[squid-dev] [PATCH] Temporary fix to restore compatibility with Amazon

[Amos Jeffries]

On 24/06/2015 5:55 p.m., Alex Rousskov wrote:
> Hello,
> 
>     This temporary trunk fix adds support for request URIs containing
> '|' characters. Such URIs are used by popular Amazon product (and
> probably other) sites: /images/I/ID1._RC|ID2.js,ID3.js,ID4.js_.js
> 
> Without this fix, all requests for affected URIs timeout while Squid
> waits for the end of request headers it has already received(*).

This is not right. Squid should be identifying the message as
non-HTTP/1.x (which it isn't due to the URI syntax violation) and
treating it as such.

There is no reason for HTTP/0.9 traffic to hang (thus the bug
agreement). Squid should read in the first line, find a reply for the
URI and close the connection once that reply is delivered. Note how
thare are no mime headers involved to be waited on. I agree there is a
bug there if its hanging.

NP: it means "broken" syntax does work - but gets a slow response with
no HTTP feature benefits. That slow vs fast is the designed incentive
for such softwares authors to fix things.

> 
> The proper long-term fix is to allow any character in URI as long as we
> can reliably parse the request line (and, later, URI components). There
> is no point in hurting users by rejecting requests while slowly
> accumulating the list of benign characters used by web sites but
> prohibited by some RFC.

The *proper* long term fix is to obey the standards in regard to message
syntax so applications stop using these invalid (when un-encoded)
characters and claiming HTTP/1.1 support.

Amos