[squid-users] Squid doesn't reload webpage like other clients do

Andrei lagged at gmail.com
Mon Oct 30 18:15:25 UTC 2017 

You do realize that there's nothing "weird" about p0f, right? Perhaps you
should have a read over:

http://lcamtuf.coredump.cx/p0f3/
https://blog.cloudflare.com/introducing-the-p0f-bpf-compiler/


On Mon, Oct 30, 2017 at 11:22 AM, Alex Rousskov <
rousskov at measurement-factory.com> wrote:

> On 10/30/2017 03:51 AM, Troiano Alessio wrote:
>
> > I've squid 3.5.20 running on RHEL 7.4. I have a problem to access
> > some websites, for example www.nato.int. This website apply an
> > Anti-DDoS system that reset the first connection after the TCP 3-way
> > handshake (SYN/SYN-ACK/ACK/RST-ACK). All subsequent TCP connections
> > are accepted. The website administrator say's it is by design.
>
>
> > When I browse the site with squid proxy the browser receive an "Empty
> > Response" squid error page (HTTP error code 502 Bad Gateway) and
> > doesn't do the automatic retry:
>
> This is by design as well :-).
>
> We can change Squid behavior to retry connection resets, but I am sure
> that some folks will not like the new behavior because in _their_ use
> cases a retry is wasteful and/or painful. IMHO, the new behavior should
> be controlled by a configuration directive, possibly an ACL-driven one.
>
> Quality patches implementing the above feature should be welcomed IMO.
> The tip of the relevant code is probably in ERR_ZERO_SIZE_OBJECT
> handling inside FwdState::fail(). There is a similar code that handles
> persistent connection races there already, but the zero-size reply code
> may need a new dedicated FwdState flag to prevent infinite retry loops
> when the origin server is broken (a much more typical use case than the
> weird attempt at DDoS mitigation that you have described above).
>
> https://wiki.squid-cache.org/SquidFaq/AboutSquid#How_to_
> add_a_new_Squid_feature.2C_enhance.2C_of_fix_something.3F
>
>
> HTH,
>
> Alex.
>
>
>
> > [root at soc-pe-nagios01 ~]# wget www.nato.int -e use_proxy=yes -e
> http_proxy=172.31.1.67:8080
> > --2017-10-30 10:41:09--  http://www.nato.int/
> > Connecting to 172.31.1.67:8080... connected.
> > Proxy request sent, awaiting response... 502 Bad Gateway
> > 2017-10-30 10:41:09 ERROR 502: Bad Gateway.
> >
> > I can't find an RFC that confirm if browser and proxyes should try a
> page reload, or if squid has an option to do that.
> >
> > Any help is appreciated.
> >
> > Best Regards, Alessio.
> >
> > Il presente messaggio e-mail e ogni suo allegato devono intendersi
> indirizzati esclusivamente al destinatario indicato e considerarsi dal
> contenuto strettamente riservato e confidenziale. Se non siete l'effettivo
> destinatario o avete ricevuto il messaggio e-mail per errore, siete pregati
> di avvertire immediatamente il mittente e di cancellare il suddetto
> messaggio e ogni suo allegato dal vostro sistema informatico. Qualsiasi
> utilizzo, diffusione, copia o archiviazione del presente messaggio da parte
> di chi non ne è il destinatario è strettamente proibito e può dar luogo a
> responsabilità di carattere civile e penale punibili ai sensi di legge.
> > Questa e-mail ha valore legale solo se firmata digitalmente ai sensi
> della normativa vigente.
> >
> > The contents of this email message and any attachments are intended
> solely for the addressee(s) and contain confidential and/or privileged
> information.
> > If you are not the intended recipient of this message, or if this
> message has been addressed to you in error, please immediately notify the
> sender and then delete this message and any attachments from your system.
> If you are not the intended recipient, you are hereby notified that any
> use, dissemination, copying, or storage of this message or its attachments
> is strictly prohibited. Unauthorized disclosure and/or use of information
> contained in this email message may result in civil and criminal liability.
>> > This e-mail has legal value according to the applicable laws only if it
> is digitally signed by the sender
> > _______________________________________________
> > squid-users mailing list
> > squid-users at lists.squid-cache.org
> > http://lists.squid-cache.org/listinfo/squid-users
> >
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20171030/44757e2a/attachment-0001.html>

More information about the squid-users mailing list