On 24.02 16:15, David Landgren wrote:
I've just spent the better part of three hours up to my ears in packet traces, squid debugging, reconfiguring, upgrading from -STABLE5 to -STABLE8 and and firewall tweaking.
I was getting "Zero Sized Reply" on a specific page of a website (within an authenticated realm). All the usual recipes got me nowhere. And the firewall was showing odd behaviour: I was getting connection rejects on a high port of the natted address of the Squid box, coming from source port 80 of the remote host I was making the connections too. And no amount of nat tweaks or changes to the ruleset would make the page work.
That is a specific behaviour of that page, or better scripts on that
address. For example new versions of IRC servers check if you are not
conecting from open proxy by connecthing back to your IP and scanning for
SOCKS/HTTP proxies on some standard ports.
Yes, it was exactly that. Some kind of paranoia at work trying to ensure you're not pilfering their data. It only occurs on their page. (Maybe it occurs elsewher, but other sites degrade gracefully and no-one notices). This particular page resulted a Squid "Zero Sized Reply" error page.
Scripts on page you are trying to get probably do the same. May I know what is exact address of that page, to see what's happening?
Unfortunately I can't it do that. It's in a password-protected area of the site. You need an account.
Then, after staring at the FAQ (section 11.51) for the seventeenth, the I finally began to comprehend the words I was reading ;o)
"Disable any advanced TCP features on the Squid system"
I don't think this is related to squid. This is imho problem of the page you are requesting and scripts on it. This imho does NOT belong to SQUID FAQ, but probably to remote server's or page FAQ.
Yes I know, but have you tried recently to tell someone that their page doesn't work and that maybe they should go about things differently? I gave up that dream a long time ago. I know it's the site at fault, but I have my own constraints; I must offer reliable web surfing to my users.
I see that it was already added to the SQUID FAQ. I'd like to investigate this problem a bit more...
If you want packet traces, or anything else, let me know.
David