Hello everyone, Some users at our site are having difficulty using websites with forms which they need to fill in when they use IE6. Connecting to the same sites with Firefox works as expected. We are using Squid 2.6.STABLE6-0.6 on an openSUSE 10.2 machine (rpm package, not built from source). The problem with IE is that users experience time-outs when trying to post data entered in forms. The information is saved at the site though, as completing the same form with the same data again, results in an error that there already exists such a record. The strange thing is that the user gets the default IE error page for a time-out, not the Squid error page for a time-out. In access.log, the following is logged: 1190878061.492 31383 10.254.202.86 TCP_MISS/302 487 POST http://www.ckb-online.nl/Dossierbeheer/AanmakenDossier.aspx jbs DIRECT/213.206.93.222 text/html 1190878061.543 0 10.254.202.86 TCP_DENIED/407 2020 GET http://www.ckb-online.nl/ErrPage.aspx - NONE/- text/html 1190878061.546 0 10.254.202.86 TCP_DENIED/407 2197 GET http://www.ckb-online.nl/ErrPage.aspx - NONE/- text/html 1190878071.347 9802 10.254.202.86 TCP_MISS/302 487 GET http://www.ckb-online.nl/ErrPage.aspx jbs DIRECT/213.206.93.222 text/html 1190878071.350 0 10.254.202.86 TCP_DENIED/407 2020 GET http://www.ckb-online.nl/ErrPage.aspx - NONE/- text/html 1190878071.353 0 10.254.202.86 TCP_DENIED/407 2197 GET http://www.ckb-online.nl/ErrPage.aspx - NONE/- text/html 1190878075.893 4540 10.254.202.86 TCP_MISS/302 487 GET http://www.ckb-online.nl/ErrPage.aspx jbs DIRECT/213.206.93.222 text/html 1190878075.896 0 10.254.202.86 TCP_DENIED/407 2020 GET http://www.ckb-online.nl/ErrPage.aspx - NONE/- text/html 1190878075.898 0 10.254.202.86 TCP_DENIED/407 2197 GET http://www.ckb-online.nl/ErrPage.aspx - NONE/- text/html 1190878080.430 4532 10.254.202.86 TCP_MISS/302 487 GET http://www.ckb-online.nl/ErrPage.aspx jbs DIRECT/213.206.93.222 text/html 1190878080.433 0 10.254.202.86 TCP_DENIED/407 2020 GET http://www.ckb-online.nl/ErrPage.aspx - NONE/- text/html 1190878080.435 0 10.254.202.86 TCP_DENIED/407 2197 GET http://www.ckb-online.nl/ErrPage.aspx - NONE/- text/html 1190878089.600 9164 10.254.202.86 TCP_MISS/302 487 GET http://www.ckb-online.nl/ErrPage.aspx jbs DIRECT/213.206.93.222 text/html 1190878089.603 0 10.254.202.86 TCP_DENIED/407 2020 GET http://www.ckb-online.nl/ErrPage.aspx - NONE/- text/html 1190878089.605 0 10.254.202.86 TCP_DENIED/407 2197 GET http://www.ckb-online.nl/ErrPage.aspx - NONE/- text/html 1190878094.224 4620 10.254.202.86 TCP_MISS/302 487 GET http://www.ckb-online.nl/ErrPage.aspx jbs DIRECT/213.206.93.222 text/html The odd thing is that the user never gets to see the error page from the server (see the line above). It just sits there and eventually times out or just waits forever. The TCP_DENIED/407 seems to have to do with authentication, which is a bit odd, since the proxy is configured to not allow cache access without authentication. We use Samba/Winbind to authenticate users to Active Directory. With Firefox, I find the following lines in access.log: 1190879182.880 186 10.254.202.86 TCP_MISS/200 21291 GET http://www.ckb-online.nl/WebResource.axd?d=vZzctey8hqFdK6AGNq0DGA2&t=633 