[squid-users] What squid should do with RFC non-compliant response header?

Eliezer Croitoru eliezer at ngtech.co.il
Wed Apr 5 19:32:02 UTC 2017


Thanks for the reponse.
Actually browsers ignore the header as a response header and do not show it at all.
(at least firefox)
Technically I would expect squid to pass it but it's might have the potential for a CVE in some casese.

Eliezer

----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il



-----Original Message-----
From: L A Walsh [mailto:squid-user at tlinx.org] 
Sent: Wednesday, April 5, 2017 10:19 PM
To: Eliezer Croitoru <eliezer at ngtech.co.il>
Cc: squid-users at lists.squid-cache.org
Subject: Re: What squid should do with RFC non-compliant response header?

Eliezer Croitoru wrote:
> Hi List,
>
> I noticed that there are broken services out-there which uses non RFC 
> compliance response header such as the case of space, for  example:
> "Content Type:  hola amigos"
>   
Hmmm....April 1?...

Seriously -- what would a user's browser do?  Probably depends on browser, but browsers are notoriously accepting and most would likely ignore a problem like that and try to use defaults to decide on content and rendering.

So if you want your proxy to not look like a stick-in-the-mud for standards, I'd just pass it on.  If a proxy rejected every non-compliant web-page, some significant percentage of the web would be unviewable.






More information about the squid-users mailing list