This is a more technical post than usual, but this has been driving me nuts, and I wanted to document it in case others run into the same issue.

PHP's cURL implementation sends an Expect: 100-continue header when you use it to send a POST call over a certain size.

Squid, ever the diligent proxy, looks for well-formed requests, and will throw an HTTP 417 error if it gets that header but the call is malformed. Edit: it also can't handle the header at all in incoming requests if you're using anything earlier than Squid 3.2.

cURL malforms the call (or extra behavior is required and documented, but I haven't seen anything yet).

The result is that running an API behind Squid that is used by PHP cURL clients may cause unforeseen 417 errors.

How to fix it

A widely accepted fix is to tell cURL to send a blank "Expect:" error. That does solve the issue from one side, but it's half the problem. What happens if you can't control the incoming cURL libraries?

It turns out that Squid has a setting called ignore_expect_100 which is off by default. Add "ignore_expect_100" to your squid.conf file, restart Squid, and you should be good to go.