[squid-users] 500 Unsupported "Surrogate-Capability" errors with ssl-bump.

[Eliezer Croitoru]

I have tested couple times with couple sites and it seems that they 
don't like the "Surrogate-Capability" headers and specially in SSL, they 
return a 500 internal error.
One url that I have tried to access is:
https://www.brighttalk.com/webcast/10903/183623?utm_campaign=webcasts-search-results-feed&utm_content=preventing+cyberattacks+in+healthcare&utm_source=brighttalk-portal&utm_medium=web

I dumped a ALL,9 and found that the only difference between the request 
of squid to the original one(which works) is the "Surrogate-Capability".
I have tested more then once using curl and couple other clients and the 
site just doesn't like to see these request headers.

I tried to look at the docs and the bugzilla but have not found a report 
on it so I will post it here.

I do not know if the issue is because they have some internal surrogates 
or their parser\policy is to deny such requests.
I have tried to use:
request_header_access Surrogate-Capability deny all

and it seems to work fine for now and also solves squid bug 4253 for 
more then one site.

Eliezer