As regards the original post of this thread, after upgrading v3.3.5, my "zero byte" problems have evaporated. As regards forwarded_for, I also had it off. However by enabling it one allows internal addresses to be visible. See: http://www.squid-cache.org/Doc/config/forwarded_for/ This opens privacy/tracking issues for me. I think it should be left off, or as suggested below, somehow enabled only for specific sites you really need. I don't see what forwarded_for had to do with "zero byte" problems through :-) Sean On 7 June 2013 15:50, Ict Security <ict.security.job@xxxxxxxxx> wrote: > > Hello Nuno! > I think you are great; by removing forwarding_for off it works, and i > think others site with problems can be resolved! > I experienced, with some users, some of these problems that, to be > solved, had to be natted without proxy. > > Now i can workaround other cases, and then i will let you know! > Thank you again, for the moment, very very much! > Francesco > > 2013/6/7 Nuno Fernandes <npf-mlists@xxxxxxxxxxx>: > > > > Em Sexta, Junho de 7 de 2013 10:26 WEST, Ict Security > > <ict.security.job@xxxxxxxxx> escreveu: > > > >> Hello, > >> > >> i notice, in Squid 3.1.1 and previous version, some problem when > >> accessing some websites. > >> > >> It happens both on transparent and explicited proxy mode. > >> > >> As example, this site cannot be opened behing Squid 3.1.1: > >> http://www.prefettura.it > >> > >> It is a government italian site. > >> As this, there are some others site, that manifest problems in squid... > >> > >> Thank you, > >> Francesco Collini > > > > > > > > > > Do you have "forwarded_for off" in your configuration? If so remove it. > > That site requires valid forward_for: > > > > wget --header='X-Forwarded-For: 192.168.1.1' -S -O /dev/null > > www.prefettura.it # WORKS > > wget -S -O /dev/null www.prefettura.it > > # WORKS > > wget --header='X-Forwarded-For: unknown' -S -O /dev/null > > www.prefettura.it # NOT WORKING > > > > Maybe they are checking that value.... Better yet is to use header acl > > to remove that header to that specific site... > > > > Best regards, > > Nuno Fernandes
