Bad HTTP header error on non-standard HTTP response code

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Bad HTTP header error on non-standard HTTP response code

Ivan Larionov
Hello.

We've recently noticed a difference in behavior between squid v3 and v4.

On HTTP response with non-standard 4-digits HTTP code, for example something like this:

HTTP/1.1 5009 Update Error
Connection: Closed

{"code":500911,"message":"update record error"}

squid 3 just passes this response to the client, but squid 4 returns 502 with ERR_INVALID_RESP template and writes into cache.log:

WARNING: HTTP: Invalid Response: Bad header encountered from … AKA …

While I understand that 4-digits response code is not standard I'd like to know:

Is it expected behavior and is there an option to change squid 4 behavior to match squid 3?

Thanks!

--
With best regards, Ivan Larionov.

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Bad HTTP header error on non-standard HTTP response code

Amos Jeffries
Administrator
On 7/02/19 6:39 am, Ivan Larionov wrote:

> Hello.
>
> We've recently noticed a difference in behavior between squid v3 and v4.
>
> On HTTP response with non-standard 4-digits HTTP code, for example
> something like this:
>
> HTTP/1.1 5009 Update Error
> Connection: Closed
>
> {"code":500911,"message":"update record error"}


Well, according to the HTTP specification this is an HTTP/0.9 message
pretending to be an HTTP/1 message:

 HTTP/0.9 := [optional text] CRLF

 HTTP/1.x := "HTTP/1." DIGIT SP 3*DIGIT SP [optional text] CRLF


Due to complaints Squid-4 dropped implicit support for HTTP/0.9
responses to HTTP/1 requests. The client is now required to make an
HTTP/0.9 style request for 0.9 syntax to be expected.


>
> squid 3 just passes this response to the client, but squid 4 returns 502
> with ERR_INVALID_RESP template and writes into cache.log:
>
> WARNING: HTTP: Invalid Response: Bad header encountered from … AKA …
>
> While I understand that 4-digits response code is not standard I'd like
> to know:
>
> Is it expected behavior and is there an option to change squid 4
> behavior to match squid 3?

This is intentional behaviour. According to the specification the
recipient (Squid) MUST treat it as a malformed 500 response. It was a
bug in Squid-3 to pass the status unchanged.


PS. If you have any contact with people in charge of the server
producing these responses please contact them an encourage proper HTTP
syntax be used. The requirements are not particularly difficult and RFC
7230 series of documents are a lot clearer to understand than the old ones.

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Bad HTTP header error on non-standard HTTP response code

Alex Rousskov
In reply to this post by Ivan Larionov
On 2/6/19 10:39 AM, Ivan Larionov wrote:
> is there an option to change squid 4 behavior to match squid 3?

It is easy to relax Squid response parser to accept more syntactically
invalid HTTP responses, but one would need a good use case to do so
officially because of the problems with HTTP/0 responses (that Amos has
mentioned) and other message smuggling dangers. A single case of an
unusual/rare broken origin server is unlikely to be sufficient for this
IMHO.

Alex.
P.S. If you want to patch your Squid, look for the tok.int64() call in
Http::One::ResponseParser::parseResponseStatusAndReason().
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users