On Fri, 20 Feb 2004, Dan Brita wrote:
> I am running Squid 2.5 stable 4 behind a Cisco PIX 525 running firewall
> IOS 6.3(1). I am still getting Zero Sized Reply errors when navigating
> to AOL webmail, Gateway's support site and others.
First action is to identify if the Zero Sized Reply is due to something at
the remote site or caused by your PIX.
A packet level analysis of the failing requests both at the proxy and
outside your PIX will tell. Trying to give your proxy server direct
connectivity to the Internet without the PIX is another.
> I thought that the problem that the PIX causes had been fixed in stable
> 4 but maybe not.
One specific problem with the PIX has been worked around in 2.5.STABLE4,
but there may be more problems with the HTTP inspection module of PIX or
the same problem may still be visible in certain situations involving
large cookies or similar HTTP headers.
What we have done in 2.5.STABLE4 is to minimize the changes to the HTTP
headers when the request is proxied. Before the change the Host: header
was always moved last which caused problems for firewalls expecting the
Host: header to be available in the first TCP packet. From 2.5.STABLE4 or
later the Host: header is sent exacly where it was in the original request
received from the client, making it less likely this kind of bugs in other
equipment is triggered by using Squid.
If you find that the problem is due to your PIX you whould be able to work
around the problem by disabling all HTTP inspection capabilities of PIX,
reducing it's HTTP capabilities to that of any other TCP protocol.
Regards
Henrik
Received on Sun Feb 22 2004 - 09:57:32 MST
This archive was generated by hypermail pre-2.1.9 : Mon Mar 01 2004 - 12:00:02 MST