201894100625000 jbs DIRECT/213.206.93.222 application/x-javascript 1190879183.145 265 10.254.202.86 TCP_MISS/200 21834 GET http://www.ckb-online.nl/WebResource.axd?d=Wz_7lZQTVD_jDQGtPmKFCZE3OVMIf bIM0FibHEhB2e41&t=633201894100625000 jbs DIRECT/213.206.93.222 application/x-javascript 1190879185.829 579 10.254.202.86 TCP_MISS/302 598 POST http://www.ckb-online.nl/Dossierbeheer/Dossier.aspx?DossierID=3361 jbs DIRECT/213.206.93.222 text/html 1190879186.099 271 10.254.202.86 TCP_MISS/200 23829 GET http://www.ckb-online.nl/Dossierbeheer/BeheerChecklist.aspx?Dossier=3361 jbs DIRECT/213.206.93.222 text/html 1190879186.145 204 10.254.202.86 TCP_MISS/200 21291 GET http://www.ckb-online.nl/WebResource.axd?d=vZzctey8hqFdK6AGNq0DGA2&t=633 201894100625000 jbs DIRECT/213.206.93.222 application/x-javascript 1190879186.291 146 10.254.202.86 TCP_MISS/200 21834 GET http://www.ckb-online.nl/WebResource.axd?d=Wz_7lZQTVD_jDQGtPmKFCZE3OVMIf bIM0FibHEhB2e41&t=633201894100625000 jbs DIRECT/213.206.93.222 application/x-javascript 1190879195.774 524 10.254.202.86 TCP_MISS/200 24411 POST http://www.ckb-online.nl/Dossierbeheer/BeheerChecklist.aspx?Dossier=3361 jbs DIRECT/213.206.93.222 text/html 1190879195.957 264 10.254.202.86 TCP_MISS/200 21291 GET http://www.ckb-online.nl/WebResource.axd?d=vZzctey8hqFdK6AGNq0DGA2&t=633 201894100625000 jbs DIRECT/213.206.93.222 application/x-javascript 1190879196.167 210 10.254.202.86 TCP_MISS/200 21834 GET http://www.ckb-online.nl/WebResource.axd?d=Wz_7lZQTVD_jDQGtPmKFCZE3OVMIf bIM0FibHEhB2e41&t=633201894100625000 jbs DIRECT/213.206.93.222 application/x-javascript 1190879198.549 1299 10.254.202.86 TCP_MISS/200 25494 POST http://www.ckb-online.nl/Dossierbeheer/BeheerChecklist.aspx?Dossier=3361 jbs DIRECT/213.206.93.222 text/html 1190879198.663 202 10.254.202.86 TCP_MISS/200 21291 GET http://www.ckb-online.nl/WebResource.axd?d=vZzctey8hqFdK6AGNq0DGA2&t=633 201894100625000 jbs DIRECT/213.206.93.222 application/x-javascript 1190879198.880 216 10.254.202.86 TCP_MISS/200 21834 GET http://www.ckb-online.nl/WebResource.axd?d=Wz_7lZQTVD_jDQGtPmKFCZE3OVMIf bIM0FibHEhB2e41&t=633201894100625000 jbs DIRECT/213.206.93.222 application/x-javascript 1190879201.519 266 10.254.202.86 TCP_MISS/302 582 POST http://www.ckb-online.nl/Dossierbeheer/BeheerChecklist.aspx?Dossier=3361 jbs DIRECT/213.206.93.222 text/html These seem like normal transaction lines to me. When I allow the user to bypass the proxy and go directly to the site with IE6, the site works as intended. I have added the following acl statement to squid.conf to try and solve this matter, but it doesn't seem to solve the problem: acl CKBONLINE dstdomain .ckb-online.nl always_direct allow CKBONLINE So my question is, is there a setting I need to tweak for IE6 to start working with these sites? Since it works with Firefox, my guess is that IE6 does something that Squid does not like. Any ideas? Kind regards, Joop Beris ------------------------------------------------------------ Dit bericht is gescand op virussen en andere gevaarlijke inhoud door MailScanner en lijkt schoon te zijn. Mailscanner door http://www.prosolit.nl Professional Solutions fot IT
