Not working using Safari Browswer
Closed this issue · 30 comments
What steps will reproduce the problem?
1. Tested with Safari 5.03 and Safari 3.1.2 and both exhibited the problem
2. Browse to any page
What is the expected output? What do you see instead?
Most web pages didn't work. Some worked partially. At the top of **every**
page I get stuff like this:
SID=DQAAAMUAAADcrJIiM8r_N1pOfQVnPK6PS3_HWOBKDc8lIPzezj6Hg-anQasFcFvqcsJj3emfJxnF
7Jnwu3bWjrZH9iCzUhL_xRvv1EvjrgeFUxKaczLkxpplrnmxdQuHN0KDLhgCCVfGuykvPnhKJCJZ76pq
Ow8bAjR1kiUbUWA-HaO5y1J09RIGL4d5OPZ4cRhZ0WhtHllbUIatKPPp-4M6GIvPKG4-7rwxPy0EuuQg
16y50QYdi59otI5zB0-T0--Qq3VTdmSbOSzUtdpj4ExLF2SRQclA; path=/;
domain=.google.com P3P: CP="This is not a P3P policy! See
http://www.google.com/support/accounts/bin/answer.py?answer=151657 for more
info." Set-Cookie:
NID=51=eL8rEwDv_vLqXKqt9zICIYT29D9UaNiW7Yo2G5d9Qm6t4gtOA48L2QZKA69S_4Tettx8YGNBt
Ulga2M17_rgCbd_SVjgUmSRnzSbr0pB9abj3zx9K9m8UosWhwH57WBH; expires=Sat,
24-Mar-2012 04:48:07 GMT; path=/; domain=.google.com; HttpOnly
X-Content-Type-Options: nosniff Server: igfe
I can provide other examples if needed.
What version of the product are you using? On what operating system?
Latest version of mindwebfilter and tested with Mac OSX 10.5.6 and 10.6.5.
Both did the same thing.
Is this a settings issue? Or is this a known issue with Safari on the Mac OSX?
I installed Chrome, and it seemed to work like a champ. Please let me know
ASAP!
Thanks!
Original issue reported on code.google.com by spencer....@gmail.com
on 23 Sep 2011 at 4:59
Date: Fri, 23 Sep 2011 05:22:36 GMT Server: Apache Cache-Control:
s-maxage=3600, must-revalidate, max-age=0 Last-Modified: Thu, 22 Sep 2011
10:08:54 GMT Vary: Accept-Encoding Content-Length: 49408 Content-Type:
text/html; charset=utf-8 X-Cache: HIT from sq62.wikimedia.org X-Cache-Lookup:
HIT from sq62.wikimedia.org:3128 Age: 139 X-Cache: HIT from sq78.wikimedia.org
X-Cache-Lookup: HIT from sq78.wikimedia.org:80 Connection: Close
Above is another example ...
Original comment by spencer....@gmail.com
on 23 Sep 2011 at 5:26
Original comment by mind....@gmail.com
on 23 Sep 2011 at 8:50
- Added labels: Priority-Critical
- Removed labels: Priority-Medium
Hi there,
Were you guys aware of the error? Any ideas? Will a configuration change
maybe fix this?
Thanks!
Original comment by spencer....@gmail.com
on 23 Sep 2011 at 8:53
We are just trying to reproduce this issue in order to determine what's
happens. We will update it soon.
Original comment by mind....@gmail.com
on 23 Sep 2011 at 8:55
Sounds good. Let me know if you need more info. I can repro any piece that
we need to.
Spencer
Original comment by spencer....@gmail.com
on 23 Sep 2011 at 9:00
Ok, I have some questions:
1) Is MinD installed at the same machine or in another one?
2) MinD is working on Transparent or Explicit Proxy?
3) Could you please provide us a traffic capture? (Don't worry about it if you
don't know what it is)
Original comment by mind....@gmail.com
on 23 Sep 2011 at 9:05
1) Another machine. There is one firewall server running that the Mac boxes
are behind.
2) Transparent
3) I can give a more full capture later. Do you want something at the level
of ngrep? Or at the level of tcpdump? Or if there is another method for
capture that you want provided, let me know.
Spencer
Original comment by spencer....@gmail.com
on 23 Sep 2011 at 9:16
Just a tcpdump for your configured proxy port, at client or firewall machine,
is the same. And perform 2 o 3 navigations.
The tcpdump line must be like this:
tcpdump -i ethX tcp port 8080 -s0 -v -w /tmp/mind_capture.pcap
A few packets should be enough.
Original comment by mind....@gmail.com
on 23 Sep 2011 at 9:25
Will do. I will send that over tonight. Thx.
Spencer
Original comment by spencer....@gmail.com
on 23 Sep 2011 at 9:29
Sorry for brother you, I have just another very important question:
Have you configured transparent proxy at mind.cfg configuration file?
transparentproxy = on
This is highly recommendable if you don't have any machine using MinD as
explicit proxy. On the other hand, you must not active this key if you have one
or more hosts using to MinD as explicit proxy.
Original comment by mind....@gmail.com
on 23 Sep 2011 at 9:40
I do not have any machines connecting directly - all are transparent.
However, I don't believe I am setting that. What is the affect of setting
that?
Original comment by spencer....@gmail.com
on 23 Sep 2011 at 9:51
This will speed up all proxy connections, and also the proxy will be less
intrusive, I'm not sure but, it is possible this configuration solves this
issue.
