Search squid archive

Re: Squid 3.1.19 problem: TCP_MISS/503 0 CONNECT https:443 - NONE/- -

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 5/02/2014 12:49 p.m., b0tm1nd wrote:
> I am trying to set up Squid as a proxy with HTTPS support.
> No matter what I try, I cannot get CONNECT methods to work (via both HTTP
> and HTTPS protocols).

Problem 1) CONNECT is not valid in HTTPS. It is a client->proxy method
and only expected to work in HTTP where proxies are defined to exist.
HTTPS is defined to be an end-to-end client->origin server connection.

> 
> The problem seems to be very strange and unique, because the connection URL
> get's converted to something odd.
> 
> When I have enabled *never_direct allow all* option, here is what I get:
> 
> Requests:
> CONNECT https://google.com
> CONNECT http://google.com
> GET https://google.com

Problem 2) none of the above are valid HTTP requests.

This is what a valid equivalent requests would look like:

 CONNECT google.com:443 HTTP/1.1
 CONNECT google.com:80 HTTP/1.1
 GET https://google.com/ HTTP/1.1

This might help
https://svn.tools.ietf.org/svn/wg/httpbis/draft-ietf-httpbis/latest/p1-messaging.html#request-target

> Log:
> TCP_MISS/503 0 CONNECT https:443 - NONE/- -
> TCP_MISS/503 0 CONNECT http:443 - NONE/- -
> TCP_HIT/301 647 GET https://google.com/ - NONE/- text/html
> 
> Without this option, the logs turns into:
> TCP_MISS/404 0 CONNECT https:443 - DIRECT/- -
> TCP_MISS/404 0 CONNECT http:443 - DIRECT/- -
> 
> Note, how "//google.com" turns into ":443".

Strange. Your Squid is assuming that anything using CONNECT is port 443.
I usually see text strings being converted to the value 0.

> 
> Here is the part of detailed log, where this mysterious turn occurs:
> 
> 
> 
> My configuraion:
> 
> 
> 
> This is the version output:
> 
> 
> 

Email strangely missing any of your embeded details ... oh wait. Nabble
bites again. :-(


> When I use the one installed from Ubuntu 12.04 with the same configuration,
> I cannot even get to "GET https://google.com"; to work.


Squid and OpenSSL licenses clash a little bit. The Debian and Ubuntu OS
distributors have chosen for legal policy reasons not to provide a Squid
binary with HTTPS support so long as that support requires OpenSSL to be
linked to Squid.

You will need to build your own Squid with --enable-ssl or somewhere
locate a Squid .deb package with SSL support enabled. I dont know one
might be found where sorry.

Amos
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux