Univention Bugzilla – Bug 34025
Webpages respond with "Bad Request" after HTTP-Get with X-Forwarded-For Header "unknown" set by squid
Last modified: 2014-08-07 17:41:35 CEST
It seems that some webpages can't parse the X-Forwarded-For HTTP-Header (e.g. turnier.de, alleturniere.de) if the header value is "unknown". The webpages respond with a "Bad Request". By default in ucs the squid configuration directive for X-Forwarded-For is "off" (see /etc/univention/templates/files/etc/squid3/squid.conf line 219). This yields to the described "unknown" value in the header. Setting the configuration directive to "on" or "delete" according to squid-cache.org/Doc/config/forwarded_for/ works with the provided webpages. I suggest "delete" as default value in the squid.conf. Furthermore it should be possible to set the configuration directive in the ucr.
We did some testing at Ticket: 2013103021001753 and had come to the conclusion that some web load balancers have problems if the X-Forwarded-For contains a value that can not be parsed to a IP address (e.g. "unknown"). As clients usually don't set the X-Forwarded-For header "transparent" (e.g. don't touch existing header send by the client) may be a better default then "on" and a lot better that "delete" (which would simply remove the header from all requests).
In UCS@school the HTTP header is required to determine the browsers IP address. The option should be set via UCR.
As mentioned in http://www.squid-cache.org/Doc/config/forwarded_for/ valid values for the "forwarded_for" option are: "on", "off", "delete", "truncate", "transparent". Please use the UCR variable "squid/forwardedfor". The default should be "off" and only be set, if the variable is unset: "ucr set squid/forwardedfor?off"
Added squid/forwardedfor to univention-squid (default off) in errata3.2-2. YAML: 2014-05-09-univention-squid.yaml
If the variable is unset, no value is written to the config file and creates an invalid configuration. → print "forwarded_for %s" % configRegistry.get("squid/forwardedfor", "") I think, the default should be "off" instead of "". → REOPENED
fixed
OK: code change OK: default value OK: UCR description OK: YAML file
http://errata.univention.de/ucs/3.2/157.html