On 2/05/2013 1:42 a.m., Pablo Ruben M wrote:
I have Squid's new installation 3.3.3 behind a Firewall NAT and do not achieve that it works. Placing the debug in ALL, 3 I obtain the following mistakes: HTTP/1.1 400 Bad Request Server: squid/3.3.3 Mime-Version: 1.0 Date: Wed, 01 May 2013 12:19:08 GMT Content-Type: text/html Content-Length: 3229 X-Squid-Error: ERR_INVALID_URL 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from proxy02 Via: 1.1 proxy02 (squid/3.3.3) Connection: close In the web browser I obtain: The following error was encountered while trying to retrieve the URL: / Invalid URL I have Squid's installation 2.7 working without problems. Does it change radically the installation into Squid 3?
No. The changes required to make 3.2and later work are also required to make version 2.5 to 3.1 work properly. The older versiosn were just hiding the problem and allowing hackers to use the proxy unrecorded (CVE-2009-0801 is one of the effects).
Solution: separate the Squid http_port from intercepted traffic from the configured proxy traffic.
Also, the firewall NAT must be done on the Squid device. If the firewall device is separate from the Squid device, you require policy routing (or WCCP) to pass traffic without altering the IP details from the firewall device to the squid device where NAT can take place.
Amos
