-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 9/12/2014 4:48 a.m., Dieter Bloms wrote: > Hello, > > we use squid 3.4.9 as proxy for our company with ipv4 and ipv6 > dual stack. It works good, but if a destination has an A and AAAA > record and the webserver isn't reachable via ipv6, squid generates > an error page instead of trying a connection via ipv4. > > One example is the url: > > https://ssl.ratsinfo-online.net/pirna-ri/logon.asp > > where squid tries to reach the webside via the ip > 2001:8d8:87c:5f00::6e:72d6, but without success, because it isn't > reachable. > > Now I want, that squid does a fallback to ipv4 after > connect_timeout, but squid returns an error page (ERR_CONNECT_FAIL) > to the client. > Squid rarely sees https:// URLs like that. Check if it is being given the server name in a way that it can lookup all IPs, or just the one IP address. It also depends on how long the connection attempt(s) take. If it takes longer to lookup the DNS (dns_timeout) and try that one IP (connect_timeout * connect_retries) than the entire transaction is permitted to use (forward_timeout), then there is of course no time to try anything else. Note also that the message in the ERR_CONNECT_FAIL page is the result of the final attempt made. Squid may have made several connection attempts to other IP which also failed. Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUiHZOAAoJELJo5wb/XPRj1TYH/Aid+TxcHzQNK4Q1Lw12Bwl6 QUx0vlpBKfmvzAq+9ucvavWePBSkKkLqmjsSasqqDebi26PuKvoTaJB02lZUdbKe tDFlL9+1QWLfUCyqJDhZuUsnbD/rjVolvpk+Zu1RD6PvK2TSRG0YcaM68mefw7Wn LFj4aKpo+pUaRJhdZHu3cKmG3SMREhq6z5rgHASyxnQhGUWugSg5NjCnHGzB0Qt1 5U79b3nmRO9bZ2st15iJG3B000v01NLojthSDZaTjYNR9LJ0eNIqVwa4ppEf399q j/H6JyC5hNFXpX4LOtuGTY7sptAXCK4ItNJcAupV6TOkCJsesaQqk5SreOlxA/M= =n1dE -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
