> On Fri, 25 Feb 2005, Matus UHLAR - fantomas wrote: > >I don't think this is related to squid. This is imho problem of the page > >you are requesting and scripts on it. This imho does NOT belong to SQUID > >FAQ, but probably to remote server's or page FAQ. > >I see that it was already added to the SQUID FAQ. I'd like to investigate > >this problem a bit more... On 25.02 19:10, Henrik Nordstrom wrote: > It belongs to the FAQ. > > Pretty simple. His box had a overly simple IDS enabled, and these sites > triggered this IDS by their probes, making his system blackhole these > sites. Then it's not tcp blackhole, but an IDS. And it's problem of IDS that it blocks all traffic from such a system (and I call that a dump IDS). tcp blackhole on FreeBSD just modifies behaviour for incoming connection: when a connection attempt is made to a port where no program listens, usually TCP RST packet is sent back. When blackhole is in effect, nothing is sent and packets are silently dropped. This has nothing to do with IDS So, again, the TCP blackhole thing does imho not belong to SQUID FAQ. as I got it, request for specified page causes remote host scan some ports on local host. tcp blackhole causes connection time out so the script on web server times out and is killed by the server and no data are produced. That might cause the "zero sized reply" error. -- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. M$ Win's are shit, do not use it !