On Saturday 05 March 2005 23:41, Reuben Farrelly wrote: > I think you've misunderstood something quite fundamental about how squid > works: > may be I did not used the exact expressions you like to see but like you wrote you did get it. Anyway, my intention like said in my mail was not to attack anybody. > > * Strict HTTP header parsing - implemented in the most recent STABLE > releases of squid, you can turn this off via a squid.conf directive > anyway (but it is useful to have it set to log bad pages). > what do you mean? relaxed_header_parser? I think this is on by default, not off, turning it off it parse strict or am I wrong here? > * ECN on with Linux can cause 'zero sized reply' responses, although > usually you'll get a timeout. I have ECN on on my system and very few > sites fail because of this, but there are a small number. Read the > squid FAQ for information about how to turn this off if it is a problem. > FYI it does not happens only on Linux, again, the problem and a possible solution here is not the point, the point is that for the end-user the site opens using "the other ISP" so for him it is an ISP problem, he doesn't care if it is squid or the remote site, network congestion or other. anyway, IMO the error message is obscure for the user, it starts saying the URL: (blank) the user obviously complains about that he typed correctly the URL and on the error msg it is blank, so this cause understanding problems between the support staff and the user Then it does not help to send reading FAQs because what I am speaking about is the user not the administrator. The user does not need to learn squid but what he gets should be understandable enough and most important he should get it when he gets it without squid. I mean that a site should be accessible behind squid when it opens normally with a Browser without squid. It is not interesting here if there is a wrong header or whatever. > * NTLM authentication, some uninformed site admins require or request > NO, I was not speaking about any authentication at all > > Can you give some examples of specific sites which you need to bypass > squid for that you cannot get to display using the items I mentioned above? > First some banking and other secure sites which need gre protocol for example but I was not speaking about this ones. Lots of Blogger sites are giving erros. Sure there is a lot of underline and whitespace problems but the latter ones often are not resolvable by squid settings. On the other side they open normally with MSIE At work I can check for more, one specific follows. Other errors are like this, even if this specific site now is working after contacting them. The site gave problem with squid > 2.5-S4 if I am not wrong here. GET / HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/msword, application/vnd.ms-powerpoint, application/x-shockwave-flash, */* Accept-Language: pt-br Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt) Host: www.redecard.com.br Connection: Keep-Alive Hans > Reuben -- _______________________________________________________ Infomatik (18)8112.7007 http://info.matik.com.br Mensagens não assinadas com GPG não são minhas. Messages without GPG signature are not from me. _______________________________________________________
Attachment:
pgp07cfs08yzm.pgp
Description: PGP signature
