Re: [squid-users] Problem with intercept squid and boinc
fre 2006-02-24 klockan 19:04 -0300 skrev Oliver Schulze L.: > I have visited the troubled URL in Firefox: > > http://setiboincdata.ssl.berkeley.edu/sah_cgi/file_upload_handler > > And it seems to look at the user-agent and output a speciall > message if your're using a web browser. > > Maybe squid is changing some headers that setiboinc needs ... If you send me access.log details with "log_mime_hdrs on" from the actual use of this server (wher the 100 problem was seen) then I can easily investigate if this is a broken web server, but I pretty much suspect it is broken.. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] Problem with intercept squid and boinc
I have visited the troubled URL in Firefox: http://setiboincdata.ssl.berkeley.edu/sah_cgi/file_upload_handler And it seems to look at the user-agent and output a speciall message if your're using a web browser. Maybe squid is changing some headers that setiboinc needs ... WIll do some more test Tks Oliver Henrik Nordstrom wrote: ons 2006-02-22 klockan 10:16 -0300 skrev Oliver Schulze L.: and in the problematic squid server I see: 1140566460.404 2060 192.168.2.90 TCP_MISS/100 123 POST http://setiboincdata.ssl.berkeley.edu/sah_cgi/file_upload_handler - DIRECT/66.28.250.125 - What does TCP_MISS/100 mean? As I see, the correct value should be TCP_MISS/200 Correct. You should never see a 100 response code in Squid. This indicates there is something upstream which malfunctions and sends a 100 Continue to your Squid even if the HTTP standard forbids this. Squid is HTTP/1.0, and 100 Continue requires HTTP/1.1. Something upstream ranges from Parent proxy Another intercepting proxy The origin server Regards Henrik -- Oliver Schulze L. <[EMAIL PROTECTED]>
Re: [squid-users] Problem with intercept squid and boinc
ons 2006-02-22 klockan 10:16 -0300 skrev Oliver Schulze L.: > and in the problematic squid server I see: > 1140566460.404 2060 192.168.2.90 TCP_MISS/100 123 POST > http://setiboincdata.ssl.berkeley.edu/sah_cgi/file_upload_handler - > DIRECT/66.28.250.125 - > > What does TCP_MISS/100 mean? As I see, the correct value should be > TCP_MISS/200 Correct. You should never see a 100 response code in Squid. This indicates there is something upstream which malfunctions and sends a 100 Continue to your Squid even if the HTTP standard forbids this. Squid is HTTP/1.0, and 100 Continue requires HTTP/1.1. Something upstream ranges from Parent proxy Another intercepting proxy The origin server Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] Problem with intercept squid and boinc
On 2/22/06, Oliver Schulze L. <[EMAIL PROTECTED]> wrote: > Hi Mark, > I have 2 identical servers (CentOS 4.2), with same squid version and > interception iptables settings. > > I have the same boinc client behind both squid servers, > and in one that work I see: > 1140608197.087 3022 192.168.1.1 TCP_MISS/200 248 POST > http://setiboincdata.ssl.berkeley.edu/sah_cgi/file_upload_handler - > DIRECT/66.28.250.125 text/plain > > and in the problematic squid server I see: > 1140566460.404 2060 192.168.2.90 TCP_MISS/100 123 POST > http://setiboincdata.ssl.berkeley.edu/sah_cgi/file_upload_handler - > DIRECT/66.28.250.125 - > > What does TCP_MISS/100 mean? - Checkout the HTTP status codes in the FAQ : 100Continue I don´t have a reason of thinking for the moment , how this relates to the problem you are experiencing with transparant proxying. M. >As I see, the correct value should be > TCP_MISS/200 > >
Re: [squid-users] Problem with intercept squid and boinc
Hi Mark, I have 2 identical servers (CentOS 4.2), with same squid version and interception iptables settings. I have the same boinc client behind both squid servers, and in one that work I see: 1140608197.087 3022 192.168.1.1 TCP_MISS/200 248 POST http://setiboincdata.ssl.berkeley.edu/sah_cgi/file_upload_handler - DIRECT/66.28.250.125 text/plain and in the problematic squid server I see: 1140566460.404 2060 192.168.2.90 TCP_MISS/100 123 POST http://setiboincdata.ssl.berkeley.edu/sah_cgi/file_upload_handler - DIRECT/66.28.250.125 - What does TCP_MISS/100 mean? As I see, the correct value should be TCP_MISS/200 Many thanks Oliver Mark Elsen wrote: > mmm, didn't that interception has all this problems. I have been using it for years in some client's servers. It does. Do you know how can I debug even further? I'd really stress (advise), that you probably found an application which is broken by using transp. proxying, following the many hola-cola issues mentioned, hence tear-down any further thinking and provide none transparant http access for boinc (when configured to use http proxy). M. -- Oliver Schulze L. <[EMAIL PROTECTED]>
Re: [squid-users] Problem with intercept squid and boinc
I think my problem could be that I use an IP alias for interception. Will do some test, thanks for you comments Mark! Oliver -- Oliver Schulze L. <[EMAIL PROTECTED]>
Re: [squid-users] Problem with intercept squid and boinc
> mmm, didn't that interception has all this problems. I have been using > it for years in some > client's servers. It does. > > Do you know how can I debug even further? I'd really stress (advise), that you probably found an application which is broken by using transp. proxying, following the many hola-cola issues mentioned, hence tear-down any further thinking and provide none transparant http access for boinc (when configured to use http proxy). M.
