From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx]
Sent: Tuesday, August 10, 2010 6:48 PM
To: Alan Lehman
Cc: squid-users@xxxxxxxxxxxxxxx
Subject: RE: possible SOAP problem with 3.1.4
On Tue, 10 Aug 2010 09:14:05 -0500, "Alan Lehman" <alehman@xxxxxxxxxxx>
wrote:
From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx]
Sent: Sunday, July 11, 2010 1:55 AM
To: squid-users@xxxxxxxxxxxxxxx
Subject: Re: possible SOAP problem with 3.1.4
Alan Lehman wrote:
We have particular application software license server for our
office
that is located behind a Squid proxy. It stopped working after
upgrading
Squid from 3.1.0.17 to 3.1.4. This server periodically goes to
the
software company's web site to verify the license is valid and
upload
user counts, etc. It appears to be some sort of SOAP
application.
The
license server runs on a Windows server. From access.log:
Running 3.1.0.17 (succeeds) -
1278609155.802 470 172.16.4.43 TCP_MISS/200 725 POST
http://selectserver.bentley.com/bss/ws/Misc.asmx -
DIRECT/64.90.235.78
text/xml
1278609157.482 1054 172.16.4.43 TCP_MISS/200 117679 POST
http://selectserver.bentley.com/bss/ws/GatewayWS.asmx -
DIRECT/64.90.235.78 text/xml
Running 3.1.4 (fails) -
1278607986.223 1138 172.16.4.43 TCP_MISS/500 838 POST
http://selectserver.bentley.com/bss/ws/Misc.asmx -
DIRECT/64.90.235.78
application/soap+xml
1278607987.128 895 172.16.4.43 TCP_MISS/200 1178 POST
http://selectserver.bentley.com/bss/ws/Misc.asmx -
DIRECT/64.90.235.78
text/xml
I verified the situation by going back to 3.1.0.17 with the same
config,
whereupon it started working again. I tried adding cache deny
for
this
domain but it didn't change anything.
Any thoughts would be most appreciated.
Thanks,
Alan Lehman
Don't know the problem.
You are going to have to dig into the request/reply's a bit
further
to
see what the problems is.
The biggest difference between 3.1.0.17 and 3.1.4 is that
HTTP/1.1
is
sent to the server by 3.1.4. It may be doing some broken magic,
as
evidenced by the different response type given to Squid now.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.5
So far I'm unable to determine a consistent pattern with
Wireshark.
Is there a way I can force 3.1.4 to use HTTP/1.0?
Alan
You can reverse the 1.1 enabling patch found here:
http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-
9916.patch
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.5
Using Wireshark, I recorded the following conversation between the
license
server and Squid-3.1.6. The capture with the patched version of squid
is
very similar. It appears to me that the license server is not
responding
correctly to Squid's 417, right? But why is Squid 3.1.6 (unpatched)
issuing the 417?
Um, this is a little strange. The *server* is making these requests
through Squid?
The client-server model indicates the machine you are calling a server
here is in fact a client.
So, the workaround is to turn on the ignore_expect100 directive in
Squid.
Which suppresses the 417 response going to clients.
POST http://selectserver.bentley.com/bss/ws/GatewayWS.asmx HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client
Protocol 2.0.50727.3603)
Content-Type: text/xml; charset=utf-8
SOAPAction:
"http://bentley.com/selectserver/webservices/GetGatewayLicense";
Host: selectserver.bentley.com
Content-Length: 564
Expect: 100-continue
Proxy-Connection: Keep-Alive
HTTP/1.0 417 Expectation Failed
Server: squid/3.1.6
Mime-Version: 1.0
Date: Tue, 10 Aug 2010 13:40:31 GMT
Content-Type: text/html
Content-Length: 3944
X-Squid-Error: ERR_INVALID_REQ 0
Vary: Accept-Language
Content-Language: en
X-Cache: MISS from proxy2.gbateam.com
Via: 1.0 proxy2.gbateam.com (squid/3.1.6)
Proxy-Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd";>
<html><head>....
