[squid-users] Problems posting form data using IE6

From: J Beris <J.Beris@dont-contact.us>
Date: Thu, 27 Sep 2007 13:09:02 +0200

Hello everyone,

Some users at our site are having difficulty using websites with forms
which they need to fill in when they use IE6. Connecting to the same
sites with Firefox works as expected. We are using Squid 2.6.STABLE6-0.6
on an openSUSE 10.2 machine (rpm package, not built from source).

The problem with IE is that users experience time-outs when trying to
post data entered in forms. The information is saved at the site though,
as completing the same form with the same data again, results in an
error that there already exists such a record.

The strange thing is that the user gets the default IE error page for a
time-out, not the Squid error page for a time-out.

In access.log, the following is logged:

1190878061.492 31383 10.254.202.86 TCP_MISS/302 487 POST
http://www.ckb-online.nl/Dossierbeheer/AanmakenDossier.aspx jbs
DIRECT/213.206.93.222 text/html

1190878061.543 0 10.254.202.86 TCP_DENIED/407 2020 GET
http://www.ckb-online.nl/ErrPage.aspx - NONE/- text/html

1190878061.546 0 10.254.202.86 TCP_DENIED/407 2197 GET
http://www.ckb-online.nl/ErrPage.aspx - NONE/- text/html

1190878071.347 9802 10.254.202.86 TCP_MISS/302 487 GET
http://www.ckb-online.nl/ErrPage.aspx jbs DIRECT/213.206.93.222
text/html

1190878071.350 0 10.254.202.86 TCP_DENIED/407 2020 GET
http://www.ckb-online.nl/ErrPage.aspx - NONE/- text/html

1190878071.353 0 10.254.202.86 TCP_DENIED/407 2197 GET
http://www.ckb-online.nl/ErrPage.aspx - NONE/- text/html

1190878075.893 4540 10.254.202.86 TCP_MISS/302 487 GET
http://www.ckb-online.nl/ErrPage.aspx jbs DIRECT/213.206.93.222
text/html

1190878075.896 0 10.254.202.86 TCP_DENIED/407 2020 GET
http://www.ckb-online.nl/ErrPage.aspx - NONE/- text/html

1190878075.898 0 10.254.202.86 TCP_DENIED/407 2197 GET
http://www.ckb-online.nl/ErrPage.aspx - NONE/- text/html

1190878080.430 4532 10.254.202.86 TCP_MISS/302 487 GET
http://www.ckb-online.nl/ErrPage.aspx jbs DIRECT/213.206.93.222
text/html

1190878080.433 0 10.254.202.86 TCP_DENIED/407 2020 GET
http://www.ckb-online.nl/ErrPage.aspx - NONE/- text/html

1190878080.435 0 10.254.202.86 TCP_DENIED/407 2197 GET
http://www.ckb-online.nl/ErrPage.aspx - NONE/- text/html

1190878089.600 9164 10.254.202.86 TCP_MISS/302 487 GET
http://www.ckb-online.nl/ErrPage.aspx jbs DIRECT/213.206.93.222
text/html

1190878089.603 0 10.254.202.86 TCP_DENIED/407 2020 GET
http://www.ckb-online.nl/ErrPage.aspx - NONE/- text/html

1190878089.605 0 10.254.202.86 TCP_DENIED/407 2197 GET
http://www.ckb-online.nl/ErrPage.aspx - NONE/- text/html

1190878094.224 4620 10.254.202.86 TCP_MISS/302 487 GET
http://www.ckb-online.nl/ErrPage.aspx jbs DIRECT/213.206.93.222
text/html

 The odd thing is that the user never gets to see the error page from
the server (see the line above). It just sits there and eventually times
out or just waits forever. The TCP_DENIED/407 seems to have to do with
authentication, which is a bit odd, since the proxy is configured to not
allow cache access without authentication. We use Samba/Winbind to
authenticate users to Active Directory.

