Re: [squid-users] Squid error with "WARNING: HTTP header contains NULL characters"

From: Sam klinger <sam.k_at_pplmotorhomes.com>
Date: Thu, 28 Apr 2011 09:09:21 -0500

On 04/27/2011 06:16 PM, Amos Jeffries wrote:
> On Wed, 27 Apr 2011 12:04:23 -0500, Sam Klinger wrote:
>> Steps to reproduce:
>> 1. Go to
>>
>> http://sourceforge.net/projects/sarg/files/sarg/sarg-2.3.1/sarg-2.3.1.tar.gz/download
>>
>> 2. Attempt to download
>> 3. Squid will display error page saying "The requested URL could not be
>> retrieved" and "The HTTP Response message received from the contacted
>> server could not be understood or was otherwise malformed. Please
>> contact the site operator."
>>
>>
>> cache.log contains the error below:
>> 2011/04/27 11:53:25| WARNING: HTTP: Invalid Response: Bad header
>> encountered from
>>
>> http://downloads.sourceforge.net/project/sarg/sarg/sarg-2.3.1/sarg-2.3.1.tar.gz?r=&ts=1303923196&use_mirror=cdnetworks-us-1
>>
>> AKA
>>
>> downloads.sourceforge.net/project/sarg/sarg/sarg-2.3.1/sarg-2.3.1.tar.gz?r=&ts=1303923196&use_mirror=cdnetworks-us-1
>>
>> 2011/04/27 11:53:25| ctx: enter level 0:
>>
>> 'http://downloads.sourceforge.net/project/sarg/sarg/sarg-2.3.1/sarg-2.3.1.tar.gz?r=&ts=1303923196&use_mirror=cdnetworks-us-1'
>>
>> 2011/04/27 11:53:25| WARNING: HTTP header contains NULL characters
>> {Access-Control-Allow-Origin: *
>> X-Powered-By: PHP/5.2.9
>> Content-Disposition: attachment; filename="sarg-2.3.1.tar.gz}
>> NULL
>> {Access-Control-Allow-Origin: *
>> X-Powered-By: PHP/5.2.9
>> Content-Disposition: attachment; filename="sarg-2.3.1.tar.gz
>> 2011/04/27 11:53:25| ctx: exit level 0
>>
>> Here is a squid -v
>> Squid Cache: Version 3.1.12.1
>> configure options: 'CHOST=i686-pc-linux-gnu' 'CFLAGS=-march=prescott
>> -O2 -pipe -fomit-frame-pointer' 'CXXFLAGS=' '--prefix=/usr'
>> '--includedir=/include' '--mandir=/share/man' '--infodir=/share/info'
>> '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=/lib/squid3'
>> '--disable-maintainer-mode' '--disable-dependency-tracking'
>> '--disable-silent-rules' '--srcdir=.' '--datadir=/usr/share/squid3'
>> '--sysconfdir=/etc/squid3' '--mandir=/usr/share/man' '--enable-inline'
>> '--enable-async-io=8' '--with-cppunit-basedir=/usr'
>> '--enable-storeio=ufs,aufs,diskd' '--enable-removal-policies=heap'
>> '--enable-delay-pools' '--enable-cache-digests' '--enable-icap-client'
>> '--enable-underscore' '--enable-follow-x-forwarded-for'
>> '--enable-auth=basic,digest,ntlm,negotiate'
>>
>> '--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,YP,getpwnam,multi-domain-NTLM'
>>
>> '--enable-digest-auth-helpers=ldap,password'
>> '--enable-negotiate-auth-helpers=squid_kerb_auth'
>>
>> '--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group'
>>
>> '--enable-snmp' '--enable-epoll'
>> '--with-large-files--with-filedescriptors=65536' '--enable-arp-acl'
>> '--enable-zph-qos' '--enable-esi' '--with-logdir=/var/log/squid3'
>> '--with-pidfile=/var/run/squid3.pid' '--with-filedescriptors=65536'
>> '--with-large-files' '--enable-linux-netfilter'
>> '--with-default-user=proxy' --with-squid=/opt/squid-3.1.12.1
>>
>> Sourceforge is not the only website that does it, not all websites do
>> it, but some. So far all affected websites have been affected in the
>> header line "Content-Disposition".
>>
>> I also have wireshark captures from a machine running outside squid
>> and one running inside. Any help with this issue would be appreciated.
>> Thank you.
>
> Squid is doing all that is possible to be done in these circumstances.
> The HTTP headers are sent with a binary connection terminator (NULL)
> right in the middle of an ASCII-only portion of the protocol.
>
> The cache.log trace shows a full trace of the header block with " NULL "
> in the middle where the NULL is occuring. Do not be fooled by the
> duplicate nature of headers in that trace. That is actually what squid
> has received:
>
> Access-Control-Allow-Origin: *\r\n
> X-Powered-By: PHP/5.2.9\r\n
> Content-Disposition: attachment; filename="sarg-2.3.1.tar.gz\0
> Access-Control-Allow-Origin: *\r\n
> X-Powered-By: PHP/5.2.9\r\n
> Content-Disposition: attachment; filename="sarg-2.3.1.tar.gz\0
>
>
> Normally one needed only to report it to the source website that their
> server or script is broken. Nowdays you may also have to trace the whole
> relay path looking for broken content adapters.
>
> Amos
>
Thank you for your help Amos, and your hunch was correct about broken
content adapters, after extensive searching I found that the issue was
with our IBM Proventia firewall mangling the headers. I have yet to find
a workaround or fix for the issue.

Relevant mailing list thread.
http://www.squid-cache.org/mail-archive/squid-users/200904/0562.html
Received on Thu Apr 28 2011 - 14:09:26 MDT

This archive was generated by hypermail 2.2.0 : Thu Apr 28 2011 - 12:00:03 MDT