proxy server (version
> 2.5.STABLE6-3.4E.12.1) on Red Hat Enterprise Linux 4 is experiencing a
> problem when running our .NET 2.0 client application, which communicates
> with a .NET 2.0 web service on our server.
>
> When our client application sends an HTTP 1.1 request through the Squid
> proxy to our server, it receives the error:
>
> "The server committed a protocol violation. Section=ResponseStatusLine"
>
> Other clients not using Squid are not experiencing this problem.
>
> Researching this, we've found a few posts that report similar problems
> using .NET 2.0 web services and/or the HTTP 1.1 protocol through Squid,
> e.g.
>
> http://forums.asp.net/thread/1194960.aspx
> http://groups.google.to/group/microsoft.public.dotnet.framework.remoting
> /msg/dae1a8e9eed3dcf3?dmode=source
> http://www.squid-cache.org/mail-archive/squid-users/200606/0534.html
>
> We've also tried the suggestion in
> http://forums.asp.net/thread/1284850.aspx to set the
> useUnsafeHeaderParsing property in the client .NET application's config
> file to "true", but our client reports this hasn't solved the problem.
>
> Any suggestions on how we can resolve this issue would be much
> appreciated.

The server is sending malformed HTTP headers. This could be either:
 * The server is non conformant
or
 * Someone is attempting an HTTP smuggling attack against your client.

For the former you can tell squid to be more relaxed about HTTP parsing
[see squid.conf.default] : this will disable the protection against HTTP
smuggling attacks though. For the latter - get a log of the traffic and
you can inspect it for validity.

-Rob

-- 
GPG key available at: <http://www.robertcollins.net/keys.txt>.

Received on Thu Oct 19 2006 - 15:00:34 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Nov 01 2006 - 12:00:04 MST