[squid-users] Connection occasionally not ending after adapting response with ICAP

[Moti Berger]

I have a setup with squid 5.0.4 with ICAP server handling responses. The
ICAP server redirects based on some parameters of the response.

To test this setup, I use cURL like this:

> curl -k -s --proxy localhost:8000 -o /dev/null -v <URL>


Now, for some URLs, cURL hangs and for others it exits after receiving the
307 response.
When it hangs, I see this as the output of cURL (I removed what seemed to
me as non-related logs from the beginning):

> } [5 bytes data]
> * TLSv1.3 (OUT), TLS Unknown, Unknown (23):
> } [1 bytes data]
> > GET / HTTP/1.1
> > Host: www.one.co.il
> > User-Agent: curl/7.58.0
> > Accept: */*
> >
> { [5 bytes data]
> * TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
> { [217 bytes data]
> * TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
> { [217 bytes data]
> * TLSv1.3 (IN), TLS Unknown, Unknown (23):
> { [1 bytes data]
> < HTTP/1.1 307 Temporary Redirect
> < Location: <REDIRECTION-URL>
> < Cache-Control: no-cache, no-store, must-revalidate
> < Pragma: no-cache
> < Date: Wed, 30 Dec 2020 13:58:51 GMT
> < X-Cache: MISS from a0e59ea22cf8
> < X-Cache-Lookup: MISS from a0e59ea22cf8:3128
> < Transfer-Encoding: chunked
> < Via: 1.1 a0e59ea22cf8 (squid/5.0.4)
> < Connection: keep-alive
> <


Using tcpdump I didn't see squid send any other ICAP requests (besides
OPTIONS which the ICAP server replied to properly).
For some of the URLs where it hangs, I saw that running the same cURL
command with the --compressed switch, makes cURL exit as expected:

> } [5 bytes data]
> * TLSv1.3 (OUT), TLS Unknown, Unknown (23):
> } [1 bytes data]
> > GET / HTTP/1.1
> > Host: www.one.co.il
> > User-Agent: curl/7.58.0
> > Accept: */*
> > Accept-Encoding: deflate, gzip
> >
> { [5 bytes data]
> * TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
> { [217 bytes data]
> * TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
> { [217 bytes data]
> * TLSv1.3 (IN), TLS Unknown, Unknown (23):
> { [1 bytes data]
> < HTTP/1.1 307 Temporary Redirect
> < Location: <REDIRECTION URL>
> < Cache-Control: no-cache, no-store, must-revalidate
> < Pragma: no-cache
> < Date: Wed, 30 Dec 2020 14:00:31 GMT
> < X-Cache: MISS from a0e59ea22cf8
> < X-Cache-Lookup: MISS from a0e59ea22cf8:3128
> < Transfer-Encoding: chunked
> < Via: 1.1 a0e59ea22cf8 (squid/5.0.4)
> < Connection: keep-alive
> <
> { [5 bytes data]
> * TLSv1.3 (IN), TLS Unknown, Unknown (23):
> { [1 bytes data]
> * Connection #0 to host localhost left intact


When I skip the adaptation in REQMOD, I get the page and the connection is
terminated.
When the ICAP works in REQMOD and redirects on the same URLs, everything
seems to work properly.

What could make squid not to terminate the connection? Could it be that it
still holds connection with the HTTP server?

Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20201230/f6a97439/attachment-0001.htm>