Re: [squid-users] PROBLEM ACCESS JSP PAGE

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 11 Mar 2011 20:22:36 +1300

On 11/03/11 10:20, Oscar Andrés Eraso Moncayo wrote:
> Hi, I set forwarded_for on, in the squid.conf, and I have not been successful, the page displays the same error message.
>

Okay, that worked for me. The alternative to strip it completely may
still work for you.

If both methods fail there us nothing Squid can do.

Amos

> From: Amos Jeffries>
>
> cc'ing the site webmaster in on this.
> Although hopefully they are reading their logs and see all the crashes I
> just caused while testing.
>

For the record:
  Sadly this attempt at reporting the problem bounced. They seem not to
have the required webmaster@ contact address active.

>
> On 10/03/11 16:14, Oscar Andrés Eraso Moncayo wrote:
>> Hi, the website is not broken, is ok,
>>
>
> The website is an executable program written in Java code. It crashed
> due to some text being received. I call that broken.
>
> "The full stack trace of the root cause is available in the Apache
> Tomcat/6.0.16 logs."
>
>
> This website does not pass the trivial HTTP connectivity test:
>
> ## telnet www.minminas.gov.co 80
> Trying 190.90.9.227...
> Connected to www.minminas.gov.co.
> Escape character is '^]'.
> GET /minminas/ HTTP/1.1
> Host: www.minminas.gov.co
>
> HTTP/1.1 500 Internal Server Error
> Date: Thu, 10 Mar 2011 04:28:20 GMT
> Server: Apache/2.2.11 (Win32) mod_jk/1.2.28
> Content-Length: 1259
> Connection: close
> Content-Type: text/html;charset=utf-8
>
> <elided error page>
>
>
>> the website is accessed fine without proxy setting in the browser.
>
> Due to the website having been tested and debugged with a web browser no
> doubt. This means only that it works for a browser when directly
> connected to the website.
> I just spent an hour testing potential workarounds. The number of
> things which die stating "NullPointerEception" is horribly large.
>
> I found that it dies with your error if the X-Forwarded-For header
> exists but contains "unknown".
>
> That text is sent when you configure "forwarded_for off" in
> squid.conf. The site works if XFF contains a valid IPv4-only address, or
> does not exist at all. It dies if any non-IPv4 address or ultipel
> addresses are sent. So any IPv6 clients you have behind Squid cannot get
> a response despite Squid doing the v6->v4 conversion.
>
> In summary:
>
> If you only have IPv4 clients:
> forwarded_for on
>
> If you have any IPv6 clients:
> acl deadGovt dstdomain .minminas.gov.co
> request_header_acecss X-Forwarded-For deny deadGovt
>
> (until the site gets fixed or you get squid-3.2 which does
> "forwarded_for delete").
>
>
> It also dies horribly if you omit/anonymize the browser type header or
> several other common headers. Which may be a problem if you tried
> setting up Squid as an "anonymous" proxy.
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE9 or 3.1.11
> Beta testers wanted for 3.2.0.5

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.11
   Beta testers wanted for 3.2.0.5
Received on Fri Mar 11 2011 - 07:22:59 MST

This archive was generated by hypermail 2.2.0 : Fri Mar 11 2011 - 12:00:01 MST