Re: [squid-users] problem streaming video

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 16 Jul 2014 23:38:25 +1200

On 16/07/2014 4:18 p.m., Lawrence Pingree wrote:
> I have found that although RFC's state that you should have VIA and forwarded
> for headers, firewalls and intrusion detection devices are now blocking (based
> on their configuration of the organization) proxies that are detected using
> these headers as the method for detection.
>

Do you have much in the way of data on that?

My finding is that this is almost always bad code.

Systems which break internally (crash or hang - resulting in zero sized
reply). Fairly consistently do so if they are passed "unknown" or an
IPv6 address in the XFF header. Some also fail if they are passed
multiple IPv4 or sometimes if the (optional) SP characters are omitted.

"unknown", and multiple IPv4 has *aways* been part of the design for
X-Forwarded-For. So the only explanation if those fail is bad code
handling the header value.

Amos
Received on Wed Jul 16 2014 - 11:38:37 MDT

This archive was generated by hypermail 2.2.0 : Wed Jul 16 2014 - 12:00:18 MDT