Hi, I set forwarded_for on, in the squid.conf, and I have not been successful, the page displays the same error message.
Thanks to all,
Regards.
________________________________________
From: Amos Jeffries [squid3_at_treenet.co.nz]
Sent: Wednesday, March 09, 2011 11:59 PM
To: Oscar Andrés Eraso Moncayo; webmaster_at_minminas.gov.co; squid-users_at_squid-cache.org
Subject: Re: [squid-users] PROBLEM ACCESS JSP PAGE
cc'ing the site webmaster in on this.
Although hopefully they are reading their logs and see all the crashes I
just caused while testing.
On 10/03/11 16:14, Oscar Andrés Eraso Moncayo wrote:
> Hi, the website is not broken, is ok,
>
The website is an executable program written in Java code. It crashed
due to some text being received. I call that broken.
"The full stack trace of the root cause is available in the Apache
Tomcat/6.0.16 logs."
This website does not pass the trivial HTTP connectivity test:
## telnet www.minminas.gov.co 80
Trying 190.90.9.227...
Connected to www.minminas.gov.co.
Escape character is '^]'.
GET /minminas/ HTTP/1.1
Host: www.minminas.gov.co
HTTP/1.1 500 Internal Server Error
Date: Thu, 10 Mar 2011 04:28:20 GMT
Server: Apache/2.2.11 (Win32) mod_jk/1.2.28
Content-Length: 1259
Connection: close
Content-Type: text/html;charset=utf-8
<elided error page>
> the website is accessed fine without proxy setting in the browser.
Due to the website having been tested and debugged with a web browser no
doubt. This means only that it works for a browser when directly
connected to the website.
I just spent an hour testing potential workarounds. The number of
things which die stating "NullPointerEception" is horribly large.
I found that it dies with your error if the X-Forwarded-For header
exists but contains "unknown".
That text is sent when you configure "forwarded_for off" in
squid.conf. The site works if XFF contains a valid IPv4-only address, or
does not exist at all. It dies if any non-IPv4 address or ultipel
addresses are sent. So any IPv6 clients you have behind Squid cannot get
a response despite Squid doing the v6->v4 conversion.
In summary:
If you only have IPv4 clients:
forwarded_for on
If you have any IPv6 clients:
acl deadGovt dstdomain .minminas.gov.co
request_header_acecss X-Forwarded-For deny deadGovt
(until the site gets fixed or you get squid-3.2 which does
"forwarded_for delete").
It also dies horribly if you omit/anonymize the browser type header or
several other common headers. Which may be a problem if you tried
setting up Squid as an "anonymous" proxy.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.11 Beta testers wanted for 3.2.0.5Received on Thu Mar 10 2011 - 21:27:39 MST
This archive was generated by hypermail 2.2.0 : Fri Mar 11 2011 - 12:00:01 MST