[squid-users] BWS after chunk-size
Alex Rousskov
rousskov at measurement-factory.com
Wed Apr 3 15:48:15 UTC 2024
On 2024-04-01 23:03, root at ohmuro.net wrote:
> after an upgrade from squid 5.4.1 to squid 5.9, unable to parse HTTP
> chunked response containing whitespace after chunk size.
> I could be wrong, but Can you please advise me know if there is a way or
> patch to fix this issue.
The sender of these malformed chunks is at fault. If you can reach out
to them, they may be able to upgrade or fix their software.
Senders with similar behavior were used for attacks on clients or
network infrastructure. Squid cannot tell whether an attack is going on
and, hence, rejects traffic with such serious message framing-related
violations. This is the right default that will never change.
It is, of course, possible to modify Squid code to resume accepting this
dangerous whitespace again. However, such changes will not be officially
accepted, and running your Squid with such changes does elevate security
risks of your Squid deployment or those around it. FWIW, we work in the
background to better address this issue, but we are currently too busy
with more important Squid problems to make good progress with that work.
Alex.
More information about the squid-users
mailing list