[Netalyzr] intranet proxy detection gets web server instead of proxy

Christian Kreibich christian at icir.org
Wed Dec 12 01:56:07 PST 2012

Hi Alex,

On 12/11/2012 05:26 AM, Alex Woick wrote:
> I have a machine with a squid proxy (port 3123) and a web server (port 
> 80) running in my intranet. The proxy configuration for my machine is 
> distributed with a proxy.pac file. This way, my browser contacts the 
> intranet proxy, which contacts remote web servers directly.
> With this configuration, netalyzr detects a wrong proxy in my intranet. 
> It probes the correct machine but misinterprets the apache web server on 
> port 80 als proxy, which is not configured as proxy. I removed the 
> mod_proxy.so and corresponding modules from httpd.conf, so it really 
> cannot. This results in wrong reports from netalyzr that a proxy alters 
> responses and performs broken caching.

Interesting stuff, thanks for reporting this.

I suspect what's going on is our processing of Via and X-Cache-Lookup
headers hitting a bug that ends up with the wrong port information. The
second problem seems to be that whatever content we manage to retrieve
from the server happens to pass our test.

We have the header information in the session transcript, so let us take
a look at what's going on. In the meantime it would be helpful if you
could tell us (e.g. via a tcpdump) what's the content we retrieve from
your webserver. I suppose it's a 404 of some sort?

> According to proxy.pac, the proxy runs on linux1.wombaz.localnet:3128, 
> and according to the X-Cache-Lookup header applications could be able to 
> determine the correct port 3128 even without proxy.pac.

Yeah, that makes complete sense and is exactly what's supposed to happen.


More information about the Netalyzr mailing list