Re: Squid 3.1.0.2 problem with ICAP Posst method data

From: Tsantilas Christos <chtsanti_at_users.sourceforge.net>
Date: Thu, 12 Feb 2009 19:48:37 +0200

Hi,

Your icap response is wrong. The Encapsulated header:
    Encapsulated: req-hdr=0, null-body=536

Should be something like:
     Encapsulated: req-hdr=0, req-body=536

Regards,
     Christos

Moshe Beeri wrote:
> Hi All,
>
> I am interfacing disturbing problem with squid 3.1 ICAP.
> I seems that HTTP POST method does not works properly.
> while taking a close look at the sniffer I notice that
> post data, though returned unchanged from the ICAP Server,
> is not sent to the web server, and results to a problematic behavior,
> in the following case there is a login problem.
>
> I am using standard ICAP Configuration as follows:
> icap_enable on
> icap_preview_enable off
> icap_send_client_ip on
> icap_send_client_username on
> icap_client_username_header X-Authenticated-User
> icap_client_username_encode on
>
>
> icap_service service_req reqmod_precache 0 icap://127.0.0.1:1344/request
> adaptation_service_set class_req service_req
> adaptation_access class_req allow all
>
> icap_service service_resp respmod_precache 0
> icap://127.0.0.1:1345/response
> adaptation_service_set class_resp service_resp
> adaptation_access class_resp allow all
>
> ------------------------------------------------------------------------
> ----------------
> The ICAP request looks OK:
>
> REQMOD icap://127.0.0.1:1344/request ICAP/1.0
> Host: 127.0.0.1:1344
> Date: Thu, 12 Feb 2009 12:33:34 GMT
> Proxy-Authorization: Basic bW9zaGViOjEyMzQ1Ng==
> Encapsulated: req-hdr=0, req-body=567
> Allow: 204
> X-Client-IP: 10.101.1.241
> X-Authenticated-User: bW9zaGVi
>
> POST http://lovin.co.il/reguser/loginForm.do HTTP/1.1
> Host: lovin.co.il
> User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.20)
> Gecko/20081217 Firefox/2.0.0.20
> Accept:
> text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plai
> n;q=0.8,image/png,*/*;q=0.5
> Accept-Language: en-us,en;q=0.5
> Accept-Encoding: gzip,deflate
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Referer: http://lovin.co.il/reguser/loginForm.do
> Cookie: JSESSIONID=CE9319848513B6B494B8EF992E9C10C7
> Content-Type: application/x-www-form-urlencoded
> Content-Length: 30
>
> 1e
> usrName=%D8%91&password=111111
> 0
>
> ICAP/1.0 200 OK
> ISTAG: "PS_CF_ICAP-5.1-46-142"
> Cache-Control: post-check=0, pre-check=0, false
> Pragma: no-cache
> X-Response-Info: 4
> ICAP-Session-Info:
> PElHX1BDQ0lDQVBDbGllbnRTZXNzaW9uQ29udGV4dE1zZyBibG9ja01vZGU9IjQiIHJlZGly
> ZWN0VXJsPSIiIHBvbGljeT0iIiBzZXNzaW9uSUQ9IiIgYWN0aXZlQ2F0ZWdvcmllcz0iMTA3
> NTg2MzY2NSIgaW5nbm9yZUNhdGVnb3JpZXM9IjAiIHdhcm5DYXRlZ29yaWVzPSIwIiBhdXRo
> b3JpemF0aW9uPSIwIi8+Cg==
> X-Category: 1
> X-Attribute: 1
> Encapsulated: req-hdr=0, null-body=536
>
> POST http://lovin.co.il/reguser/loginForm.do HTTP/1.1
> Host: lovin.co.il
> User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.20)
> Gecko/20081217 Firefox/2.0.0.20
> Accept:
> text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plai
> n;q=0.8,image/png,*/*;q=0.5
> Accept-Language: en-us,en;q=0.5
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Referer: http://lovin.co.il/reguser/loginForm.do
> Cookie: JSESSIONID=CE9319848513B6B494B8EF992E9C10C7
> Content-Type: application/x-www-form-urlencoded
> Content-Length: 30
>
> 1e
> usrName=%D8%91&password=111111
> 0
>
> ------------------------------------------------------------------------
> ----------------
>
> But the HTTP Header is sent to the web server (port 80) without the POST
> DATA
>
> POST /reguser/loginForm.do HTTP/1.0
> Host: lovin.co.il
> User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.20)
> Gecko/20081217 Firefox/2.0.0.20
> Accept:
> text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plai
> n;q=0.8,image/png,*/*;q=0.5
> Accept-Language: en-us,en;q=0.5
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Referer: http://lovin.co.il/reguser/loginForm.do
> Cookie: JSESSIONID=CE9319848513B6B494B8EF992E9C10C7
> Content-Type: application/x-www-form-urlencoded
> Content-Length: 30
> Via: 1.1 PSSquid (squid/3.1.0.3)
> X-Forwarded-For: 10.101.1.241
> Cache-Control: max-age=259200
> Connection: keep-alive
>
> {HERE SHOULD COME THE MISSING DATA [usrName=%D8%91&password=111111]}
>
> ------------------------------------------------------------------------
> ----------------
>
> Is it know issue?
> How do I bypass it?
> can I configure squid so HTTP POST request will not go through
> adaptation process? && how?
>
>
> Thank you,
> Moshe Beeri.
> PureSight.com
>
Received on Thu Feb 12 2009 - 17:48:43 MST

This archive was generated by hypermail 2.2.0 : Fri Feb 13 2009 - 12:00:03 MST