View this page in English

Censornet - internet filtering on your terms

BECTA Accredited products VMWare Certified Virtual Appliance Members of the Internet Watch Foundation Shortlisted for the BETT 2008 Awards Computer Security Awards finalist

Chat online now or call +44 (0) 845 230 9590 for help & advice

Transport Endpoint Not Connected

July 19, 2011 • Customer Services

Synopsis

You receive the error: Error connecting to the Upstream Proxy server at 127.0.0.1:3128 - Transport endpoint is not connected

Article

The most common reason for this error appearing is discussed below. It may also happen if the "squid" proxy that CensorNet Professional users has stopped running - please see the section on troubleshooting squid problems below.

The SSL connection from the proxy to the remote server is getting interrupted. Because the proxy isn't in control of the SSL session, it is unable to re-request the URL. A browser (which is in charge of an SSL session) can re-request the URL silently, and indeed would do so, however no proxy server can.

The reason for this is that the HTTP 1.1 protocol forbids it, because of the possibility of a "replay attack".

A proxy server is essentially a man-in-the-middle. It caches data from the browser to the remote server and back again. As a result it is theoretically possible (and indeed happened on many occasions in the early years of the internet) for someone to lift the data from a proxy server when someone accessed their bank accounts, and then use the same data to log in without their permission.

As a result, the HTTPS 1.1 protocol forbids a proxy server to maintain an SSL session state.

What this means for censornet is that if there's a packet drop or a silent redirect to another site from the remote server, its unable to continue the transaction when a browser could do. As a result, the caching proxy server censornet uses to collect its data just stops transmitting data. This is the "Transport endpoint not connected" - the transport endpoint is the caching server which no longer transmits data.

For a browser that isn't going through a proxy (and therefore in charge of the SSL session state), if a packet is dropped or a connection redirected, it will automatically re-send the request. A proxy server cant.

Troubleshooting "squid" problems

This error can happen if the underlying "squid" proxy server is not running. The reasons for this may be:

when squid started, it was unable to resolve any DNS. Check the "setup" program network configuration.
the server has run out of disk space and squid has been forced to stop or cannot start. Follow the guidelines under General Housekeeping article.
there is an error in the squid configuration file and squid cannot start. If you have manually altered the squid.conf file then undo your changes and try and restart squid or reboot the server.

To stop/start squid manually at the command line, use the command:

/etc/squid/init.d stop
/etc/squid/init.d start

Or alternatively you can restart it on the System Overview page of the web control panel, by clicking the circular green arrow icon next to the "Web cache" service under "System monitor".

General Housekeeping

Last modified on Thu, March 08, 2012 « Back

Twitter Icon - Click Here To Follow Us

Follow us on Twitter...

Stay up to date with the latest news, special offers and advice from CensorNet on Twitter... we are Tweeting regularly!

Join our mailing list

CensorNet Ltd is a registered company in England & Wales No. 05518629. © 2005-2011 CensorNet Ltd.
CensorNet™ and the 'CensorNet logo' are registered trademarks of CensorNet Ltd. All rights reserved. E&OE.
CensorNet web filtering is certified for VMware ® environments. VMware® is a trademark of VMware Inc.

Tel: +44 (0)845 230 9590 Fax: +44 (0)845 230 9591 Email: Click here to email us
Site Map | Privacy Policy | Terms & Conditions of Sale | Web Site Terms & Conditions

Back to the top