[squid-users] Squid and java.io.IOException: open HTTP connection failed

Hi all,

We are having a problem with Squid and a Java applet in one of our
in-house developed application. I've gone through the FAQ and searched
through the mailing lists but I didn't find anything to remedy the
problem. I'm using Squid 3.0.STABLE8, the version that comes with
Debian Lenny.

The issue is with a url with a .jsp file that takes certain parameters
and launches a Java applet to upload a file from the client computer.
We've recently switched from a iptables-only gateway to a new gateway
with iptables+Squid, and that's when the issue started. The Java
version used on the client computers is 1.6.

There is no authentication and squid is set to work transparently.
I've set an iptables rule that redirets all traffic to port 80 to port
3128 of Squid.

When someone tries to access the URL, the Java console comes up with this error:

cargar: clase com.zetti.web.util.FileUploader.class no encontrada.
java.lang.ClassNotFoundException: com.zetti.web.util.FileUploader.class
 at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
 at java.lang.ClassLoader.loadClass(Unknown Source)
 at java.lang.ClassLoader.loadClass(Unknown Source)
 at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
 at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
 at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown
Source)
 at java.lang.Thread.run(Unknown Source)
Caused by: java.io.IOException: open HTTP connection
failed:http://ftweb-azul.zetti.com.ar/com/zetti/web/util/FileUploader/class.class
 at sun.plugin2.applet.Applet2ClassLoader.getBytes(Unknown Source)
 at sun.plugin2.applet.Applet2ClassLoader.access$000(Unknown Source)
 at sun.plugin2.applet.Applet2ClassLoader$1.run(Unknown Source)
 at java.security.AccessController.doPrivileged(Native Method)
 ... 7 more
Excepción: java.lang.ClassNotFoundException:
com.zetti.web.util.FileUploader.class

The squid logs for the connection attempt show the following (the
domain is different because the app is hosted in three different
servers, but it's exactly the same):

1263992196.949 140 192.168.1.33 TCP_MISS/302 512 GET
http://ftweb.ipg.com.ar/upload.jsp? - DIRECT/200.82.80.242 text/plain
1263992197.097 10 192.168.1.33 TCP_MISS/200 2047 GET
http://ftweb.ipg.com.ar/upload.jsp? - DIRECT/200.82.80.242 text/html
1263992197.211 8 192.168.1.33 TCP_MISS/304 306 GET
http://ftweb.ipg.com.ar/css/bodystyleIPG.css - DIRECT/200.82.80.242 -
1263992198.302 6 192.168.1.33 TCP_MISS/304 305 GET
http://ftweb.ipg.com.ar/images/logoFTW.gif - DIRECT/200.82.80.242 -
1263992199.935 5 192.168.1.33 TCP_MISS/304 305 GET
http://ftweb.ipg.com.ar/images/03_home.jpg - DIRECT/200.82.80.242 -
1263992199.940 9 192.168.1.33 TCP_MISS/304 305 GET
http://ftweb.ipg.com.ar/images/logitoTrim.gif - DIRECT/200.82.80.242 -
1263992199.987 5 192.168.1.33 TCP_MISS/304 305 GET
http://ftweb.ipg.com.ar/images/04_home.gif - DIRECT/200.82.80.242 -
1263992200.340 5 192.168.1.33 TCP_MISS/304 305 GET
http://ftweb.ipg.com.ar/fileuploader.cab - DIRECT/200.82.80.242 -
1263992200.632 7 192.168.1.33 TCP_MISS/404 910 GET
http://ftweb.ipg.com.ar/favicon.ico - DIRECT/200.82.80.242 text/html
1263992200.813 7 192.168.1.33 TCP_MISS/404 1198 GET
http://ftweb.ipg.com.ar/com/zetti/web/util/FileUploaderBeanInfo.class
- DIRECT/200.82.80.242 text/html
1263992200.901 10 192.168.1.33 TCP_MISS/404 1198 GET
http://ftweb.ipg.com.ar/netscape/security/PrivilegeManager.class -
DIRECT/200.82.80.242 text/html
1263992200.904 0 192.168.1.33 TCP_NEGATIVE_HIT/404 1207 GET
http://ftweb.ipg.com.ar/netscape/security/PrivilegeManager.class -
NONE/- text/html
1263992236.989 32 192.168.1.33 TCP_MISS/302 512 GET
http://ftweb.ipg.com.ar/upload.jsp? - DIRECT/200.82.80.242 text/plain
1263992237.014 10 192.168.1.33 TCP_MISS/200 2049 GET
http://ftweb.ipg.com.ar/upload.jsp? - DIRECT/200.82.80.242 text/html
1263992242.996 12 192.168.1.33 TCP_MISS/404 910 GET
http://ftweb.ipg.com.ar/fileuploader.jar - DIRECT/200.82.80.242
text/html
1263992243.716 698 192.168.1.33 TCP_MISS/404 1198 GET
http://ftweb.ipg.com.ar/fileuploader.jar - DIRECT/200.82.80.242
text/html
1263992243.764 12 192.168.1.33 TCP_MISS/404 1198 GET
http://ftweb.ipg.com.ar/com/zetti/web/util/FileUploader.class -
DIRECT/200.82.80.242 text/html
1263992243.786 12 192.168.1.33 TCP_MISS/404 1198 GET
http://ftweb.ipg.com.ar/com/zetti/web/util/FileUploader/class.class -
DIRECT/200.82.80.242 text/html
1263992246.989 12 192.168.1.33 TCP_MISS/404 910 GET
http://ftweb.ipg.com.ar/favicon.ico - DIRECT/200.82.80.242 text/html

My squid.conf is as follows:

http_port 3128 transparent

access_log /var/log/squid3/access.log squid
cache_log /var/log/squid3/cache.log
cache_store_log /var/log/squid3/store.log

acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 22 # ssh
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

acl lan src 192.168.0.0/22
acl Java browser Java/1.4 Java/1.5 Java/1.6

http_access allow manager localhost
http_access allow localhost
http_access allow lan
http_access allow Java

http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

always_direct allow all

redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf

cache_mgr vbrizuela_at_zetti.com.ar
visible_hostname sphinx

What may I be overlooking here? Any help would be greatly appreciated.

Thanks,

-- 
Victor Javier Brizuela
http://w2bh.com.ar/
BOFH excuse #38:
secretary plugged hairdryer into UPS