Thanks! You may be right about the session cookies but we are behind a firewall so we have no way other than our proxy parents to get to any internet site. prefer_direct off was in place as default. never_direct allow all Also we have a traffic dump from our parent that may have a clue of the problem: *************************************************************************** GET /definitivos_bajarArchivo.asp?idc=4&arch=x HTTP/1.0 Accept: */* Referer: http://www.censo2010.indec.gov.ar/resultadosdefinitivos.asp Accept-Language: es User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.1.4322; .NET4.0C) Host: www.censo2010.indec.gov.ar Cookie: ASPSESSIONIDSCRCRSBD=LKDGDFGDBGBLPCFCFLOCMCAN; ASPSESSIONIDSATDQSBD=ILOHAJAAAIHIPGPKFDPNIDKF Via: 1.0 proxydpe (squid/3.1.12), 1.1 cache3.gba.gov.ar:3128 (squid/2.7.STABLE7) X-Forwarded-For: unknown, 10.42.6.193 Cache-Control: max-age=0 Connection: keep-alive HTTP/1.1 500 Internal Server Error Connection: keep-alive Date: Mon, 06 Feb 2012 22:14:09 GMT Server: Microsoft-IIS/6.0 Content-Length: 98 Content-Type: text/html Cache-control: private An error occurred on the server when processing the URL. Please contact the system administrator. ********************************************************************** I've noted that there are two cookies but I don't know if is right or not. This transaction on the other hand was ok directly from the client to the proxy "parent". GET http://www.censo2010.indec.gov.ar/definitivos_bajarArchivo.asp?idc=1&arch=p HTTP/1.1 Host: www.censo2010.indec.gov.ar User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: es-ar,es;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 DNT: 1 Proxy-Connection: keep-alive Referer: http://www.censo2010.indec.gov.ar/resultadosdefinitivos.asp Cookie: ASPSESSIONIDCABDRBDS=ADLDCDFDJIPLIHFLHJMCHKPI HTTP/1.0 302 Moved Temporarily Date: Mon, 30 Jan 2012 19:43:08 GMT Server: Microsoft-IIS/6.0 Location: CuadrosDefinitivos/V1-P_Buenos_Aires.pdf Content-Length: 161 Content-Type: text/html Cache-Control: private X-Cache: MISS from cache4.gba.gov.ar X-Cache-Lookup: MISS from cache4.gba.gov.ar:3128 Via: 1.1 cache4.gba.gov.ar:3128 (squid/2.7.STABLE7) Connection: keep-alive Proxy-Connection: keep-alive <head><title>Object moved</title></head> <body><h1>Object Moved</h1>This object may be found <a HREF="CuadrosDefinitivos/V1-P_Buenos_Aires.pdf">here</a>.</body> GET http://www.censo2010.indec.gov.ar/CuadrosDefinitivos/V1-P_Buenos_Aires.pdf HTTP/1.1 Host: www.censo2010.indec.gov.ar User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: es-ar,es;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 DNT: 1 Proxy-Connection: keep-alive Referer: http://www.censo2010.indec.gov.ar/resultadosdefinitivos.asp Cookie: ASPSESSIONIDCABDRBDS=ADLDCDFDJIPLIHFLHJMCHKPI etc. I hope it helps you helping me :-P Thanks a lot! Martin. 2012/2/4 Henrik Nordström <henrik@xxxxxxxxxxxxxxxxxxx>: > mån 2012-01-30 klockan 19:10 -0300 skrev Martin Nigoul: >> As we try to retrieve those files through our proxy we recive >> "An error occurred on the server when processing the URL. Please >> contact the system administrator." >> If we configure one of our cache_peer parents as the proxy for the >> browsers the file is downloaded >> whithout problem. > > A guess is that the site is using session cookies with embedded source > IP information. > > Try setting "prefer_direct off" in squid.conf. This will make it more > insisting in using parents even when doing so makes no sense from a > caching perspective. > > You can also use never_direct to force Squid hard to go via peers. And > cache_peer_access to limit which peers. Both these allows you to tune > for this site only if you like. > > Alternatively try using always_direct for the site to not go via peers > at all, which also accomplishes the same goal of having a single source > IP for the session. > > Regards > Henrik >
