Re: [squid-users] Fwd: failure notice

From: Sean Boran <sean_at_boran.com>
Date: Tue, 11 Jun 2013 22:12:59 +0200

As regards the original post of this thread, after upgrading v3.3.5,
my "zero byte" problems have evaporated.

As regards forwarded_for, I also had it off. However by enabling it
one allows internal addresses to be visible. See:
http://www.squid-cache.org/Doc/config/forwarded_for/
This opens privacy/tracking issues for me. I think it should be left
off, or as suggested below, somehow enabled only for specific sites
you really need.

I don't see what forwarded_for had to do with "zero byte" problems through :-)

Sean

On 7 June 2013 15:50, Ict Security <ict.security.job_at_gmail.com> wrote:
>
> Hello Nuno!
> I think you are great; by removing forwarding_for off it works, and i
> think others site with problems can be resolved!
> I experienced, with some users, some of these problems that, to be
> solved, had to be natted without proxy.
>
> Now i can workaround other cases, and then i will let you know!
> Thank you again, for the moment, very very much!
> Francesco
>
> 2013/6/7 Nuno Fernandes <npf-mlists_at_eurotux.com>:
> >
> > Em Sexta, Junho de 7 de 2013 10:26 WEST, Ict Security
> > <ict.security.job_at_gmail.com> escreveu:
> >
> >> Hello,
> >>
> >> i notice, in Squid 3.1.1 and previous version, some problem when
> >> accessing some websites.
> >>
> >> It happens both on transparent and explicited proxy mode.
> >>
> >> As example, this site cannot be opened behing Squid 3.1.1:
> >> http://www.prefettura.it
> >>
> >> It is a government italian site.
> >> As this, there are some others site, that manifest problems in squid...
> >>
> >> Thank you,
> >> Francesco Collini
> >
> >
> >
> >
> > Do you have "forwarded_for off" in your configuration? If so remove it.
> > That site requires valid forward_for:
> >
> > wget --header='X-Forwarded-For: 192.168.1.1' -S -O /dev/null
> > www.prefettura.it # WORKS
> > wget -S -O /dev/null www.prefettura.it
> > # WORKS
> > wget --header='X-Forwarded-For: unknown' -S -O /dev/null
> > www.prefettura.it # NOT WORKING
> >
> > Maybe they are checking that value.... Better yet is to use header acl
> > to remove that header to that specific site...
> >
> > Best regards,
> > Nuno Fernandes
Received on Tue Jun 11 2013 - 20:13:07 MDT

This archive was generated by hypermail 2.2.0 : Wed Jun 12 2013 - 12:00:17 MDT