Hello there,
I often get the attached error 502:
No Server or forwarder data received ...
I've set in my config:
forwarded-connect-retries 10
forward-socks5t / 127.0.0.1:9050 .
No Firewall or Antivirus software installed.
but I still often receive this weird error... does anyone has an idea?
This is unlikely to be a Privoxy problem, but you could increase
the log level for a while to see if the problem occurs on certain
sites or at certain times only which might help to analyze the
cause of the problem.
It might also help to check the log of the socks proxy for error
messages.
Note that the forwarded-connect-retries directive is not
expected to help in this case as the connection was
established successfully.
I am able to reproduce this bug.
Use DuckDuckGo's public hidden service: http://3g2upl4pq6kufc4m.onion/html/
Try to search anything with privoxy+TOR --> 502
I tried tinkering with keep-alive-timeout, 0 and 300 made no difference.
In case of potentially overloaded onion services the error message
is unlikely to indicate a Privoxy bug.
I don't think that DDG is overloaded since it continues to work fine when using SOCKS directly.
To confirm (or more likely rule out) that this is a Privoxy problem,
please reproduce the issue with logging enabled and attach a log excerpt.
I'm reasonably sure that the log will show that Tor accepts the connection
and then closes it after receiving the HTTP request without delivering
a response. In that situation the error message is expected.
If you don't trust the Privoxy log you may want to use tcpdump or wireshark
instead.
How can I activate logging in privoxy? My Vidalia TOR logs don't show any problems....
edit:
Okay I think I've found the option and added to the config file:
debug 512
But I cannot really find a new folder under my windows 8 program folder that is called "logs" or similar? What am I doing wrong?
Edit2:
Okay I've found out the file is called "privoxy.log" but it is still empty... - why?
Edit3:
Okay I've found out, that now the logfiles go into the window of privoxy but the file privoxy.log is still empty...
Edit4:
Okay I found out that it might be because of writing-rights to program folder under windows. Is it possible to change the path to the logdir and if yes, how exactly? Changing the permission rights didn't make any changes...
Last edit: Peter Müller 2015-06-10
To enable logging, specify a log file and enable the debug levels
you are interested in:
http://www.privoxy.org/user-manual/config.html#LOGFILE
http://www.privoxy.org/user-manual/config.html#DEBUG
You may want to increase Tor's log level as well,
for details, please check the Tor manual.
FYI, TOR debug info can be found here: https://www.torproject.org/docs/faq.html.en#LogLevel
There were no apparent errors in TOR even with high logging enabled. TOR is clearly receiving the requests, but for whatever reason privoxy throws a 502.
Interestingly, this is only easily reproducible after a POST request for me.
In the following log file you will see I sent a query "test" to DDG, which fails, followed by navigating to DDG homepage (which works fine), and then searching again for "test" which fails (again).
Debugs enabled:
debug 2
debug 16
debug 1024
debug 32768
Log: http://pastebin.com/raw.php?i=HChZfqe2
Unfortunately I can't access the pastebin URL without compromising
my security settings due to cloudflare garbage, for details see:
https://www.fabiankeil.de/gehacktes/electrobsd/#cloudflare-garbage
Please attach the logfile to the request or use a reasonable
file hoster that does not blacklist Tor exit relays or requires
remote code execution to access a textfile.
Note that the Tor client does not analyse the traffic it relays
to and from the onion service. If the HTTP server accepts the
connection, reads the HTTP request and then closes the connection
without sending data, this is unlikely to result in a Tor error
message (I didn't check, though). If the log is verbose enough
it should tell you how much bytes were transmitted to Privoxy,
though.
Cloudflare is truly aggravating lately. Try this:
http://pastebin.archlinux.fr/1117367
The tor log (even on "debug" setting) only gives route and connect success information, not bytes transmitted that I could find.
Are you sure you uploaded the right log file?
The log excerpt shows Privoxy delivering a 503 error message
after its socks request got rejected (time: 16:31:54.446).
This ticket is about 502 error messages after the socks
request is accepted.
The Tor log should contain entries matching "written", "read",
"Read", "bytes" etc. Using a packet sniffer might be more
convenient than trying to get the information out of the Tor
log.
It seems the last pastebin cropped off my logs, I decided to truncate some of the [read]/[write] jibberish and start a fresh.
Privoxy log:
http://termbin.com/aevb
and....
