[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: APT do not work with Squid as a proxy because of pipelining default

Bjørn Mork <bjorn@mork.no> writes:

> Pierre Habouzit <madcoder@madism.org> writes:
>> On Wed, May 19, 2010 at 10:42:55AM +0200, Bjørn Mork wrote:
>>> 2) http proxy servers cannot always process pipelined requests due to
>>>    the complexity this adds (complexity is always bad for security), and
>> This is bullshit. It's *VERY* easy to "support" pipelining: parse one
>> request at a time, and until you're done with a given request, you just
>> stop to watch the socket/file-descriptor for reading (IOW you let the
>> consecutive request live in the kernel buffers).

Or user space buffers. You would not want to parse the requests by using
read(fd, buf, 1).

> Yeah, you make it sound easy.  I'm sure those writing proxy servers are
> just stupid.
> Bjørn

It is that easy. For a proxy call it de-pipeline-isation. In a proxy
this behaviour would destroy the benefit of pipelining. But not the data.

The hard part is writing the proxy so that it still pipelines the
requests to the server. There you get the increased complexity for
security and bandwith limiting. But that is not required for HTTP/1.1
conformance and an actually working setup.


Reply to: