I'm going to have a hemorrhagic stroke over this and I hope I can get some insight from one of you kind souls. Here's my essential problem: I have two separate squid proxies setup on two different VPSs. I configured, compiled, installed, and setup both identically (or thought I did, anyway). Through both of these Squids I can proxy using Opera/Firefox just fine, for http and https using whatever protocol is needed (GET/POST/CONNECT). So far so good. I also need to run some PERL http requests through those proxies, and that's where it gets weird. Though squid A, everything works perfectly fine. Though squid B, only requests for http work, and everything else is DENIED with (71) Connection Refused returned. Given that I thought both squid proxies were setup the same, I'm hurting to explain why one works and the other doesn't. There's obviously some difference between them but I can't fathom what. I even copied the squid.conf file from one to the other without any love. I tried turning off ALL the acl denial rules just to see but still nothing. That aside, I can't work out why Opera is fine but the PERL isn't being accepted. There's obviously some difference in the way the requests are coming in, but the access.log files aren't helping me at all. Of course, looking at the logs, Opera is using CONNECT to get the https and Perl is trying to use GET/POST, but squid-A is perfectly fine with this so I'm not sure why squid-B isn't. I've scoured the wikis, google, and documentation to no avail. Maybe I'm missing something obvious? Is this a problem with SSL keys or something? Any help is greatly appreciated. Here's the details: ------------------------------------------------------------------------- squid - A (works fine for Opera/Firefox/IE and also for all my PERL requests) ------------------------------------------------------------------------- squid.conf file: http_port 3141 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? cache deny QUERY acl apache rep_header Server ^Apache broken_vary_encoding allow apache access_log /usr/local/squid/var/logs/access.log squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 443 # https acl Nibbler src 147.126.141.0/255.255.255.0 acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny to_localhost http_access allow Nibbler http_access deny all http_reply_access allow all icp_access allow all visible_hostname jvds.com deny_info TCP_RESET all via off forwarded_for off header_access all deny all header_access From deny all header_access Referer deny all header_access Server deny all header_access WWW-authenticate deny all header_access Link deny all header_access User-Agent deny all header_access Proxy-Authorization deny all header_access Proxy-Authentication deny all header_access Proxy-Connection deny all coredump_dir /usr/local/squid/var/cache ------------------------------------------------------------------------- squid B (works for Opera, etc, but NOT for PERL) ------------------------------------------------------------------------- squid.conf: http_port 3141 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? cache deny QUERY acl apache rep_header Server ^Apache broken_vary_encoding allow apache access_log /usr/local/squid/var/logs/access.log squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 443 # https acl Nibbler src 147.126.141.0/255.255.255.0 acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access allow Nibbler http_access deny all http_reply_access allow all icp_access allow all visible_hostname jvds.com deny_info TCP_RESET all via off forwarded_for off header_access all deny all header_access From deny all header_access Referer deny all header_access Server deny all header_access WWW-authenticate deny all header_access Link deny all header_access User-Agent deny all header_access Proxy-Authorization deny all header_access Proxy-Authentication deny all header_access Proxy-Connection deny all coredump_dir /usr/local/squid/var/cache ------------------------------------------------------------------------- Squid - B: Access.log file ------------------------------------------------------------------------- A selection of the log file: USING OPERA: 1192153002.874 14 67.163.91.153 TCP_MISS/200 39 CONNECT www.yahoo.com:443 - DIRECT/69.147.114.210 - 1192153283.477 818 67.163.91.153 TCP_MISS/200 1939 POST http://ocsp.verisign.com/ - DIRECT/199.7.48.72 application/ocsp-response USING PERL: 1192153251.478 7 67.163.91.153 TCP_DENIED/501 1312 GET https://www.wellsfargo.com - NONE/- text/html 1192153378.916 5 67.163.91.153 TCP_DENIED/501 1522 POST https://www.ticketmaster.ca/checkout/reserve/D31k5IiYM2z0ebOSvKG0wdEGnRhd9NBlZia4npSJfqQ6wz2iBm_fjNLuQCBAXhbS6uaw-MQYR4G-yS10GLlwqQ - NONE/- text/html ____________________________________________________________________________________ Building a website is a piece of cake. Yahoo! Small Business gives you all the tools to get online. http://smallbusiness.yahoo.com/webhosting
