squid-1210

Version:

2.5 (2.5.STABLE1)

Version:

http://bugs.squid-cache.org/show_bug.cgi?id=1210

How it is diagnosed (reproduced or source analysis)?

We reproduced the failure!

Symptom:

Squid with a single parent cache server will retry 403 (FORBIDDEN) results three times to the parent proxy, even though RFC 2616 section 10.4.4 says 403 Forbidden "SHOULD NOT" be retried.    

How to reproduce?

1). set up a webpage with no read access.

2). Start the squid server:

squid -N

3). set http_proxy and wget the webpage

This is the ‘bt’ on the buggy function ‘fwdReforwardableStatus’

(gdb) bt

#0  fwdReforwardableStatus (s=HTTP_FORBIDDEN) at forward.c:781

#1  0x000000000043d4da in httpReadReply (fd=14, data=0x1ba28c8) at http.c:638

#2  0x00000000004243be in comm_poll (msec=999) at comm_select.c:445

#3  0x000000000044d16d in main (argc=2, argv=0x7fff299f8dd8) at main.c:738

Root cause:

Squid did not handle status ‘HTTP_FORBIDDEN (403)’ correctly!

Details:

Let’s see the patch first:

fwdReforwardableStatus(http_status s)

{

    switch (s) {

+    case HTTP_BAD_GATEWAY:

+    case HTTP_GATEWAY_TIMEOUT:

+        return 1;

    case HTTP_FORBIDDEN:

    case HTTP_INTERNAL_SERVER_ERROR:

    case HTTP_NOT_IMPLEMENTED:

-    case HTTP_BAD_GATEWAY:

    case HTTP_SERVICE_UNAVAILABLE:

-    case HTTP_GATEWAY_TIMEOUT:

-        return 1;

+        return Config.retry.onerror;

    default:

        return 0;

    }

Essentially for HTTP_FORBIDDEN (403), squid should not return 1 in ‘fwdReforwardableStatus’, but return Config.retry.onerror.

Is there Error Message?

No.

Can developers anticipate error and put a magic error message?

Yes. This belong to the pattern of input check.

The http status of the response (which is the input of squid) is HTTP_FORBIDDEN, which is not a normal value. So developers could have put a warning message to warn about this fact.

But actually it would be hard for Errlog to automatically learn this.