Re: [squid-users] Problem with intercept squid and boinc
Hi Mark, Sorry about the delay, here is the info: Mark Elsen wrote: Hi, I have configured a squid httpd proxy cache in intercept/transparent mode. The problem I have is that the boinc client from setiathome have problem connecting to its server. - Is boinc configured to use a http proxy (I presume it is) no - What are the messages displayed in it's messages window, when the problems appear. [EMAIL PROTECTED] 1 1140512261 Started upload of 18oc99aa.9079.29009.154x_1_0 [EMAIL PROTECTED] 1 1140512265 Temporarily failed upload of 18oc99aa.9079.xx8.218_1_0: error 500 - What's in squid's access.log for thes boinc requests ? 1140537280.503 2062 192.168.2.90 TCP_MISS/100 123 POST http://setiboincdata.ssl.berkeley.edu/sah_cgi/file_upload_handler - DIRECT/66.28.250.125 - 1140537436.569 1064 192.168.2.90 TCP_MISS/100 123 POST http://setiboincdata.ssl.berkeley.edu/sah_cgi/file_upload_handler - DIRECT/66.28.250.125 - 1140537504.606 2054 192.168.2.90 TCP_MISS/100 123 POST http://setiboincdata.ssl.berkeley.edu/sah_cgi/file_upload_handler - DIRECT/66.28.250.125 - - Anything further in cache.log no, nothing there :( If I disable squid interception, all works fine. My usual anti-interception bible , not that one of the topics mentioned my have bitten you : - Intercepting HTTP breaks TCP/IP standards because user agents think they are talking directly to the origin server. - It causes path-MTU to fail. Possibly making the website not accessible. - As a result for instance on older IE versions ; "reload" did not work as expected. - You can't use proxy authentication - You can't use IDENT lookups - Intercepting proxies are incompatible with IP filtering designed to prevent address spoofing. - Clients are still expected to have full Internet DNS resolving capabilities , when in certain Intranet/Firewalling setups , this is not always wanted. - Related to above : because of transp. proxy setup : suppose a browser connects to a site which is down.HOWEVER , due to the transparant proxying setup. It gets a connected state to the interceptor. The end user may get wrong error messages or a browser, seemingly doing nothing anymore. mmm, didn't that interception has all this problems. I have been using it for years in some client's servers. Do you know how can I debug even further? Many thanks Oliver -- Oliver Schulze L. <[EMAIL PROTECTED]>
Re: [squid-users] Problem with intercept squid and boinc
> Hi, > I have configured a squid httpd proxy cache in intercept/transparent mode. > > The problem I have is that the boinc client from setiathome have problem > connecting to its server. - Is boinc configured to use a http proxy (I presume it is) - What are the messages displayed in it's messages window, when the problems appear. - What's in squid's access.log for thes boinc requests ? - Anything further in cache.log > If I disable squid interception, all works fine. My usual anti-interception bible , not that one of the topics mentioned my have bitten you : - Intercepting HTTP breaks TCP/IP standards because user agents think they are talking directly to the origin server. - It causes path-MTU to fail. Possibly making the website not accessible. - As a result for instance on older IE versions ; "reload" did not work as expected. - You can't use proxy authentication - You can't use IDENT lookups - Intercepting proxies are incompatible with IP filtering designed to prevent address spoofing. - Clients are still expected to have full Internet DNS resolving capabilities , when in certain Intranet/Firewalling setups , this is not always wanted. - Related to above : because of transp. proxy setup : suppose a browser connects to a site which is down.HOWEVER , due to the transparant proxying setup. It gets a connected state to the interceptor. The end user may get wrong error messages or a browser, seemingly doing nothing anymore. > > I see in the access_log from squid that the last request its a POST > > Anyone have seen this problem? How can I debug it. > > Thanks > Oliver >
