On May 17, 2013, at 7:25 PM, Alex Rousskov <rousskov_at_measurement-factory.com> wrote:
> On 05/15/2013 09:12 AM, Guy Helmer wrote:
>
>> I'm seeing something odd with icap REQMOD requests for HTTP POST
>> requests in Squid 3.3.4: the encapsulated body appears to not be
>> terminated by \r\n0\r\n. This seems to occur consistently with bumped
>> SSL requests to graph.facebook.com:
>
> The ICAP-encapsulated HTTP request body is not terminated because Squid
> has not received the entire HTTP request body yet. Your ICAP server
> timeout is too aggressive for this particular transaction.
Thanks for the analysis. Since the issue was not in the adaptation layer, further testing indicates that building with --enable_kqueue causes squid not to read the remainder of the body in these bumped HTTPS transactions.
> Here are the logged steps, FYI:
> […]
>
>> 45:06.920 kid1| ModXact.cc(647) parseMore:
>> ICAP/1.0 400 Bad Request
>> ...
>
> 15 seconds later, the ICAP server gives up and returns a [bogus] error
> to Squid.
Thanks for catching that. There was a bug in my server that kept it from returning a 408 response.
Any thoughts on appropriate timeouts for the ICAP protocol? I have not seen recommendations for timeouts in RFC 3507 or the ICAP Errata.
Best regards,
Guy
Received on Sat May 18 2013 - 22:32:28 MDT
This archive was generated by hypermail 2.2.0 : Mon May 20 2013 - 12:00:05 MDT