Search squid archive

RE: Proxy/no proxy GET results differ

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Amos,

Thank you for your help. You're right. Forwarded_for is off in the proxy configuration. When I enable forwarded_for, the remote server does not return that error message. Problem solved. 

Regards,

Dan




-----Original Message-----
From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] 
Sent: Wednesday, April 29, 2009 2:02 AM
To: Dan Sopher
Cc: squid-users@xxxxxxxxxxxxxxx
Subject: Re:  Proxy/no proxy GET results differ

Dan Sopher wrote:
>      Thank you for the reply. As requested, below are 2 captured TCP streams. The first 3 sections is 1 TCP stream with the proxy in the data path, and captured from each interface of client<->proxy<->remote_server (although can't capture from the remote server interface). The 4th section is the TCP stream without the proxy in the data path.
> 
>      Does it appear that the remote server is receiving a request in a format that it cannot process, and is returning the "# Server Error" page to the proxy?
> 

Not really. Apache is normally capable of doing these requests easily.

The only non-standard thing about the request going back is the 
butchered "X-Forwarded-For: unknown" which is unfortunately fairly 
common, so I doubt its a problem.

It's very weird to get a "200 OK" server error. But they would know more 
about that than any of us.

Amos

> 
> 
> 
> ===============================================================
> PACKET CAPTURE FROM CLIENT WITH SQUID IN DATA PATH (STREAM 1):
> 
> GET http://mirrors.rpmfusion.org/mirrorlist?repo=free-fedora-updates-released-9&arch=i386 HTTP/1.1
> TE: deflate,gzip;q=0.3
> Connection: TE, close
> Host: mirrors.rpmfusion.org
> User-Agent: lwp-request/2.07
> 
> HTTP/1.0 200 OK
> Date: Tue, 28 Apr 2009 17:44:45 GMT
> Server: Apache/2.2.11 (Fedora)
> Content-Length: 15
> Cache-Control: no-cache
> Content-Type: text/plain
> X-Cache: MISS from la-squid.twistbox.com
> X-Cache-Lookup: MISS from la-squid.twistbox.com:3128
> Via: 1.0 la-squid.twistbox.com (squid)
> Proxy-Connection: close
> 
> # Server Error
> 
> ===============================================================
> PACKET CAPTURE FROM CLIENT-SIDE TCP PORT OF THE PROXY(STREAM 1):
> 
> GET http://mirrors.rpmfusion.org/mirrorlist?repo=free-fedora-updates-released-9&arch=i386 HTTP/1.1
> TE: deflate,gzip;q=0.3
> Connection: TE, close
> Host: mirrors.rpmfusion.org
> User-Agent: lwp-request/2.07
> 
> HTTP/1.0 200 OK
> Date: Tue, 28 Apr 2009 17:44:45 GMT
> Server: Apache/2.2.11 (Fedora)
> Content-Length: 15
> Cache-Control: no-cache
> Content-Type: text/plain
> X-Cache: MISS from la-squid.twistbox.com
> X-Cache-Lookup: MISS from la-squid.twistbox.com:3128
> Via: 1.0 la-squid.twistbox.com (squid)
> Proxy-Connection: close
> 
> # Server Error
> 
> ===============================================================
> PACKET CAPTURE FROM EXTERNAL-SIDE TCP PORT OF THE PROXY(STREAM 1):
> 
> GET /mirrorlist?repo=free-fedora-updates-released-9&arch=i386 HTTP/1.0
> Host: mirrors.rpmfusion.org
> User-Agent: lwp-request/2.07
> Via: 1.1 la-squid.twistbox.com (squid)
> X-Forwarded-For: unknown
> Cache-Control: max-age=259200
> Connection: keep-alive
> 
> HTTP/1.1 200 OK
> Date: Tue, 28 Apr 2009 17:44:45 GMT
> Server: Apache/2.2.11 (Fedora)
> Content-Length: 15
> cache-control: no-cache
> Keep-Alive: timeout=2, max=100
> Connection: Keep-Alive
> Content-Type: text/plain
> 
> # Server Error
> 
> ===============================================================
> PACKET CAPTURE FROM CLIENT _WITHOUT_ THE PROXY IN DATA PATH(STREAM 2):
> GET /mirrorlist?repo=free-fedora-updates-released-9&arch=i386 HTTP/1.1
