As a workaround (thanks to Radoslaw, who came up with the idea) I have
done this:
I added an entry for www.citibank.com pointing to the working server
ip into /etc/hosts, then added "hosts_file /etc/hosts" into
squid.conf.
It works for the time being, but is not a final solution.
"UNIX is very simple, it just needs a genius to understand its simplicity."
-- Dennis Ritchie, D.E.P.
On Wed, Nov 9, 2011 at 9:54 PM, feralert <feralert_at_gmail.com> wrote:
> Thanks Amos,
>
> A dig to www.citibank.com gives two different ips, changing one for
> the other after a short period of time, one of them works fine and
> squid 2.7 is able to get the page and the other one fails.
>
> Using tcpdump I have taken captures for both, while using debian
> package for squid 2.7.stable9, these are the results:
>
> In both of them squid sends a "GET HTTP/1.0":
>
> 1) The one that works replays with a "HTTP/1.1 301 Moved
> Permanently", that TCP session is close and another one is open squid
> now asking for the new URL, finally being able to retrieve it and
> serve it fine.
>
> 2) The other one doesnt reply at all to the inital "GET HTTP/1.0"
> petition and therefore there are a few TCP retransmissions of it until
> it receives a FIN,ACK packet from the server.
>
> I tried the same but using squid 3.1.6 instead, again in both servers,
> and it works in both!. The difference being that squid 3.1 instead of
> sending a"GET HTTP/1.0" sends a "GET HTTP/1.1", getting the "HTTP/1.1
> 301" response in both cases. So, to the light of these results, is
> seems that the second server (the one that fails) does not
> understand/talk HTTP/1.0, dont you think? is this possible?.
>
>
> Thank you,
> Fred.
>
>
>
> "UNIX is very simple, it just needs a genius to understand its simplicity."
> -- Dennis Ritchie, D.E.P.
>
>
>
> On Wed, Nov 9, 2011 at 5:37 AM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>> On 9/11/2011 12:29 a.m., feralert wrote:
>>>
>>> Hi all,
>>>
>>> I'm new on the list so hi everyone and please do excuse my english.
>>>
>>> And now down to bussiness :)
>>>
>>> Im having trouble accessing www.citibank.com with squid 2.7. I'm
>>> actually trying from two different platforms (Debian Lenny linux box
>>> running 2.7.STABLE3 and NetBSD running 2.7.STABLE7), using different
>>> connections to the internet and both getting weird results.
>>>
>>>
>>> * ) With the NetBSD machine:
>>>
>>> What i usually get in the browser is a " (110) Connection timed out",
>>> and a "TCP_MISS/504" in the servers logs.
>>>
>>>> While trying to retrieve the URL: http://www.citibank.com/
>>>> The following error was encountered:
>>>> Connection to 192.193.219.58 Failed
>>>> The system returned:
>>>> (110) Connection timed out
>>>> The remote host or network may be down. Please try the request again.
>>>
>>> 03:16:39 120355 10.5.5.236 TCP_MISS/504 1454 GET
>>> http://www.citibank.com/ - DIRECT/192.193.219.58 text/html
>>>
>>>
>>> But sometimes (ina very few rare occasions) it gets through and I see
>>> the following:
>>>
>>> 1320746405.173 15615 10.5.5.236 TCP_MISS/200 6985 CONNECT
>>> metrics1.citibank.com:443 - DIRECT/63.140.40.2 -
>>>
>>> And in the browser I see that I get redirected to
>>> "https://online.citibank.com/US/Welcome.c". From there on I have no
>>> trouble surfing the website. Also, if I try go directly to
>>> "https://online.citibank.com" works every time.
>>>
>>>
>>>
>>> * ) With the linux one:
>>>
>>> With this one I never gotten through (maybe I havent tried as many
>>> times), I also get the "Connection timed out" and "TCP_MISS/504", and
>>> also a"Zero Sized Reply" and a "TCP_MISS/502":
>>>
>>> The browser shows:
>>>
>>>> While trying to retrieve the URL: http://www.citibank.com/
>>>> The following error was encountered:
>>>> Zero Sized Reply
>>>> Squid did not receive any data for this request.
>>>
>>> And in the logs I get:
>>> 03:01:03 150396 10.5.5.236 TCP_MISS/502 1334 GET
>>> http://www.citibank.com/ - DIRECT/192.193.103.222 text/html
>>> 03:03:35 151215 10.5.5.236 TCP_MISS/504 1477 GET
>>> http://www.citibank.com/favicon.ico - DIRECT/192.193.103.222 text/html
>>>
>>>
>>
>> These seems to be all symptoms of either TCP connection setup problems or
>> ICMP blocking. The "Zero Sized Reply" hints that it is more likely MTU
>> problems and ICMP blocking somewhere. Where Squid can locate and send data
>> to the server, but nothing comes back (ie the packet sent was too big, but
>> the ICMP reply telling the Squid machine to send smaller packts never got
>> delivered).
>>
>> Amos
>>
>
Received on Thu Nov 10 2011 - 15:16:41 MST
This archive was generated by hypermail 2.2.0 : Fri Nov 11 2011 - 12:00:02 MST