[squid-users] chunked transfer over sslbump

Zhang, Jinshu jinshu_zhang at fanniemae.com
Tue Jan 9 16:51:15 UTC 2024


Hi Alex, good morning. Thank you for your reply. I work together with Arun on this issue. Here is some more detail.

Client got below response headers and body. Masked few details.
Retry seems to fetch data remaining.
Want to point out that removing sslbump everything is working fine, but we wanted to keep it for ICAP scanning.
We tried compiling 6.x in Amazon linux, using latest gcc, but facing similar error - https://lists.squid-cache.org/pipermail/squid-users/2023-July/026016.html

HTTP/1.1 200 OK
Date: Tue, 09 Jan 2024 15:41:33 GMT
Server: Apache/mod_perl/2.0.10 Perl
Content-Type: application/download
X-Cache: MISS from ip-x-y-z
Transfer-Encoding: chunked
Via: xxx (ICAP)
Connection: keep-alive

1000
File-Id: xyz.zip
Local-Path: x/y/z.txt
Content-Size: 2967
< binary content >


Access log(1st attempt):
1704814893.695    138 x.y.0.2 NONE_NONE/200 0 CONNECT a.b.com:443 - FIRSTUP_PARENT/10.x.y.z -
1704814900.491   6779 172.17.0.2 TCP_MISS/200 138996535 POST https://a.b.com/xyz - FIRSTUP_PARENT/10.x.y.z application/download

Retry after 5 mins:
1704815201.530    189 x.y.0.2 NONE_NONE/200 0 CONNECT a.b.com:443 - FIRSTUP_PARENT/10.x.y.z -
1704815208.438   6896 x.y.0.2 TCP_MISS/200 138967930 POST https://a.b.com/xyz - FIRSTUP_PARENT/10.x.y.z application/download

Jinshu Zhang


Fannie Mae Confidential
-----Original Message-----
From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of Alex Rousskov
Sent: Tuesday, January 9, 2024 9:53 AM
To: squid-users at lists.squid-cache.org
Subject: [EXTERNAL] Re: [squid-users] chunked transfer over sslbump


On 2024-01-09 09:13, Arun Kumar wrote:

> I have compiled/installed squid v5.8 in Amazon Linux and configured it
> with sslbump option. Squid is used as proxy to get response from https
> site. When the https site sends chunked response, it appears that the
> first response comes but it get stuck and doesn't receive the full
> response. Appreciate any help.
  There were some recent chunking-related changes in Squid, but none of them is likely to be responsible for the problems you are describing unless the origin server response is very special/unusual.

Does the client in this test get the HTTP response header? Some HTTP response body bytes?

To triage the problem, I recommend sharing the corresponding access.log records (at least). Seeing debugging of the problematic transaction may be very useful (but avoid using production security keys and other sensitive information in such tests):
https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction

Please note that Squid v5 is not officially supported and has more known security vulnerabilities than Squid v6. You should be using Squid v6.


HTH,

Alex.

_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users



More information about the squid-users mailing list