From: SourceForge.net <no...@so...> - 2008-05-24 02:20:25
|
Bugs item #1821930, was opened at 2007-10-28 23:25 Message generated for change (Comment added) made by sf-robot You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=111118&aid=1821930&group_id=11118 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: funct: filtering Group: None >Status: Closed Resolution: Fixed Priority: 5 Private: No Submitted By: Lee (ler762) Assigned to: Fabian Keil (fabiankeil) Summary: nothing shown for http://www.security-labs.org/ Initial Comment: I followed a link to http://www.security-labs.org/ and nothing was displayed. Changed the browser proxy config to direct connect and got Bad Request Your browser sent a request that this server could not understand. Reason: You're speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URL, please. Hint: https://gotham-city.org/ I tried adding debug 64 to the config & reloading the page - the log didn't show any filter matches so I don't think it's one of my filters blocking it. Is this a problem with Privoxy or just a problem with how I've configured it? I'm usinng Win XP + Privoxy 3.0.7 from cvs: $Id: actions.h,v 1.16 2007/04/17 18:21:45 fabiankeil Exp $ $Id: actions.c,v 1.40 2007/05/21 10:26:50 fabiankeil Exp $ $Id: cgi.h,v 1.33 2007/01/28 13:41:17 fabiankeil Exp $ $Id: cgi.c,v 1.100 2007/10/17 18:40:53 fabiankeil Exp $ $Id: cgiedit.h,v 1.9 2006/07/18 14:48:45 david__schmidt Exp $ $Id: cgiedit.c,v 1.57 2007/10/27 13:32:23 fabiankeil Exp $ $Id: cgisimple.h,v 1.15 2007/01/23 15:51:17 fabiankeil Exp $ $Id: cgisimple.c,v 1.60 2007/10/27 13:12:13 fabiankeil Exp $ $Id: cygwin.h,v 1.6 2006/07/18 14:48:45 david__schmidt Exp $ $Id: deanimate.h,v 1.11 2007/01/12 15:41:00 fabiankeil Exp $ $Id: deanimate.c,v 1.17 2007/08/05 13:42:22 fabiankeil Exp $ $Id: encode.h,v 1.8 2007/08/18 14:34:27 fabiankeil Exp $ $Id: encode.c,v 1.13 2007/08/18 14:34:27 fabiankeil Exp $ $Id: errlog.h,v 1.19 2007/10/14 14:12:41 fabiankeil Exp $ $Id: errlog.c,v 1.57 2007/10/27 13:02:26 fabiankeil Exp $ $Id: filters.h,v 1.31 2007/10/19 16:53:28 fabiankeil Exp $ $Id: filters.c,v 1.96 2007/10/19 16:53:28 fabiankeil Exp $ $Id: gateway.h,v 1.9 2006/07/18 14:48:46 david__schmidt Exp $ $Id: gateway.c,v 1.21 2007/07/28 12:30:03 fabiankeil Exp $ $Id: jbsockets.h,v 1.12 2006/07/18 14:48:46 david__schmidt Exp $ $Id: jbsockets.c,v 1.45 2007/09/30 16:59:22 fabiankeil Exp $ $Id: jcc.h,v 1.22 2007/06/01 18:16:36 fabiankeil Exp $ $Id: jcc.c,v 1.155 2007/10/23 20:12:45 fabiankeil Exp $ $Id: killpopup.h,v 1.10 2006/07/18 14:48:46 david__schmidt Exp $ $Id: killpopup.c,v 1.18 2006/07/18 14:48:46 david__schmidt Exp $ $Id: list.h,v 1.15 2007/04/17 18:14:06 fabiankeil Exp $ $Id: list.c,v 1.20 2007/05/14 16:56:07 fabiankeil Exp $ $Id: loadcfg.h,v 1.13 2006/07/18 14:48:46 david__schmidt Exp $ $Id: loadcfg.c,v 1.69 2007/10/27 13:02:27 fabiankeil Exp $ $Id: loaders.h,v 1.22 2007/06/01 14:12:38 fabiankeil Exp $ $Id: loaders.c,v 1.64 2007/06/01 14:12:38 fabiankeil Exp $ $Id: miscutil.h,v 1.29 2007/09/09 18:20:20 fabiankeil Exp $ $Id: miscutil.c,v 1.54 2007/09/19 20:28:37 fabiankeil Exp $ $Id: parsers.h,v 1.40 2007/08/11 14:47:26 fabiankeil Exp $ $Id: parsers.c,v 1.114 2007/10/19 16:56:26 fabiankeil Exp $ $Id: pcrs.c,v 1.29 2007/09/22 16:17:19 fabiankeil Exp $ $Id: pcrs.h,v 1.16 2007/04/30 15:02:19 fabiankeil Exp $ $Id: project.h,v 1.100 2007/09/02 13:42:11 fabiankeil Exp $ $Id: ssplit.h,v 1.7 2006/07/18 14:48:47 david__schmidt Exp $ $Id: ssplit.c,v 1.8 2006/07/18 14:48:47 david__schmidt Exp $ $Id: urlmatch.h,v 1.8 2007/09/02 15:31:20 fabiankeil Exp $ $Id: urlmatch.c,v 1.20 2007/09/02 15:31:20 fabiankeil Exp $ $Id: w32log.h,v 1.12 2006/07/18 14:48:48 david__schmidt Exp $ $Id: w32log.c,v 1.27 2006/07/18 14:48:48 david__schmidt Exp $ $Id: w32res.h,v 1.15 2006/07/18 14:48:48 david__schmidt Exp $ $Id: w32taskbar.h,v 1.6 2006/07/18 14:48:48 david__schmidt Exp $ $Id: w32taskbar.c,v 1.10 2006/09/23 13:26:38 roro Exp $ $Id: win32.h,v 1.7 2006/07/18 14:48:48 david__schmidt Exp $ $Id: win32.c,v 1.13 2007/01/31 16:25:24 fabiankeil Exp $ ---------------------------------------------------------------------- >Comment By: SourceForge Robot (sf-robot) Date: 2008-05-23 19:20 Message: Logged In: YES user_id=1312539 Originator: NO This Tracker item was closed automatically by the system. It was previously set to a Pending status, and the original submitter did not respond within 14 days (the time period specified by the administrator of this Tracker). ---------------------------------------------------------------------- Comment By: Fabian Keil (fabiankeil) Date: 2008-05-09 13:01 Message: Logged In: YES user_id=875547 Originator: NO Should be fixed in CVS now. I took the "we send an error message to the client" approach because it was both easier to implement and less likely to cause regressions. I wouldn't mind reviewing patches that implement the other one, but doing it right isn't trivial (for example you don't want to skip filtering) and I personally don't think it's worth the time. ---------------------------------------------------------------------- Comment By: Lee (ler762) Date: 2007-11-11 11:40 Message: Logged In: YES user_id=1924122 Originator: