On Sat, Jul 19, 2008 at 3:32 PM, Michael Alger <squid@xxxxxxxxxxx> wrote: > The absolute best thing you could do is to perform a packet capture > from the client and see exactly what it's sending to squid. You can > use ethereal/wireshark or tcpdump for this; at least one must be > available for OSX. Thanks, good suggestion (FMI: see below). > I wonder if the above is verbatim, i.e. no copy/paste errors, and if > so, if what squid is spitting out is *exactly* what the client sent? > There's some obvious problems with headers wrapping to the next > line, but that may just be because of how squid displays it and how > it was copied. the original post was a direct cut and paste, no editing, however there is line wrapping on most email clients and I think there are two wrapped lines because of that, ie break on "cgiProxy-" and wrapped "User-Agent" & "Accept:". I just check the output again, and indeed there is some "quirked" output, with the line starting "Referer:" also containing the "Proxy-Connection:keep-alive". The same happens on other pages that error. Could this have something to do with why squid is having an error, with that data, it would make it impossible to retrieve the url, IF the browser was sending "linked lines" as it were. OR is it just a malformed output from an iteration in squid. Without access to packet capture I can not find out, but the following url does work when constructed by hand: http://www.squid-cache.org/cgi-bin/swish-query.cgi?keywords=Invalid%20Request%20with%20Mozilla%20Firefox%202 Thanks for the help though, at least I can make a suggestion when next I meet a sys admin.. (OK, now one of the iMac OSX FF2 clients IS working, that means it something to do with this installation of FF2, bah humbug.. thanks anyway..) Paul For Future Reference: -------------------------------- WIRESHARK: "Wireshark 1.0.2 Intel.dmg" from any SourceForge mirror -------------------------------- SHELL: The shell is accessed through the Terminal program, which you will find under Applications->Utilities. -------------------------------- TCPDUMP: This command line tool is included with all versions of Mac OS X, and is also available on many other Unix platforms. To get started, try the following command. sudo tcpdump -i en0 -s 0 -w DumpFile.dmp The sudo command causes tcpdump to run with privileges, which is necessary in order to capture network traffic. The -i en0 option tells tcpdump to capture packets on the first Ethernet interface. By default, tcpdump will use the first non-loopback interface it can find (usually en0). For a list of interfaces, type ifconfig -a. Mac OS X 10.1 and later provide packet capture support on PPP, so you can also specify a PPP interface here (for example, -i ppp0). Note: The AirPort interface is typically en1. You can get a list of network interface user-visible names and their corresponding BSD-style names by running networksetup -listallhardwareports. The -s 0 option requests the full packet rather than just the first 68 bytes. The -w DumpFile.dmp parameter tells tcpdump to dump the packets to a file called DumpFile.dmp. In response to this command, tcpdump will begin to capture packets and put them in the DumpFile.dmp file. When you want to stop capturing, interrupt tcpdump by typing ^C. You can then display the contents of the packets as text using the following command. tcpdump -s 0 -n -e -x -vvv -r DumpFile.dmp The -n option means that addresses are not converted to domain names, which speeds things up considerably. The -e option causes tcpdump to display the link-level header for each packet. The -x option causes the contents of the packet to also be displayed in hex. The -vvv option makes tcpdump's output as verbose as possible. By specifying -r DumpFile.dmp option you tell tcpdump to read packets from the file DumpFile.dmp rather than from a network interface. Note that you don't need privileges to do this, so running tcpdump using sudo is not required. You can also combine these steps, as shown below, but if you do this you don't get a high-fidelity record of the packets that you captured. sudo tcpdump -i en0 -s 0 -n -e -x -vvv -------------------------------- On Sat, Jul 19, 2008 at 3:32 PM, Michael Alger <squid@xxxxxxxxxxx> wrote:
