Skip to main content

HTTP 417 error with Squid Proxies

Issue

In environments where there is a Squid proxy present, when trying to communicate with the SecureAuth IdP cloud, an HTTP 417 error is generated. Many applications (including SecureAuth IdP) rely on using a special HTTP/1.1 header (Expect: 100-continue) when doing a POST. Unfortunately this behavior is not fully supported by the Squid proxy which results in the 417 error.

Applies to: SecureAuth IdP

Discussion

As stated in RFC2616:

"The purpose of the 100 (Continue) status (see section 10.1.1) is to allow a client that is sending a request message with a request body to determine if the origin server is willing to accept the request (based on the request headers) before the client sends the request body. In some cases, it might either be inappropriate or highly inefficient for the client to send the body if the server will reject the message without looking at the body."

Workaround

This issue can be mitigated by adding the following directive to thesquid.conffile:

ignore_expect_100 on

This will instruct Squid to ignore the request header.