Original comment by mind....@gmail.com
on 23 Sep 2011 at 9:55
I will definitely give that a try and get back with you.
Thanks!
Spencer
Original comment by spencer....@gmail.com
on 23 Sep 2011 at 9:57
One other question:
If using a single transparent, is this setting also important?
# Filter work mode:
# 0 - Simple Proxy: No other proxy is requered (recommended)
# Usefull for transparent proxy.
# 1 - Chained proxy: Like Dansguardian proxy. It also
# needs another parent proxy.
# 2 - ICAP mode: Acts as an ICAP server.
#
# Default: 0 (Simple proxy).
filterworkmode = 0
Will it improve performance to have that as 0?
Thanks!
On Fri, Sep 23, 2011 at 2:56 PM, Spencer Thomason <
spencer.thomason@gmail.com> wrote:
Original comment by spencer....@gmail.com
on 23 Sep 2011 at 10:56
transparentproxy setting didn't fix it. :( I put it in the main config and
restarted - didn't solve the problem.
I will run the dumps and get those in a few minutes .....
On Fri, Sep 23, 2011 at 3:56 PM, Spencer Thomason <
spencer.thomason@gmail.com> wrote:
Original comment by spencer....@gmail.com
on 24 Sep 2011 at 12:35
If you need more dumps, just let me know.
Spencer
On Fri, Sep 23, 2011 at 6:14 PM, Spencer Thomason <
spencer.thomason@gmail.com> wrote:
Original comment by spencer....@gmail.com
on 24 Sep 2011 at 5:48
First of all, thank you for supporting MinD.
filterworkmode at MinD-Toy version is a functional key, performance should not
be affected by this key configuration.
Please attach your captures. I have not been able to reproduce this issue yet.
Original comment by mind....@gmail.com
on 24 Sep 2011 at 7:00
I sent the captures before as an attachment. Are you not able to get
attachments? Due to the size of the dump, I am unable to just paste the
text into the email. Let me know the best way to get them to you.
To repro:
Setup a mindwebfilter box running transparent proxy as the firewall. We are
using ours as the router + iptable rules routing to mindwebfilter. Then
connect an Apple machine running Mac OSX (we have tried Power PC and Intel
based Macs) behind this box. Breaks pages coming thru Safari on Mac OSX.
Mac OSX + FF or Chrome works great. But on Safari it is
immediately noticeable that it breaks.
Original comment by spencer....@gmail.com
on 24 Sep 2011 at 10:19
One other thing: I tested with the transparentproxy setting on, and then
tested with it commented out. I didn't see any performance gain in my
filtering benchmarks. The pages that I sent thru with the setting on, and
the setting off were the same. Should I have been seeing a difference?
Spencer
On Sat, Sep 24, 2011 at 3:19 PM, Spencer Thomason <
spencer.thomason@gmail.com> wrote:
Original comment by spencer....@gmail.com
on 24 Sep 2011 at 10:39
Were you able to get the attachments? If not, I will try and paste into the
body of the email. But before it was so much data (2 MB) that it wouldn't
let me paste into the email. But let me know, and I will try to pick the
relevant data.
On Sat, Sep 24, 2011 at 3:36 PM, Spencer Thomason <
spencer.thomason@gmail.com> wrote:
Original comment by spencer....@gmail.com
on 26 Sep 2011 at 2:23
I was sending these via email. I went to the website and attached the dump ....
Original comment by spencer....@gmail.com
on 26 Sep 2011 at 3:41
Attachments:
Any luck? Any ideas of something I could recompile and try? Even hints
would be greatly welcomed and I can dig into pieces of the code and give it
a try. I am a developer ....
Thanks!
Spencer
On Mon, Sep 26, 2011 at 7:23 AM, Spencer Thomason <
spencer.thomason@gmail.com> wrote:
Original comment by spencer....@gmail.com
on 27 Sep 2011 at 5:33
Original comment by mind....@gmail.com
on 28 Sep 2011 at 8:55
- Changed state: Accepted
I have reproduced this issue. We are working to solve it as soon as possible.
Thanks for supporting MinD.
Original comment by mind....@gmail.com
on 29 Sep 2011 at 3:17
Original comment by mind....@gmail.com
on 29 Sep 2011 at 3:50
- Added labels: Milestone-Release1.1
We found the fix, and have been running it for 24 hours. It seems to fix
the problem on the Mac + Safari, and doesn't seem to break anything
elsewhere:
In HTTPHeader.cpp, change this:
Line 1408 (I think)
l = header.front() + "\r\n";
to this:
l = header.front();
if (!(l.endsWith("\r") || l.endsWith("\n"))) {
l += "\r\n";
} else {
if (l.endsWith("\r")) {
l += "\n";
}
}
Seems to be working great now!
Thanks!
Original comment by spencer....@gmail.com
on 29 Sep 2011 at 4:50
Solved: commit r85 - Thanks to Spencer.
Original comment by mind....@gmail.com
on 29 Sep 2011 at 9:14
- Changed state: Fixed
Thank you very much. Your fix has solved 3 issues. Those issues were blocking
the MinD-Toy v1.1 release. Now we will generate a new package.
Thanks again for supporting MinD.
Original comment by mind....@gmail.com
on 29 Sep 2011 at 9:20
Very curious - what are the other 3 issues? It will be helpful to know what
the other issues are.
Original comment by spencer....@gmail.com
on 29 Sep 2011 at 9:23
Issues #23, #30, #31 were solved by you.
Original comment by mind....@gmail.com
on 29 Sep 2011 at 9:33