YES > I think the "we won't transmit anything to the client" part > is a bit unreasonable and should be changed into either > "we forward the mess unmodified", or "we send an error message > to the client", I like the "we forward the mess unmodified" option so that the page is displayed the same way with and without Privoxy. > but as far as I'm concerned this can wait until > the next stable release is out. sure - and thanks for figuring out what was going on with that site. Lee ---------------------------------------------------------------------- Comment By: Fabian Keil (fabiankeil) Date: 2007-11-11 08:54 Message: Logged In: YES user_id=875547 Originator: NO This is a side effect of the MS IIS5 hack: fk@TP51 ~/test/privoxy/current $grep -A 17 -n Normally jcc.c 2448: /* Normally, this would indicate that we've read 2449- * as much as the server has sent us and we can 2450- * close the client connection. However, Microsoft 2451- * in its wisdom has released IIS/5 with a bug that 2452- * prevents it from sending the trailing \r\n in 2453- * a 302 redirect header (and possibly other headers). 2454- * To work around this if we've haven't parsed 2455- * a full header we'll append a trailing \r\n 2456- * and see if this now generates a valid one. 2457- * 2458- * This hack shouldn't have any impacts. If we've 2459- * already transmitted the header or if this is a 2460- * SSL connection, then we won't bother with this 2461- * hack. So we only work on partially received 2462- * headers. If we append a \r\n and this still 2463- * doesn't generate a valid header, then we won't 2464- * transmit anything to the client. 2465- */ I think the "we won't transmit anything to the client" part is a bit unreasonable and should be changed into either "we forward the mess unmodified", or "we send an error message to the client", but as far as I'm concerned this can wait until the next stable release is out. For now I simply added a log message. BTW. disabling content filters works around the problem. ---------------------------------------------------------------------- Comment By: Hal Burgiss (hal9) Date: 2007-11-05 03:35 Message: Logged In: YES user_id=322640 Originator: NO Well, this may be a unique case where a server is so broken it doesn't send any headers at all. That seems to be the case, and yes, it looks like privoxy mistakes the complete absence of server headers for something resembling standards compliance, and starts parsing the html head as server headers. I am going to flip this into a bug report and see if Fabian thinks this needs to be dealt with. Thanks for the report BTW. ---------------------------------------------------------------------- Comment By: Lee (ler762) Date: 2007-11-05 01:12 Message: Logged In: YES user_id=1924122 Originator: YES Does Privoxy get confused if it doesn't see a response code or throw away responses it thinks are invalid? I looked at it again & I don't see any http response code coming back from the server: Connect: to www.security-labs.org successful Header: scan: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> Header: scan: <html><head> Header: scan: <title>400 Bad Request</title> Header: scan: </head><body> Header: scan: <h1>Bad Request</h1> Header: scan: <p>Your browser sent a request that this server could not understand.<br /> Header: scan: Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Header: scan: Instead use the HTTPS scheme to access this URL, please.<br /> Header: scan: <blockquote>Hint: <a href="https://gotham-city.org/"><b>https://gotham-city.org/</b></a></blockquote></p> Header: scan: </body></html> Header: Adding: Connection: close It looks like Privoxy thinks everything is part of the header and isn't passing the data back to the browser. ---------------------------------------------------------------------- Comment By: Lee (ler762) Date: 2007-10-30 09:47 Message: Logged In: YES user_id=1924122 Originator: YES As far as I'm concerned, this should have been filed as a bug report. But when I went to create a bug report I got this msg: Please report only software bugs here. Report configuration issues, such as sites that don't work properly or ads that slipped through to the Actions file tracker Actions File Tracker Since this is a "site doesn't work properly" problem I did the action file tracker bit instead. > I think the error message means they are insisting you use https as > opposed to http protocol. Right - but the issue is that using Privoxy, I didn't see anything displayed in my web browser after clicking on the http://www.security-labs.org/ link. I tried changing my browser to not use Privoxy and clicked on the same link again. That's when I got the 'Bad Request' message displayed in the browser. Why don't I see that error message if I'm using Privoxy? ---------------------------------------------------------------------- Comment By: Hal Burgiss (hal9) Date: 2007-10-29 03:31 Message: Logged In: YES user_id=322640 Originator: NO I think the error message means they are insisting you use https as opposed to http protocol. So try https://www.security-labs.org/. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=111118&aid=1821930&group_id=11118 |