Looks like me an Vincent caught you boys at breakfast

Sunday, 27 September 2009

It is interesting that François Marier recently posted a brief "howto" document on debugging problems caused by overly-agressive filtering with privoxy, as I've recently been having problems with that tool.

My home network frequently changes configuration depending on what I'm concentrating upon, but every few months I'll start/cease using the following tools:

  • squid - The caching proxy server.
  • tor - The onion router.
  • privoxy - The filtering cache.

Recently I was experimenting with XSS attacks against various browsers, which meant using them for real. As not all browsers have the same anti-advert setups I was running privoxy to filter out web-annoyances, and I spotted a major flaw with it.

Unfortunately I can only describe the problem, not reproduce it, or track it down. I'm 80% certain the bug is in privoxy, but the stack is suitably high that determining that for sure is problematic.

In short the issue is that HTTP requests would end up being sent to the wrong host:

  • I load my start page in one tab: http://www.steve.org.uk/start/
  • I click to open the following URL in another tab: http://www.perlmonks.org/?node=Newest Nodes.
  • The request gets sent to http://steve.org.uk/?node=...

After that clicking around consistently sends requests to the first HTTP host which was accessed succesfully. So, for example, attempting to visit http://foo.com/bar/ will send the request to http://steve.org.uk/bar - which then gives a 404.

In terms of setup I use a dnsmasq DNS cache, privoxy and iceweasel from Debian unstable. From the symptoms I'm not sure if iceweasel's "KeepAlive" system is to blame, or if privoxy has a bad cache of hosts. Perhaps it is dnsmasq returning bogus DNS data, or my cable connection itself having DNS issues.

Anyway once the symptoms present themselves closing the browser and restarting the cache fixes it. Until the next time which might be hours or days later.

I'd report it as a bug - but I don't know where it should be. Privoxy caching things it shouldn't? iceweasel having keepalive issues? dnsmasq returning wrong DNS entries?

I'd ask "Have you seen this before, internet world?" but I guess if you have tracked it down it'd be fixed by now, and it clearly isn't!

Anyway for the moment I've uninstalled privoxy.

ObFilm: Pulp Fiction

| 4 comments.

 

Comments On This Entry

[gravitar] Francois Marier

Submitted at 21:05:23 on 27 september 2009

Funny you mention my name here, because I think I have the same problem.

My setup is simpler: just privoxy, no squid or tor.

Restarting the privoxy daemon (but not the browser or clearing the cache) seems to fix it (temporarily) for me.

I initially thought it was due to a dodgy DNS server, but it happens both at work and at home. Was thinking about researching this problem further, but I couldn't find a googleable way of describing the problem...

[author] Steve Kemp

Submitted at 21:12:44 on 27 september 2009

That's great news! (Well not great obviously as we're both seeing the bug, but great that it seems to suggest privoxy alone is at fault.)

With that in mind I'll reinstall it, and see if I can narrow it down over the next few days.

Maybe a few wgets, or similar can trick the problem into manifesting itself? I know that it didn't seem to happen too often, but once the problem showed itself it didn't go away.

[gravitar] Francois Marier

Submitted at 22:06:05 on 27 september 2009

Based on the comments on these bugs, it sounds like this issue might be resolved in privoxy 3.0.14 or 3.0.15:

http://sourceforge.net/tracker/?func=detail&aid=2838716&group_id=11118&atid=111118
http://sourceforge.net/tracker/?func=detail&aid=2831227&group_id=11118&atid=111118
http://sourceforge.net/tracker/?func=detail&aid=2826947&group_id=11118&atid=111118
http://sourceforge.net/tracker/?func=detail&aid=2827004&group_id=11118&atid=211118

I have just commented out the "keep-alive-timeout" and "connection-sharing" lines in my /etc/privoxy/config to see if it changes anything...

[author] Steve Kemp

Submitted at 22:54:10 on 27 september 2009

That does look promising, thanks for the pointers.


 

Comments are closed on posts which are more than ten days old.

Recent Posts

Recent Tags