Search squid archive

Re: PROBLEM ACCESS JSP PAGE

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



cc'ing the site webmaster in on this.
Although hopefully they are reading their logs and see all the crashes I just caused while testing.


On 10/03/11 16:14, Oscar Andrés Eraso Moncayo wrote:
Hi, the website is not broken, is ok,


The website is an executable program written in Java code. It crashed due to some text being received. I call that broken.

"The full stack trace of the root cause is available in the Apache Tomcat/6.0.16 logs."


This website does not pass the trivial HTTP connectivity test:

## telnet www.minminas.gov.co 80
Trying 190.90.9.227...
Connected to www.minminas.gov.co.
Escape character is '^]'.
GET /minminas/ HTTP/1.1
Host: www.minminas.gov.co

HTTP/1.1 500 Internal Server Error
Date: Thu, 10 Mar 2011 04:28:20 GMT
Server: Apache/2.2.11 (Win32) mod_jk/1.2.28
Content-Length: 1259
Connection: close
Content-Type: text/html;charset=utf-8

<elided error page>


the website is accessed fine without proxy setting in the browser.

Due to the website having been tested and debugged with a web browser no doubt. This means only that it works for a browser when directly connected to the website. I just spent an hour testing potential workarounds. The number of things which die stating "NullPointerEception" is horribly large.

I found that it dies with your error if the X-Forwarded-For header exists but contains "unknown".

That text is sent when you configure "forwarded_for off" in squid.conf. The site works if XFF contains a valid IPv4-only address, or does not exist at all. It dies if any non-IPv4 address or ultipel addresses are sent. So any IPv6 clients you have behind Squid cannot get a response despite Squid doing the v6->v4 conversion.

In summary:

If you only have IPv4 clients:
  forwarded_for on

If you have any IPv6 clients:
  acl deadGovt dstdomain .minminas.gov.co
  request_header_acecss X-Forwarded-For deny deadGovt

(until the site gets fixed or you get squid-3.2 which does "forwarded_for delete").


It also dies horribly if you omit/anonymize the browser type header or several other common headers. Which may be a problem if you tried setting up Squid as an "anonymous" proxy.

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.11
  Beta testers wanted for 3.2.0.5


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux