Thanks!
You may be right about the session cookies but we are behind a
firewall so we have no way other than our proxy parents to get to any
internet site.
prefer_direct off was in place as default.
never_direct allow all
Also we have a traffic dump from our parent that may have a clue of the problem:
***************************************************************************
GET /definitivos_bajarArchivo.asp?idc=4&arch=x HTTP/1.0
Accept: */*
Referer: http://www.censo2010.indec.gov.ar/resultadosdefinitivos.asp
Accept-Language: es
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1;
Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729; .NET CLR 1.1.4322; .NET4.0C)
Host: www.censo2010.indec.gov.ar
Cookie: ASPSESSIONIDSCRCRSBD=LKDGDFGDBGBLPCFCFLOCMCAN;
ASPSESSIONIDSATDQSBD=ILOHAJAAAIHIPGPKFDPNIDKF
Via: 1.0 proxydpe (squid/3.1.12), 1.1 cache3.gba.gov.ar:3128 (squid/2.7.STABLE7)
X-Forwarded-For: unknown, 10.42.6.193
Cache-Control: max-age=0
Connection: keep-alive
HTTP/1.1 500 Internal Server Error
Connection: keep-alive
Date: Mon, 06 Feb 2012 22:14:09 GMT
Server: Microsoft-IIS/6.0
Content-Length: 98
Content-Type: text/html
Cache-control: private
An error occurred on the server when processing the URL. �Please
contact the system administrator.
**********************************************************************
I've noted that there are two cookies but I don't know if is right or not.
This transaction on the other hand was ok directly from the client to
the proxy "parent".
GET http://www.censo2010.indec.gov.ar/definitivos_bajarArchivo.asp?idc=1&arch=p
HTTP/1.1
Host: www.censo2010.indec.gov.ar
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: es-ar,es;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
DNT: 1
Proxy-Connection: keep-alive
Referer: http://www.censo2010.indec.gov.ar/resultadosdefinitivos.asp
Cookie: ASPSESSIONIDCABDRBDS=ADLDCDFDJIPLIHFLHJMCHKPI
HTTP/1.0 302 Moved Temporarily
Date: Mon, 30 Jan 2012 19:43:08 GMT
Server: Microsoft-IIS/6.0
Location: CuadrosDefinitivos/V1-P_Buenos_Aires.pdf
Content-Length: 161
Content-Type: text/html
Cache-Control: private
X-Cache: MISS from cache4.gba.gov.ar
X-Cache-Lookup: MISS from cache4.gba.gov.ar:3128
Via: 1.1 cache4.gba.gov.ar:3128 (squid/2.7.STABLE7)
Connection: keep-alive
Proxy-Connection: keep-alive
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a
HREF="CuadrosDefinitivos/V1-P_Buenos_Aires.pdf">here</a>.</body>
GET http://www.censo2010.indec.gov.ar/CuadrosDefinitivos/V1-P_Buenos_Aires.pdf
HTTP/1.1
Host: www.censo2010.indec.gov.ar
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: es-ar,es;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
DNT: 1
Proxy-Connection: keep-alive
Referer: http://www.censo2010.indec.gov.ar/resultadosdefinitivos.asp
Cookie: ASPSESSIONIDCABDRBDS=ADLDCDFDJIPLIHFLHJMCHKPI
etc.
I hope it helps you helping me :-P
Thanks a lot!
Martin.
2012/2/4 Henrik Nordstr�m <henrik_at_henriknordstrom.net>:
> m�n 2012-01-30 klockan 19:10 -0300 skrev Martin Nigoul:
>> As we try to retrieve those files through our proxy we recive
>> "An error occurred on the server when processing the URL. Please
>> contact the system administrator."
>> If we configure one of our cache_peer parents as the proxy for the
>> browsers the file is downloaded
>> whithout problem.
>
> A guess is that the site is using session cookies with embedded source
> IP information.
>
> Try setting "prefer_direct off" in squid.conf. This will make it more
> insisting in using parents even when doing so makes no sense from a
> caching perspective.
>
> You can also use never_direct to force Squid hard to go via peers. And
> cache_peer_access to limit which peers. Both these allows you to tune
> for this site only if you like.
>
> Alternatively try using always_direct for the site to not go via peers
> at all, which also accomplishes the same goal of having a single source
> IP for the session.
>
> Regards
> Henrik
>
Received on Wed Feb 08 2012 - 19:51:04 MST
This archive was generated by hypermail 2.2.0 : Sun Feb 12 2012 - 12:00:03 MST