Hi, I set forwarded_for on, in the squid.conf, and I have not been successful, the page displays the same error message. Thanks to all, Regards. ________________________________________ From: Amos Jeffries [squid3@xxxxxxxxxxxxx] Sent: Wednesday, March 09, 2011 11:59 PM To: Oscar Andrés Eraso Moncayo; webmaster@xxxxxxxxxxxxxxx; squid-users@xxxxxxxxxxxxxxx Subject: Re: PROBLEM ACCESS JSP PAGE cc'ing the site webmaster in on this. Although hopefully they are reading their logs and see all the crashes I just caused while testing. On 10/03/11 16:14, Oscar Andrés Eraso Moncayo wrote: > Hi, the website is not broken, is ok, > The website is an executable program written in Java code. It crashed due to some text being received. I call that broken. "The full stack trace of the root cause is available in the Apache Tomcat/6.0.16 logs." This website does not pass the trivial HTTP connectivity test: ## telnet www.minminas.gov.co 80 Trying 190.90.9.227... Connected to www.minminas.gov.co. Escape character is '^]'. GET /minminas/ HTTP/1.1 Host: www.minminas.gov.co HTTP/1.1 500 Internal Server Error Date: Thu, 10 Mar 2011 04:28:20 GMT Server: Apache/2.2.11 (Win32) mod_jk/1.2.28 Content-Length: 1259 Connection: close Content-Type: text/html;charset=utf-8 <elided error page> > the website is accessed fine without proxy setting in the browser. Due to the website having been tested and debugged with a web browser no doubt. This means only that it works for a browser when directly connected to the website. I just spent an hour testing potential workarounds. The number of things which die stating "NullPointerEception" is horribly large. I found that it dies with your error if the X-Forwarded-For header exists but contains "unknown". That text is sent when you configure "forwarded_for off" in squid.conf. The site works if XFF contains a valid IPv4-only address, or does not exist at all. It dies if any non-IPv4 address or ultipel addresses are sent. So any IPv6 clients you have behind Squid cannot get a response despite Squid doing the v6->v4 conversion. In summary: If you only have IPv4 clients: forwarded_for on If you have any IPv6 clients: acl deadGovt dstdomain .minminas.gov.co request_header_acecss X-Forwarded-For deny deadGovt (until the site gets fixed or you get squid-3.2 which does "forwarded_for delete"). It also dies horribly if you omit/anonymize the browser type header or several other common headers. Which may be a problem if you tried setting up Squid as an "anonymous" proxy. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.11 Beta testers wanted for 3.2.0.5
