Re: squid not proxying 403 error pages properly

From: Duane Wessels <[email protected]>
Date: Tue, 1 Aug 2000 15:08:38 -0600

On Tue, 1 Aug 2000, Paul Jakma wrote:

> hi,
>
> I have a problem with squid, where it returns a page to the user saying:
>
> ------------------------------------------------
> While trying to retrieve the URL: [no URL]
>
> The following error was encountered:
>
> Read Error
>
> The system returned:
>
> (104) Connection reset by peer
>
> An error condition occurred while reading data from the network. Please
> retry your request.
> --------------------------------------------------------
>
>
> when in fact it did receive a full reply from the webserver, namely:
>
> ------------------------------------------
> HTTP/1.1 403 Forbidden
> Date: Tue, 01 Aug 2000 13:02:19 GMT
> Server: Apache/1.3.12 (Unix) (Red Hat/Linux) PHP/3.0.16
> Connection: close
> Content-Type: text/html; charset=iso-8859-1
>
> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
> <HTML><HEAD>
> <TITLE>403 Forbidden</TITLE>
> </HEAD><BODY>
> <H1>Forbidden</H1>
> You don't have permission to access /mops/
> on this server.<P>
> <HR>
> <ADDRESS>Apache/1.3.12 Server at berkman.itg.ie Port 80</ADDRESS>
> </BODY></HTML>
> ----------------------------------------------------------------
>
>
> Does anyone know why? Where does the problem lie?

403 status is a "retryable" condition for Squid. That is, when Squid
gets a 403 reply, it tries to forward the request again.

The reason for retrying a 403 is that if a parent proxy returns 403, then
squid would retry the request either at a different proxy, or directly.
This check could be made more intelligent so that squid didn't retry
a 403 if the response came from an origin server.

Looks like what happened to you is Squid got the 403, tried the
request again, then got the connection reset. Actually, Squid probably
tried more than once to satisfy the request. The reset happened to
be what it got for its last attempt.
Received on Tue Aug 01 2000 - 15:12:17 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:54:41 MST