DansGuardian is usually set up as a transparent proxy. Unfortunately, HTTP/1.0 requests are incompatible with transparent proxies. In later versions of HTTP, the server hostname is included in the request, and life is great. In HTTP/1.0, though, the hostname is not included, so the transparent proxy has no way of knowing which server to download the web page from.
Certain programs and HTTP libraries make HTTP/1.0 requests, so they will produce strange errors when behind DansGuardian. DansGuardian will return the following web page when given an HTTP/1.0 request:
<HTML><HEAD><TITLE>DansGuardian - 400 Bad Request</TITLE></HEAD> <BODY><H1>DansGuardian - 400 Bad Request</H1> The requested URL is malformed.</BODY></HTML>
When a program makes an HTTP/1.0 request and receives this web page instead of the expected result, it may become very confused. Here are some programs and the errors they gave:
Configure your firewall to avoid proxying for specific destination hosts, such as www.msnbc.com and image.weather.com in the case of MythWeather. For example, you could use the following in iptables:
$IPT -t nat -N dansguardian $IPT -t nat -A PREROUTING -i $INTETH -p tcp --dport 80 -j dansguardian $IPT -t nat -A PREROUTING -i $WIRELESSVPNETH -p tcp --dport 80 -j dansguardian $IPT -t nat -A dansguardian -d svn.mythtv.org -j RETURN # exception: www.msnbc.com (x4): $IPT -t nat -A dansguardian -d 207.46.245.60 -j RETURN $IPT -t nat -A dansguardian -d 207.46.245.61 -j RETURN $IPT -t nat -A dansguardian -d 207.46.150.20 -j RETURN $IPT -t nat -A dansguardian -d 207.46.150.21 -j RETURN # exception: image.weather.com (x3): $IPT -t nat -A dansguardian -d 63.111.66.11 -j RETURN $IPT -t nat -A dansguardian -d 63.111.66.12 -j RETURN $IPT -t nat -A dansguardian -d 63.111.69.51 -j RETURN # exception: www.weather.com for MythWeather $IPT -t nat -A dansguardian -d 63.111.24.20 -j RETURN $IPT -t nat -A dansguardian -d 63.111.69.12 -j RETURN # Otherwise, redirect to DansGuardian: $IPT -t nat -A dansguardian -p tcp -j REDIRECT --to-port 8080