You do realize that there's nothing "weird" about p0f, right? Perhaps you should have a read over:
http://lcamtuf.coredump.cx/p0f3/ https://blog.cloudflare.com/introducing-the-p0f-bpf-compiler/ On Mon, Oct 30, 2017 at 11:22 AM, Alex Rousskov < rouss...@measurement-factory.com> wrote: > On 10/30/2017 03:51 AM, Troiano Alessio wrote: > > > I've squid 3.5.20 running on RHEL 7.4. I have a problem to access > > some websites, for example www.nato.int. This website apply an > > Anti-DDoS system that reset the first connection after the TCP 3-way > > handshake (SYN/SYN-ACK/ACK/RST-ACK). All subsequent TCP connections > > are accepted. The website administrator say's it is by design. > > > > When I browse the site with squid proxy the browser receive an "Empty > > Response" squid error page (HTTP error code 502 Bad Gateway) and > > doesn't do the automatic retry: > > This is by design as well :-). > > We can change Squid behavior to retry connection resets, but I am sure > that some folks will not like the new behavior because in _their_ use > cases a retry is wasteful and/or painful. IMHO, the new behavior should > be controlled by a configuration directive, possibly an ACL-driven one. > > Quality patches implementing the above feature should be welcomed IMO. > The tip of the relevant code is probably in ERR_ZERO_SIZE_OBJECT > handling inside FwdState::fail(). There is a similar code that handles > persistent connection races there already, but the zero-size reply code > may need a new dedicated FwdState flag to prevent infinite retry loops > when the origin server is broken (a much more typical use case than the > weird attempt at DDoS mitigation that you have described above). > > https://wiki.squid-cache.org/SquidFaq/AboutSquid#How_to_ > add_a_new_Squid_feature.2C_enhance.2C_of_fix_something.3F > > > HTH, > > Alex. > > > > > [root@soc-pe-nagios01 ~]# wget www.nato.int -e use_proxy=yes -e > http_proxy=172.31.1.67:8080 > > --2017-10-30 10:41:09-- http://www.nato.int/ > > Connecting to 172.31.1.67:8080... connected. > > Proxy request sent, awaiting response... 502 Bad Gateway > > 2017-10-30 10:41:09 ERROR 502: Bad Gateway. > > > > I can't find an RFC that confirm if browser and proxyes should try a > page reload, or if squid has an option to do that. > > > > Any help is appreciated. > > > > Best Regards, Alessio. > > > > Il presente messaggio e-mail e ogni suo allegato devono intendersi > indirizzati esclusivamente al destinatario indicato e considerarsi dal > contenuto strettamente riservato e confidenziale. Se non siete l'effettivo > destinatario o avete ricevuto il messaggio e-mail per errore, siete pregati > di avvertire immediatamente il mittente e di cancellare il suddetto > messaggio e ogni suo allegato dal vostro sistema informatico. Qualsiasi > utilizzo, diffusione, copia o archiviazione del presente messaggio da parte > di chi non ne è il destinatario è strettamente proibito e può dar luogo a > responsabilità di carattere civile e penale punibili ai sensi di legge. > > Questa e-mail ha valore legale solo se firmata digitalmente ai sensi > della normativa vigente. > > > > The contents of this email message and any attachments are intended > solely for the addressee(s) and contain confidential and/or privileged > information. > > If you are not the intended recipient of this message, or if this > message has been addressed to you in error, please immediately notify the > sender and then delete this message and any attachments from your system. > If you are not the intended recipient, you are hereby notified that any > use, dissemination, copying, or storage of this message or its attachments > is strictly prohibited. Unauthorized disclosure and/or use of information > contained in this email message may result in civil and criminal liability. > “ > > This e-mail has legal value according to the applicable laws only if it > is digitally signed by the sender > > _______________________________________________ > > squid-users mailing list > > squid-users@lists.squid-cache.org > > http://lists.squid-cache.org/listinfo/squid-users > > > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
