On Mon, 1 Nov 2010 12:41:44 -0500, "Dean Weimer" <dweimer@xxxxxxxxxxxx> wrote: > I had an older machine that was still running 3.0 STABLE 12, that was > functioning as a forward and reverse proxy using port 80 for both. And a > reverse proxy for one site on Port 443, the machine sits in a DMZ the > forward proxy only directs about to web sites for machines connected > through WAN connections, and functions as a reverse proxy for those > machines when connecting to a couple internal sites. This machine had a > hardware failure last night and I was forced to put in place the newer > machine that had already had the software installed but wasn't configured > or tested yet. > > The problem I am having is that this machine running squid 3.1.9 functions > fine as both forward and reverse for http websites, and is working for the > reverse HTTPS site, though I had to use the sslproxy_cert_error acl method > to bypass a cert error, even though the cert is valid, it's not accepting > it. That's a minor problem though, as its functioning. The more pressing > problem is that HTTPS forward proxy is not working, the logs show an error > every time stating a connect method was received on an accelerator port. > > 2010/11/01 12:26:43| clientProcessRequest: Invalid Request > 2010/11/01 12:26:44| WARNING: CONNECT method received on http Accelerator > port 80 > 2010/11/01 12:26:44| WARNING: for request: CONNECT armmf.adobe.com:443 > HTTP/1.0 > User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR > 1.1.4322) > Host: armmf.adobe.com > Content-Length: 0 > Proxy-Connection: Keep-Alive > Pragma: no-cache > > Is using the same port for both forward of http & https not allowed while > using it for a reverse proxy anymore? It's never been allowed. The ability in older Squid was a bug. You will need a separate http_port line for the two modes if you want CONNECT tunnels. It's a good idea to keep each of the four modes (forward, reverse, intercept and transparent) on separate http_port. From 3.1 onwards this is being enforced where possible. Amos