TOR log:
http://termbin.com/8x6x
I can do a packet capture too if you want, but you can see that the TOR log reveals it did connect at the 8:36 mark.
Thanks for the additional logs.
The Privoxy log shows that Tor indeed closed the socks connection
without delivering a HTTP response first, thus Privoxy's 502 error
message is completely appropriate.
The Tor log suggests that Tor actually forwarded Privoxy's
HTTP request ("Sending up to 415 + 0 bytes") but did not
get any HTTP data back.
It's a bit suspicious that the
"end cell (closed normally) for stream 55137. Removing stream"
message occurs 30 seconds after the
"'connected' received"
message. This could indicates that a timeout is triggered
on the hidden service before the HTTP server manages to
deal with the request.
Without access to the logs from the hidden service trying to
analyze this further is probably pointless.
The only thing Privoxy could do about this is to (optionally)
retry socks requests if the connection gets closed without
any HTTP data being sent. Of course this would further increase
the load on the hidden service, so it's not guaranteed
to actually improve the user experience. Additionally the
server may end up processing the HTTP request twice which may
have unintended side-effects.
Coincidentally I've been working on a bug from behind a hidden service for searx, and I have the logs. I believe these two problems are related. It causes a broken pipe timeout server side. Check it out here: https://github.com/asciimoo/searx/issues/304
This is definitely some sort of timeout issue.
The hidden service http://ulrn6sryqaifefld.onion/ referenced
in the github issue seems to work reliably for me. I haven't tried
the AJAX bits, though.
Hello there,
I've found out how logging works and I could reproduce the error and I also think, that I've found out the moment when the error happened.
I attached my whole tor-logfile and whole privoxy-logfile. (And censored the website because of privacy reasons).
Also I uploaded an excerpt of my whole tor-logfile and whole privoxy-logfile, in which I think the error 502 occoured.
Have you an idea why it happened and how I can solve it?
Thanks in advance!
Cheers
Thanks a lot for the log files.
They seem to suggest that this may be a Privoxy bug after all
(Privoxy's request looks incomplete).
G4JC, your log shows the same issue, I just overlooked it previously.
Please try temporarily using forward-socks5 instead of
forward-socks5t to see if this works around the problem.
Unfortunately I don't have more time right now, but I intent to
look into analysing the cause of the problem tomorrow.
I can confirm that after removing the "t" from the config file, I am unable to reproduce this issue.
Thanks for the confirmation.
The problem should be fixed in CVS now:
http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/gateway.c?view=log#rev1.94
Thank you very much!
I'll try it out and if it still shows me error 502 I will tell you.
Edit:
Unfortunately for me it didn't help.
I still get the same error and also I haven't tried the suggestion what I will try out now:
"If you get this message very often, consider disabling connection-sharing (which should be off by default). If that doesn't help, you may have to additionally disable support for connection keep-alive by setting keep-alive-timeout to 0. "
Probably it doesn't work, what else could I do?
Edit2:
I still get error 502 ...
Could it be because I only have DSL2000?
Last edit: Peter Müller 2015-06-22
Please provide a a log excerpt for the problem occurring with forward-socks5.
You also may want to make sure that http://config.privoxy.org/show-url-info
confirms that forward-socks5 is actually being used.
For the problem I fixed in CVS the local Internet connection
shouldn't matter, especially if Privoxy and the socks server
are running on the same system.
Hello,
I've checked http://config.privoxy.org/show-url-info and everytime it says the correct thing, that it's forwared correctly through socks5 instead of socks5t.
I'm getting this error now:
503
Forwarding failure
Privoxy was unable to socks5-forward your request through 127.0.0.1: Socks5 TTL expired
Maybe this is now another error? Does this mean that TOR was not available at that time?
This is indeed another problem.
It means that the Tor client tried to connect to the destination
server but got a timeout before the connection was established.
Okay thanks.
I've found out that when I click on "get new identity" on the vidalia contorl panel and wait a few seconds this problem doesn't occour.
Have you any idea to tell Vidalia (or TOR) to get a new identity i.e. every 15 minutes automatically?
Although this is pretty far outside the scope or privoxy's bug report... yes it seems to be possible. You could use this and this as reference into the uncharted territory:
https://stackoverflow.com/questions/3274462/result-identity-changing
http://www.autohotkey.com/board/topic/25592-autotelnet-13-tested-with-putty-and-telnet/