Re: [squid-users] Zero Sized Reply - something to try on FreeBSD - FAQ update requested

From: Matus UHLAR - fantomas <uhlar@dont-contact.us>
Date: Fri, 25 Feb 2005 20:21:46 +0100

> On Fri, 25 Feb 2005, Matus UHLAR - fantomas wrote:
> >I don't think this is related to squid. This is imho problem of the page
> >you are requesting and scripts on it. This imho does NOT belong to SQUID
> >FAQ, but probably to remote server's or page FAQ.

> >I see that it was already added to the SQUID FAQ. I'd like to investigate
> >this problem a bit more...

On 25.02 19:10, Henrik Nordstrom wrote:
> It belongs to the FAQ.
>
> Pretty simple. His box had a overly simple IDS enabled, and these sites
> triggered this IDS by their probes, making his system blackhole these
> sites.

Then it's not tcp blackhole, but an IDS. And it's problem of IDS that
it blocks all traffic from such a system (and I call that a dump IDS).

tcp blackhole on FreeBSD just modifies behaviour for incoming connection:
when a connection attempt is made to a port where no program listens,
usually TCP RST packet is sent back. When blackhole is in effect, nothing
is sent and packets are silently dropped. This has nothing to do with IDS

So, again, the TCP blackhole thing does imho not belong to SQUID FAQ.

as I got it, request for specified page causes remote host scan some ports
on local host. tcp blackhole causes connection time out so the script on
web server times out and is killed by the server and no data are produced.
That might cause the "zero sized reply" error.

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
M$ Win's are shit, do not use it !
Received on Fri Feb 25 2005 - 12:21:49 MST

This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:02 MST