</body></html>
So far so good.
<?xml version="1.0" encoding="utf-8"?><soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";><soap:Body><GetGatewayLice
nse
xmlns="http://bentley.com/selectserver/webservices/";><GatewayKey>062D04
32571D1748859E50B1CD98B9DE</GatewayKey><GatewaySiteKeys><string>062D043
2571D1748859E50B1CD98B9DE</string></GatewaySiteKeys><ComputerName>SUP1<
/ComputerName><SSHostName>selectserver.bentley.com</SSHostName></GetGat
ewayLicense></soap:Body></soap:Envelope>
Um, Where is that garbage coming from? The POST?
Assuming so, that would make the client broken and maybe a bug in Squid
lettign that brokenness through.
This type of behaviour is what the ignore_expect100 can help with.
Making
Squid suppress the 417 to the client and drop any 100 is receives from
the
server. Passing the request on as if it was a regular POST with body
directly after .
POST http://selectserver.bentley.com/bss/ws/usagelogging.asmx
HTTP/1.0
User-Agent: BSIlm/0.9.0.0
Host: selectserver.bentley.com
Content-Length: 0
Proxy-Connection: Keep-Alive
Pragma: no-cache
HTTP/1.0 500 Internal Server Error
Date: Tue, 10 Aug 2010 13:40:33 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: application/soap+xml; charset=utf-8
Content-Length: 481
X-Cache: MISS from proxy2.gbateam.com
Via: 1.0 proxy2.gbateam.com (squid/3.1.6)
Proxy-Connection: keep-alive
Weird.
<snip server reply body>
POST http://selectserver.bentley.com/bss/ws/usagelogging.asmx
HTTP/1.0
User-Agent: BSIlm/0.9.0.0
Host: selectserver.bentley.com
Content-Type: text/xml; charset=UTF-8
Proxy-Connection: Keep-Alive
Pragma: no-cache
Content-Length: 8153
SOAPAction:
"http://bentley.com/selectserver/webservices/ReportUsageEntries";
<soap:Envelope.... ></soap:Envelope>
HTTP/1.0 200 OK
Date: Tue, 10 Aug 2010 13:40:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private, max-age=0
Content-Type: text/xml; charset=utf-8
Content-Length: 715
X-Cache: MISS from proxy2.gbateam.com
Via: 1.0 proxy2.gbateam.com (squid/3.1.6)
Proxy-Connection: keep-alive
<?xml version="1.0" encoding="utf-8"?><soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";><soap:Body><ReportUsageEnt
riesResponse
xmlns="http://bentley.com/selectserver/webservices/";><ReportUsageEntrie
sResult><Status>0</Status><LicenseAvaliable>1</LicenseAvaliable><Produc
tName>MicroStation</ProductName><Ack>MHd0oUWqXDp3tB89iGrAbXpR63A=</Ack>
<CompanyName>George
Butler &
Associates</CompanyName><SiteID>4012052</SiteID><SelectServerSerialNumb
er>70000661800020</SelectServerSerialNumber><LicType>1</LicType></Repor
tUsageEntriesResult></ReportUsageEntriesResponse></soap:Body></soap:Env
elope>
Client then tries again without the Expect:. This is good behaviour
finally and it seems to work.
POST http://selectserver.bentley.com/bss/ws/usagelogging.asmx
HTTP/1.0
User-Agent: BSIlm/0.9.0.0
Host: selectserver.bentley.com
Content-Length: 0
Proxy-Connection: Keep-Alive
Pragma: no-cache
HTTP/1.0 500 Internal Server Error
Date: Tue, 10 Aug 2010 13:40:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: application/soap+xml; charset=utf-8
Content-Length: 481
X-Cache: MISS from proxy2.gbateam.com
Via: 1.0 proxy2.gbateam.com (squid/3.1.6)
Proxy-Connection: keep-alive
Back to the weirdness with no apparent reason.
Amos
