Hi again Hans,
At 08:52 a.m. 7/03/2005, H Matik wrote:
On Saturday 05 March 2005 23:41, Reuben Farrelly wrote:
> I think you've misunderstood something quite fundamental about how squid
> works:
>
may be I did not used the exact expressions you like to see but like you wrote
you did get it. Anyway, my intention like said in my mail was not to attack
anybody.
I know, I just am asking you to be specific with the errors you are reporting. None of the developers would complain in the slightest if you could provide good evidence of a bug, believe me ;-)
> * Strict HTTP header parsing - implemented in the most recent STABLE > releases of squid, you can turn this off via a squid.conf directive > anyway (but it is useful to have it set to log bad pages). > what do you mean? relaxed_header_parser? I think this is on by default, not off, turning it off it parse strict or am I wrong here?
Yes, it is on by default, in other words, (from the squid.conf)with this default setting, "Squid accepts certain forms of non-compliant HTTP messages where it is unambiguous what the sending application intended even if the message is not correctly formatted."
This means that as long as you have relaxed_header_parser set to on or warn, or simply not defined, the old behaviour will still be the same as older squid.
Personally I recommend at least "warn", as it has allowed me to see some of the broken sites and inform relevant people of their broken behaviour, but I understand not everyone can be bothered..
> * ECN on with Linux can cause 'zero sized reply' responses, although > usually you'll get a timeout. I have ECN on on my system and very few > sites fail because of this, but there are a small number. Read the > squid FAQ for information about how to turn this off if it is a problem. >
FYI it does not happens only on Linux, again, the problem and a possible solution here is not the point, the point is that for the end-user the site opens using "the other ISP" so for him it is an ISP problem, he doesn't care if it is squid or the remote site, network congestion or other.
Yep, I understand.
anyway, IMO the error message is obscure for the user, it starts saying
the URL: (blank)
Do the users have "Show friendly HTTP error messages" ticked in their Internet Explorer options? If they do, they will usually not see the squid error which explains what the problem is and will see a generic message "the page could not be displayed". Unfortunately, IE hides these useful squid messages with it's own garbage, which is often more useless to the end user than squid's messages.
If it's not that then you should either have something useful to look at in the users browser, or else in your cache.log.
the user obviously complains about that he typed correctly the URL and on the error msg it is blank, so this cause understanding problems between the support staff and the user
Then it does not help to send reading FAQs because what I am speaking about is
the user not the administrator. The user does not need to learn squid but
what he gets should be understandable enough and most important he should get
it when he gets it without squid.
Yes, of course.
I mean that a site should be accessible behind squid when it opens normally with a Browser without squid. It is not interesting here if there is a wrong header or whatever.
> * NTLM authentication, some uninformed site admins require or request > NO, I was not speaking about any authentication at all
> > Can you give some examples of specific sites which you need to bypass > squid for that you cannot get to display using the items I mentioned above? >
First some banking and other secure sites which need gre protocol for example but I was not speaking about this ones.
GRE should be unaffected. Squid does not process or handle GRE, only TCP/IP.
Are you using your squid as a firewall/router box, and not allowing GRE through?
Lots of Blogger sites are giving erros. Sure there is a lot of underline and whitespace problems but the latter ones often are not resolvable by squid settings. On the other side they open normally with MSIE
I haven't seen any before..
At work I can check for more, one specific follows.
Other errors are like this, even if this specific site now is working after contacting them. The site gave problem with squid > 2.5-S4 if I am not wrong here.
GET / HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/msword, application/vnd.ms-powerpoint, application/x-shockwave-flash, */* Accept-Language: pt-br Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt) Host: www.redecard.com.br Connection: Keep-Alive
That one is one of the more broken ones I have seen yet:
[EMAIL PROTECTED] ~]# wget -S www.redecard.com.br --00:38:38-- http://www.redecard.com.br/ => `index.html.1' Resolving www.redecard.com.br... 200.185.9.46 Connecting to www.redecard.com.br[200.185.9.46]:80... connected. HTTP request sent, awaiting response... 1 HTTP/1.1 200 OK 2 Date: Mon, 07 Mar 2005 11:39:01 GMT 3 X-Powered-By: ASP.NET 4 Content Location: http://www.redecard.com.br 5 Connection: keep-alive 6 Connection: Keep-Alive 7 Content-Length: 21032 8 Content-Type: text/html 9 Set-Cookie: ASPSESSIONIDSASTTSQD=OENGCMFDAGKKCPLCHHEGFLDL; path=/ 10 Cache-control: private
Duplicate "Connection" headers on line 5 and 6, and whitespace on line 4 between "Content" and "Location". No wonder it does not work properly.
Can you give us some more broken ones?
Are you doing transparent proxying by any chance?
reuben