> TE: deflate,gzip;q=0.3
> Connection: TE, close
> Host: mirrors.rpmfusion.org
> User-Agent: lwp-request/2.07
> 
> HTTP/1.1 200 OK
> Date: Tue, 28 Apr 2009 17:44:49 GMT
> Server: Apache/2.2.11 (Fedora)
> Content-Length: 404
> cache-control: no-cache
> Connection: close
> Content-Type: text/plain
> 
> # repo = free-fedora-updates-released-9 arch = i386 country = US 
> http://mirror.liberty.edu/pub/rpmfusion/free/fedora/updates/9/i386
> http://astromirror.uchicago.edu/rpmfusion/free/fedora/updates/9/i386
> http://mirrors.cat.pdx.edu/rpmfusion/free/fedora/updates/9/i386
> http://mirror.web-ster.com/rpmfusion/free/fedora/updates/9/i386
> http://mirrors.tummy.com/mirrors/rpmfusion.org/free/fedora/updates/9/i386
> 
> 
> 
> 
> 
> 
> -----Original Message-----
> From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] 
> Sent: Monday, April 27, 2009 7:54 PM
> To: Dan Sopher
> Cc: squid-users@xxxxxxxxxxxxxxx
> Subject: Re:  Proxy/no proxy GET results differ
> 
>> Hello.
>>
>> When running the following GET commands from a shell(same results from
>> browsers), the results are different, with the error occurring when
>> squid(Squid Cache: Version 3.0.STABLE13) is in the data path. Any help is
>> appreciated. Thank you in advance.
> 
> You appear to be confused by proper HTTP behavior. The web server responds
> in whatever way it needs to for the requests that comes in.
> 
> Squid is not capable of HTTP/1.1 and so sends HTTP/1.0 requests as it is
> required to do.
> 
> The only possible thing like a bug I can see here is that squid _might_ be
> transforming a TE: encoding request into a Content-Encoding: and the
> client unable to handle such encodings despite needing to. We need the
> headers input into squid from the client vs the headers sent to Server to
> see.
> 
> Amos
> 
>>
>> Examples and packet capture data is below:
>>
>>
>> The following are the results WITHOUT squid in the data path:
>>
>> root@host ~# GET
>> "http://mirrors.rpmfusion.org/mirrorlist?repo=free-fedora-updates-released-9&arch=i386";
>>
>> # repo = free-fedora-updates-released-9 arch = i386 country = US
>> http://astromirror.uchicago.edu/rpmfusion/free/fedora/updates/9/i386
>> http://mirror.liberty.edu/pub/rpmfusion/free/fedora/updates/9/i386
>> http://mirror.web-ster.com/rpmfusion/free/fedora/updates/9/i386
>> http://mirrors.cat.pdx.edu/rpmfusion/free/fedora/updates/9/i386
>> http://mirrors.tummy.com/mirrors/rpmfusion.org/free/fedora/updates/9/i386
>>
>>
>>
>> and, the following result is from using squid in the data path:
>>
>> root@host ~# GET -p http://192.168.0.22:3128
>> "http://mirrors.rpmfusion.org/mirrorlist?repo=free-fedora-updates-released-9&arch=i386";
>> # Server Error
>>
>>
>>
>> PACKET CAPTURE DATA:
>> ===================
>> 1. This is the result without using Squid proxy. Traffic is captured from
>> the host using this configuration:
>>
>> Data path: Host -> Juniper Netscreen firewall -> Router -> Internet
>>
>>
>> GET /mirrorlist?repo=free-fedora-updates-released-9&arch=i386 HTTP/1.1
>> TE: deflate,gzip;q=0.3
>> Connection: TE, close
>> Host: mirrors.rpmfusion.org
>> User-Agent: lwp-request/2.07
>>
>> HTTP/1.1 200 OK
>> Date: Fri, 24 Apr 2009 20:53:22 GMT
>> Server: Apache/2.2.11 (Fedora)
>> Content-Length: 474
>> cache-control: no-cache
>> Connection: close
>> Content-Type: text/plain
>>
>> # repo = free-fedora-updates-released-9 arch = i386 country = US
>> http://astromirror.uchicago.edu/rpmfusion/free/fedora/updates/9/i386
>> http://mirror.liberty.edu/pub/rpmfusion/free/fedora/updates/9/i386
>> http://mirror.web-ster.com/rpmfusion/free/fedora/updates/9/i386
>> http://mirrors.cat.pdx.edu/rpmfusion/free/fedora/updates/9/i386
