Solved: Sprunge.us & Squid TCP_MISS/417

Posted 832 days ago - Debian, Security

The Problem

An attempt to use sprunge.us (the only paste-bin worth using) with curl from behind a Squid proxy returns an error.

The Symptoms

Here's the Squid error message in case you forgot:

ERROR

The requested URL could not be retrieved.

While trying to process the request:

POST / HTTP/1.1
User-Agent: curl/7.15.5 (i486-pc-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8c zlib/1.2.3 libidn/0.6.5
Host: sprunge.us
Accept: */*
Content-Length: 1117
Expect: 100-continue
Content-Type: multipart/form-data; boundary=----------------------------e77c50e200fb

The following error was encountered:

  • Invalid Request

Some aspect of the HTTP Request is invalid. Possible problems:

  • Missing or unknown request method
  • Missing URL
  • Missing HTTP Identifier (HTTP/1.0)
  • Request is too large
  • Content-Length missing for POST or PUT requests
  • Illegal character in hostname; underscores are not allowed

Your cache administrator is: abc@123.local

Generated Sun, 25 Oct 2009 14:34:23 GMT by 123.local (squid)

And the entry in the Squid access logs:

1256481202.378      1 10.254.22.109 TCP_MISS/417 1623 POST http://sprunge.us/ - NONE/- text/html

The Fix

Force curl to use HTTP 1.0 instead of the default HTTP 1.1 by adding the "-0" option. 

~# iptables -L -n | curl -0 -F 'sprunge=<-' http://sprunge.us

Wait, what?

From the HTTP/1.1 RFC 2616:

Because of the presence of older implementations, the protocol allows ambiguous situations in which a client may send "Expect: 100-continue" without receiving either a 417 (Expectation Failed) status or a 100 (Continue) status. Therefore, when a client sends this header field to an origin server (possibly via a proxy) from which it has never seen a 100 (Continue) status, the client SHOULD NOT wait for an indefinite period before sending the request body.

Basically, Squid is HTTP 1.0, and "Expect: 100-continue" in the header is HTTP 1.1, so Squid throws an error. If curl is instructed to use HTTP 1.0, Squid is happy and the request is processed successfully.

Word Count: 356

Tags: , , , ,

Click Here to Submit a Comment

Permalink / Last Modified:

Support Nullamatix.com:

E-mail Comment Facebook Del.icio.us Digg Reddit Technorati Furl

See Also:

  • 10/01/2010 -- Disable IPv6 The Right (Debian) Way
    Excerpt: "IPv4 has been in place for around 30 years now and is still a testament to human ingenuity. Unfortunately, IPv4 is limited to approximately 4.3 billion addresses, 0.0.0.0 - 255.255.255.255. As more cities in more countries get connected to the Internet, the ..."
  • 04/11/2010 -- Howto: XCache in a Lighttpd Chroot on Debian
    Excerpt: "Whether you're pressed for resources on a virtual/dedicated server, or simply looking for ways to improve web application performance, XCache is guaranteed to produce the desired result. Within minutes of installing XCache: page load times were cut in half, ..."
  • 01/17/2010 -- New Tool: IP Range to CIDR
    Excerpt: "At least twice a week I find myself visiting ip2cidr.com, the IP to CIDR converter. Since the owner/author of the site hasn't release the source code, and I love a challenge, I developed my own version. The guys at the job find the tool useful, and after a ..."
  • 01/10/2010 -- Solution: chown: invalid user: www-data:www-data
    Excerpt: "Ran into this issue after getting rid of the www-data user and group. The solution is simple and doesn't involve adding the account/group, assuming the objective is to run Lighttpd as a different user (not www-data). If the intention is to run Lighttpd with ..."

0 Comments

[ RSS feed | Trackback URI | Leave a Comment ]

Leave a Comment

Comments are moderated prior to showing up. If your comment does not show up immediately, please do not attempt to resubmit. If you're redirected to the original post after pressing "Add Comment", your comment was successfully entered into the moderation queue.

Trackback Responses to This Post:

  • No Trackbacks, yet. Help Nullamatix.com by Linking to This Post.