[squid-users] Invalid URL error for https site first time

"Mark Krawec" <mark@xxxxxxxxxxxxx> · Mon, 4 Apr 2005 14:50:18 -0700

Our configuration is squid-2.5.STABLE7 using squid_ldap_auth on RH 7.3.
Our browser is IE 6.0 SP1 and users are running W2k.  
The problem is our users are getting an "invalid URL" error
page from Squid when they go to a secure site as their first destination.
If they go to a non-secure site first they have no problem going to the
secure site with the same browser.  Once they get the "invalid URL" error
they can click refresh to go to the page.  I've seen this asked before but
I've never seen a definitive answer on why this was happening and what was
at fault (IE or Squid).

A snippet of the packet trace is below.  It's interesting because Squid says
it received a malformed URL which looks fine to me (packet #9).  The other
interesting thing is the Proxy never sends the browser an indication that the
HTTP connection is established which I think has to happen before the browser
should send a GET.  Does anyone know why this is happening and if there's a
fix or workaround.

Thanks,

Mark

No.     Time        Source                Destination           Protocol Info
      1 0.000000    10.51.64.77           10.203.1.46           TCP      1428
> 8080 [SYN] Seq=0 Ack=0 Win=64512 Len=0 MSS=1460

No.     Time        Source                Destination           Protocol Info
      2 0.000033    10.203.1.46           10.51.64.77           TCP      8080
> 1428 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460

No.     Time        Source                Destination           Protocol Info
      3 0.002918    10.51.64.77           10.203.1.46           TCP      1428
> 8080 [ACK] Seq=1 Ack=1 Win=64512 Len=0

No.     Time        Source                Destination           Protocol Info
      4 0.002989    10.51.64.77           10.203.1.46           HTTP    
CONNECT www.krawecnet.com:443 HTTP/1.0

No.     Time        Source                Destination           Protocol Info
      5 0.003007    10.203.1.46           10.51.64.77           TCP      8080
> 1428 [ACK] Seq=1 Ack=199 Win=6432 Len=0

No.     Time        Source                Destination           Protocol Info
      6 0.003533    10.203.1.46           10.51.64.77           HTTP    
HTTP/1.0 407 Proxy Authentication Required (text/html)

No.     Time        Source                Destination           Protocol Info
      7 0.003542    10.203.1.46           10.51.64.77           HTTP    
Continuation or non-HTTP traffic

No.     Time        Source                Destination           Protocol Info
      8 0.005029    10.51.64.77           10.203.1.46           TCP      1428
> 8080 [ACK] Seq=199 Ack=1572 Win=64512 Len=0

No.     Time        Source                Destination           Protocol Info
      9 7.621070    10.51.64.77           10.203.1.46           HTTP     GET
/cgi-bin/openwebmail/openwebmail.pl HTTP/1.0

No.     Time        Source                Destination           Protocol Info
     10 7.621571    10.203.1.46           10.51.64.77           HTTP    
HTTP/1.0 400 Bad Request (text/html)

Here's the detail on Packet #10

No.     Time        Source                Destination           Protocol Info
     10 6.623119    10.203.1.46           10.51.64.77           HTTP    
HTTP/1.0 400 Bad Request (text/html)

_______________________________________________________________
Mark Krawec          mark@xxxxxxxxxxxxx
"Earth First"        (We'll strip mine the other planets later)