>> http://lordmorgul.net/pub/fedora/rpmfusion/free/fedora/updates/9/i386
>> http://mirrors.tummy.com/mirrors/rpmfusion.org/free/fedora/updates/9/i386
>>
>>
>>
>>
>> 2. This is the result using Squid proxy. Traffic captured from the
>> external interface of the proxy:
>>
>> Data path: Host -> Squid proxy -> Juniper Netscreen firewall -> Router ->
>> Internet
>>
>>
>> GET /mirrorlist?repo=free-fedora-updates-released-9&arch=i386 HTTP/1.0
>> Host: mirrors.rpmfusion.org
>> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.9)
>> Gecko/2009040821 Firefox/3.0.9 (.NET CLR 3.5.30729)
>> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
>> Accept-Language: en-us,en;q=0.5
>> Accept-Encoding: gzip,deflate
>> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
>> Keep-Alive: 300
>> Via: 1.0 la-squid.twistbox.com (squid)
>> X-Forwarded-For: unknown
>> Cache-Control: max-age=259200
>> Connection: keep-alive
>>
>> HTTP/1.1 200 OK
>> Date: Fri, 24 Apr 2009 20:54:51 GMT
>> Server: Apache/2.2.9 (Fedora)
>> Content-Length: 35
>> content-encoding: gzip
>> cache-control: no-cache
>> Connection: close
>> Content-Type: text/plain; charset=UTF-8
>>
>> .....'.I..SV.N-*K-Rp-*./....$}N....
>>
>>
>>
>> CONFIGURATION:
>> =============
>> Squid Cache: Version 3.0.STABLE13
>>
>> configure options:  '--build=i386-redhat-linux-gnu'
>> '--host=i386-redhat-linux-gn
>> u' '--target=i386-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr'
>> '--exec-
>> prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc'
>> '--in
>> cludedir=/usr/include' '--libdir=/usr/lib' '--libexecdir=/usr/libexec'
>> '--shared
>> statedir=/usr/com' '--mandir=/usr/share/man' '--infodir=/usr/share/info'
>> '--exec
>> _prefix=/usr' '--bindir=/usr/sbin' '--libexecdir=/usr/lib/squid'
>> '--localstatedi
>> r=/var' '--datadir=/usr/share' '--sysconfdir=/etc/squid'
>> '--disable-dependency-t
>> racking' '--enable-arp-acl' '--enable-auth=basic,digest,ntlm'
>> '--enable-basic-au
>> th-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain-NTLM,SASL'
>> '--enable-
>> cache-digests' '--enable-cachemgr-hostname=localhost'
>> '--enable-delay-pools' '--
>> enable-digest-auth-helpers=password' '--enable-epoll'
>> '--enable-external-acl-hel
>> pers=ip_user,ldap_group,unix_group,wbinfo_group' '--enable-icap-client'
>> '--enabl
>> e-ident-lookups' '--with-large-files' '--enable-linux-netfilter'
>> '--enable-ntlm-
>> auth-helpers=SMB,fakeauth' '--enable-referer-log'
>> '--enable-removal-policies=hea
>> p,lru' '--enable-snmp' '--enable-ssl'
>> '--enable-storeio=aufs,diskd,null,ufs' '--
>> enable-useragent-log' '--enable-wccpv2' '--with-aio'
>> '--with-default-user=squid'
>>  '--with-filedescriptors=16384' '--with-dl' '--with-openssl=/usr/kerberos'
>> '--wi
>> th-pthreads' 'build_alias=i386-redhat-linux-gnu'
>> 'host_alias=i386-redhat-linux-g
>> nu' 'target_alias=i386-redhat-linux-gnu' 'CFLAGS=-fPIE -Os -g -pipe
>> -fsigned-cha
>> r -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
>> -fstack-protector --pa
>> ram=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic
>> -fasynchronous-unwind-tabl
>> es' 'LDFLAGS=-pie' 'CXXFLAGS=-fPIE -O2 -g -pipe -Wall
>> -Wp,-D_FORTIFY_SOURCE=2 -f
>> exceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386
>> -mtune=g
>> eneric -fasynchronous-unwind-tables' 'FFLAGS=-O2 -g -pipe -Wall
>> -Wp,-D_FORTIFY_S
>> OURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32
>> -march=i38
>> 6 -mtune=generic -fasynchronous-unwind-tables'
>>
>>
>>
>>
>>
>>
> 
> 


-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14
   Current Beta Squid 3.1.0.7


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux