On Wed, 10 Nov 2004, Chris Robertson wrote:
> Surfing direct, I was able to hit the site with three browsers (K-Meleon
> 0.8.2, Mozilla 1.7.3 and IE 5.5 all on Windows 2000 Pro). Using the proxy
> (and K-Meleon), I experienced the same problems as the original poster (the
> browser just spins). Letting the browser spin until the Squid timeout is
> reached results in a browser error (The connection to www.iisplus0.ch has
> terminated unexpectedly. Some data may have been transferred.). Using a
> parent, the access.log shows a TCP_MISS/000 in the child TCP_MISS/200 in the
> parent. Using squid direct shows TCP_MISS/200. The number following is
> always 2535 (i.e. ...TCP_MISS/200 2535...).
Very much sounds like a malfunctioning/misconfigured firewall or IDS at
the site in question, killing sessions mid-way.
Have seen a couple of these over the years. Quite annoying. Seems people
only test their firewalls and IDS configurations using one version of MSIE
on one version of Windows, later failing when someone uses a different
browser or OS either due to slight differences in how the browser sends
the request or what TCP/IP options the OS implements.
A very frequent cause of the above type of symtomps is firewalls either
not understanding the TCP window scale option, or not implementing it
correctly. Several of the major firewall vendors have had embarrasing
bugs in this area. If you use Linux you can detect if this is the case by
disabling the window scaling support (echo 0
>/proc/sys/net/ipv4/tcp_window_scaling). If it starts working after this
then you know for certain the site runs a broken firewall which fails with
any modern OS on client and server.
Regards
Henrik
Received on Wed Nov 10 2004 - 14:53:30 MST
This archive was generated by hypermail pre-2.1.9 : Wed Dec 01 2004 - 12:00:01 MST