I've squid 3.5.20 running on RHEL 7.4.
I have a problem to access some websites, for example www.nato.int.
This website apply an Anti-DDoS system that reset the first connection after 
the TCP 3-way handshake (SYN/SYN-ACK/ACK/RST-ACK). All subsequent TCP 
connections are accepted. The website administrator say's it is by design.
When I browse that site directly with all browser (IE, FF, Chrome) I see the 
normal site showed. Anyway it is because after the first reset the client try 
to reload the page. I've the same behaviour also with wget:

[root@soc-pe-nagios01 ~]# wget www.nato.int
--2017-10-30 10:02:50--  http://www.nato.int/
Resolving www.nato.int...
Connecting to www.nato.int||:80... connected.
HTTP request sent, awaiting response... No data received.

--2017-10-30 10:02:51--  (try: 2)  http://www.nato.int/
Connecting to www.nato.int||:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://www.nato.int/ [following]
--2017-10-30 10:02:51--  https://www.nato.int/
Connecting to www.nato.int||:443... connected.
WARNING: cannot verify www.nato.int's certificate, issued by 
'/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - SHA256 - 
  Unable to locally verify the issuer's authority.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: 'index.html.17'

    [      <=>                                                                  
                       ] 168,229      147K/s   in 1.1s

2017-10-30 10:03:39 (147 KB/s) - index.html.17 saved [168229]

When I browse the site with squid proxy the browser receive an "Empty Response" 
squid error page (HTTP error code 502 Bad Gateway) and doesn't do the automatic 

[root@soc-pe-nagios01 ~]# wget www.nato.int -e use_proxy=yes -e 
--2017-10-30 10:41:09--  http://www.nato.int/
Connecting to connected.
Proxy request sent, awaiting response... 502 Bad Gateway
2017-10-30 10:41:09 ERROR 502: Bad Gateway.

I can't find an RFC that confirm if browser and proxyes should try a page 
reload, or if squid has an option to do that.

Any help is appreciated.

Best Regards, Alessio.

Il presente messaggio e-mail e ogni suo allegato devono intendersi indirizzati 
esclusivamente al destinatario indicato e considerarsi dal contenuto 
strettamente riservato e confidenziale. Se non siete l'effettivo destinatario o 
avete ricevuto il messaggio e-mail per errore, siete pregati di avvertire 
immediatamente il mittente e di cancellare il suddetto messaggio e ogni suo 
allegato dal vostro sistema informatico. Qualsiasi utilizzo, diffusione, copia 
o archiviazione del presente messaggio da parte di chi non ne è il destinatario 
è strettamente proibito e può dar luogo a responsabilità di carattere civile e 
penale punibili ai sensi di legge.
Questa e-mail ha valore legale solo se firmata digitalmente ai sensi della 
normativa vigente.

The contents of this email message and any attachments are intended solely for 
the addressee(s) and contain confidential and/or privileged information.
If you are not the intended recipient of this message, or if this message has 
been addressed to you in error, please immediately notify the sender and then 
delete this message and any attachments from your system. If you are not the 
intended recipient, you are hereby notified that any use, dissemination, 
copying, or storage of this message or its attachments is strictly prohibited. 
Unauthorized disclosure and/or use of information contained in this email 
message may result in civil and criminal liability. “
This e-mail has legal value according to the applicable laws only if it is 
digitally signed by the sender
squid-users mailing list

Reply via email to