On 11/03/11 10:20, Oscar Andrés Eraso Moncayo wrote:
Hi, I set forwarded_for on, in the squid.conf, and I have not been successful, the page displays the same error message.
Okay, that worked for me. The alternative to strip it completely may
still work for you.
If both methods fail there us nothing Squid can do.
Amos
From: Amos Jeffries>
>
cc'ing the site webmaster in on this.
Although hopefully they are reading their logs and see all the crashes I
just caused while testing.
For the record:
Sadly this attempt at reporting the problem bounced. They seem not to
have the required webmaster@ contact address active.
On 10/03/11 16:14, Oscar Andrés Eraso Moncayo wrote:
Hi, the website is not broken, is ok,
The website is an executable program written in Java code. It crashed
due to some text being received. I call that broken.
"The full stack trace of the root cause is available in the Apache
Tomcat/6.0.16 logs."
This website does not pass the trivial HTTP connectivity test:
## telnet www.minminas.gov.co 80
Trying 190.90.9.227...
Connected to www.minminas.gov.co.
Escape character is '^]'.
GET /minminas/ HTTP/1.1
Host: www.minminas.gov.co
HTTP/1.1 500 Internal Server Error
Date: Thu, 10 Mar 2011 04:28:20 GMT
Server: Apache/2.2.11 (Win32) mod_jk/1.2.28
Content-Length: 1259
Connection: close
Content-Type: text/html;charset=utf-8
<elided error page>
the website is accessed fine without proxy setting in the browser.
Due to the website having been tested and debugged with a web browser no
doubt. This means only that it works for a browser when directly
connected to the website.
I just spent an hour testing potential workarounds. The number of
things which die stating "NullPointerEception" is horribly large.
I found that it dies with your error if the X-Forwarded-For header
exists but contains "unknown".
That text is sent when you configure "forwarded_for off" in
squid.conf. The site works if XFF contains a valid IPv4-only address, or
does not exist at all. It dies if any non-IPv4 address or ultipel
addresses are sent. So any IPv6 clients you have behind Squid cannot get
a response despite Squid doing the v6->v4 conversion.
In summary:
If you only have IPv4 clients:
forwarded_for on
If you have any IPv6 clients:
acl deadGovt dstdomain .minminas.gov.co
request_header_acecss X-Forwarded-For deny deadGovt
(until the site gets fixed or you get squid-3.2 which does
"forwarded_for delete").
It also dies horribly if you omit/anonymize the browser type header or
several other common headers. Which may be a problem if you tried
setting up Squid as an "anonymous" proxy.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.11
Beta testers wanted for 3.2.0.5
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.11
Beta testers wanted for 3.2.0.5
