On Wed, 10 Nov 2004, Chris Robertson wrote:
Surfing direct, I was able to hit the site with three browsers (K-Meleon 0.8.2, Mozilla 1.7.3 and IE 5.5 all on Windows 2000 Pro). Using the proxy (and K-Meleon), I experienced the same problems as the original poster (the browser just spins). Letting the browser spin until the Squid timeout is reached results in a browser error (The connection to www.iisplus0.ch has terminated unexpectedly. Some data may have been transferred.). Using a parent, the access.log shows a TCP_MISS/000 in the child TCP_MISS/200 in the parent. Using squid direct shows TCP_MISS/200. The number following is always 2535 (i.e. ...TCP_MISS/200 2535...).
Very much sounds like a malfunctioning/misconfigured firewall or IDS at the site in question, killing sessions mid-way.
Have seen a couple of these over the years. Quite annoying. Seems people only test their firewalls and IDS configurations using one version of MSIE on one version of Windows, later failing when someone uses a different browser or OS either due to slight differences in how the browser sends the request or what TCP/IP options the OS implements.
A very frequent cause of the above type of symtomps is firewalls either not understanding the TCP window scale option, or not implementing it correctly. Several of the major firewall vendors have had embarrasing bugs in this area. If you use Linux you can detect if this is the case by disabling the window scaling support (echo 0
/proc/sys/net/ipv4/tcp_window_scaling). If it starts working after thisthen you know for certain the site runs a broken firewall which fails with any modern OS on client and server.
Regards Henrik