With Firefox, I find the following lines in access.log:

1190879182.880 186 10.254.202.86 TCP_MISS/200 21291 GET
http://www.ckb-online.nl/WebResource.axd?d=vZzctey8hqFdK6AGNq0DGA2&t=633
201894100625000 jbs DIRECT/213.206.93.222 application/x-javascript

1190879183.145 265 10.254.202.86 TCP_MISS/200 21834 GET
http://www.ckb-online.nl/WebResource.axd?d=Wz_7lZQTVD_jDQGtPmKFCZE3OVMIf
bIM0FibHEhB2e41&t=633201894100625000 jbs DIRECT/213.206.93.222
application/x-javascript

1190879185.829 579 10.254.202.86 TCP_MISS/302 598 POST
http://www.ckb-online.nl/Dossierbeheer/Dossier.aspx?DossierID=3361 jbs
DIRECT/213.206.93.222 text/html

1190879186.099 271 10.254.202.86 TCP_MISS/200 23829 GET
http://www.ckb-online.nl/Dossierbeheer/BeheerChecklist.aspx?Dossier=3361
jbs DIRECT/213.206.93.222 text/html

1190879186.145 204 10.254.202.86 TCP_MISS/200 21291 GET
http://www.ckb-online.nl/WebResource.axd?d=vZzctey8hqFdK6AGNq0DGA2&t=633
201894100625000 jbs DIRECT/213.206.93.222 application/x-javascript

1190879186.291 146 10.254.202.86 TCP_MISS/200 21834 GET
http://www.ckb-online.nl/WebResource.axd?d=Wz_7lZQTVD_jDQGtPmKFCZE3OVMIf
bIM0FibHEhB2e41&t=633201894100625000 jbs DIRECT/213.206.93.222
application/x-javascript
1190879195.774 524 10.254.202.86 TCP_MISS/200 24411 POST
http://www.ckb-online.nl/Dossierbeheer/BeheerChecklist.aspx?Dossier=3361
jbs DIRECT/213.206.93.222 text/html

1190879195.957 264 10.254.202.86 TCP_MISS/200 21291 GET
http://www.ckb-online.nl/WebResource.axd?d=vZzctey8hqFdK6AGNq0DGA2&t=633
201894100625000 jbs DIRECT/213.206.93.222 application/x-javascript

1190879196.167 210 10.254.202.86 TCP_MISS/200 21834 GET
http://www.ckb-online.nl/WebResource.axd?d=Wz_7lZQTVD_jDQGtPmKFCZE3OVMIf
bIM0FibHEhB2e41&t=633201894100625000 jbs DIRECT/213.206.93.222
application/x-javascript

1190879198.549 1299 10.254.202.86 TCP_MISS/200 25494 POST
http://www.ckb-online.nl/Dossierbeheer/BeheerChecklist.aspx?Dossier=3361
jbs DIRECT/213.206.93.222 text/html

1190879198.663 202 10.254.202.86 TCP_MISS/200 21291 GET
http://www.ckb-online.nl/WebResource.axd?d=vZzctey8hqFdK6AGNq0DGA2&t=633
201894100625000 jbs DIRECT/213.206.93.222 application/x-javascript

1190879198.880 216 10.254.202.86 TCP_MISS/200 21834 GET
http://www.ckb-online.nl/WebResource.axd?d=Wz_7lZQTVD_jDQGtPmKFCZE3OVMIf
bIM0FibHEhB2e41&t=633201894100625000 jbs DIRECT/213.206.93.222
application/x-javascript

1190879201.519 266 10.254.202.86 TCP_MISS/302 582 POST
http://www.ckb-online.nl/Dossierbeheer/BeheerChecklist.aspx?Dossier=3361
jbs DIRECT/213.206.93.222 text/html

These seem like normal transaction lines to me.

When I allow the user to bypass the proxy and go directly to the site
with IE6, the site works as intended.

I have added the following acl statement to squid.conf to try and solve
this matter, but it doesn't seem to solve the problem:
acl CKBONLINE dstdomain .ckb-online.nl
always_direct allow CKBONLINE

So my question is, is there a setting I need to tweak for IE6 to start
working with these sites? Since it works with Firefox, my guess is that
IE6 does something that Squid does not like. Any ideas?

Kind regards,

Joop Beris

------------------------------------------------------------
Dit bericht is gescand op virussen en andere gevaarlijke
inhoud door MailScanner en lijkt schoon te zijn.
Mailscanner door http://www.prosolit.nl
Professional Solutions fot IT
Received on Thu Sep 27 2007 - 05:09:26 MDT

This archive was generated by hypermail pre-2.1.9 : Mon Oct 01 2007 - 12:00:03 MDT