Re: [squid-users] NEGATIVE_HIT & TCP_IMS_HIT from Henrik Nordstrom on 2003-06-06 (squid-users)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 6 Jun 2003 09:24:18 +0200

On Friday 06 June 2003 08.10, Dean Wolmarans \(Border Internet\)
wrote:
> I get the following errors in the access file when I try to access
> a bank site that runs java
>
> 1054818135.567 0 127.0.0.1 TCP_NEGATIVE_HIT/404 542 GET
> http://www.whatever.com
> but.class masanaboj NONE/- text/html

This is a file which was not found on the web server in the prior
request.

If you think this is related to the problem then you can try disabling
negative caching in Squid. See squid.conf.

> 1054818164.223 14 127.0.0.1 TCP_IMS_HIT/304 208 GET
> http://www.whatever.com masanaboj NONE/- text/html
>
> The site just freezes and will not load the java script and allow
> the client to log on. The bank says that ports 1500 -1510 must be
> open , and they are.

Such applications is always fishy via proxies. The reason is because
these "ports that must be open" usually indicates traffic which is
not HTTP based and instead direct communication between a client
program (either binary or Java appled) and the server.

If you have a network where the proxy must be used then these
applications usually can't be made to work unless redesigned to use
the browser to connect to these ports via the CONNECT method rather
than connecting directly, and the proxy reconfigured to allow CONNECT
to these ports. This does not seem to be your case, as in such case
the CONNECT request will be logged in Squid access.log even if
denied.

If you have a network where the client stations can connect directly
to these ports at the requested server then it might be a issue of
reconfiguring the browsers to allow Java applets downloaded via a
proxy to connect to the network. Some web browsers deny this by
default when using a proxy unless the applet is signed for direct
network access.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com

Received on Fri Jun 06 2003 - 01:23:27 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:16 MST