On 04/06/2011 06:23 AM, Amos Jeffries wrote:
> On 06/04/11 10:41, Alex Rousskov wrote:
>> Hello,
>>
>> ICAP prohibits forwarding of hop-by-hop headers in HTTP headers. If
>> the virgin request has a "Transfer-Encoding: chunked" header, the ICAP
>> server will not receive it. Thus, when the ICAP server responds with a
>> 200 OK and what it thinks is an identical copy of the HTTP request, the
>> adapted request will be missing the Transfer-Encoding header.
>>
>> One the server side, Squid used to test whether the request had a
>> Transfer-Encoding header to determine whether request chunking is needed
>> when talking to the next HTTP hop. That test would fail in ICAP presence.
>>
>> This change implements a more direct/robust check: if we do not know the
>> request content length, we chunk the request.
>>
>> We also no longer forward the Content-Length header if we are chunking.
>> It should not really be there in most cases, but an explicit check is
>> safer and may also prevent request smuggling attacks via Connection:
>> Content-Length tricks.
>>
>> This fix has been tested in a production environment.
>>
>>
>> Thank you,
>>
>> Alex.
>
> +1.
Committed to trunk as r11349.
Thank you,
Alex.
Received on Wed Apr 06 2011 - 16:27:11 MDT
This archive was generated by hypermail 2.2.0 : Wed Apr 06 2011 - 12:00:15 MDT