On 14/08/2014 6:12 a.m., Robert Cicerelli wrote: > On 8/13/2014 7:22 AM, Amos Jeffries wrote: >> On 13/08/2014 10:29 p.m., Robert Cicerelli wrote: >>> Can anyone offer some help on this? >>> >>> I'm having a problem that just started after I implemented squid reverse >>> proxy. I have a couple of applications on one of the apache servers >>> behind the reverse proxy. Every time someone tries to upload relatively >>> large files to the application (7 MB, 30 MB), they get the following >>> error: >>> >>> Request Entity Too Large >>> >>> If I try to perform the same operation without going through the squid >>> reverse proxy, the uploads work with no problems. >>> >>> I'm using proxy 3.1.20 >>> <https://github.com/pfsense/pfsense-packages/commits/master/config/31> >>> on pfsense. I tried posting this issue on the pfsense support forums and >>> I have gotten zero replies so I'm trying the squid mailing list. The >>> situation has become a big problem so I would appreciate some help on >>> this. >>> >>> A few parameters I've adjusted to various values with no success: >>> >>> Minimum object size >>> Maximum object size >>> Memory cache size >>> Maximum download size >>> Maximum upload size >>> >>> Thanks a lot >>> >> Can you provide a sample of the request HTTP headers being sent to Squid >> for one of these failed uploads? >> >> Amos >> >> >> > One more thing to add that I just discovered: The terminology used in your description may be clear when applied to an origin server, but becomes unclear when applied to a proxy situation (where there are two of everything). > > First a little background for the sake of clarification, I'm using squid > in reverse proxy in order to forward appropriate https requests to > multiple servers behind the firewall since we only have on public IP > address. Okay, so far good. > In the particular instance I'm having a problem with, we have a > web application on one of the web servers that's running over https. Okay. > So, > I created a webserver in squid Did you mean a http_port with "accel" configured? ... > pointing to the IP of the actual > webserver ... or a cache_peer directive? > and I set the port to 443 since the web application on the > web server is only configured to respond to 443. ... sounds like cache_peer. But, did you also set "ssl" flag and SSL/TLS options to make the connection HTTPS, or just leave it sending HTTP to port 443? > Then i created a > mapping group a what? > that listened for four https URIs, one of the URIs being > the secure web application in question and I binded it to the webserver > I created earlier. huh? "binded" how exactly? If you can provide your squid.conf it would be really helpful understanding this. Amos > > So now, as a test, I created a virtual host to listen on port 80 for the > web application in question in addition to the virtual host listening on > 443. I removed the URI for that app from the existing mapping group. I > created another webserver in squid and this time instead of pointing it > to port 443 I pointed to port 80. Then I created another mapping group > that listened for the web application on 443 and I binded it to the > newly created webserver which is now pointed to 80. I tested the file > upload and it worked like a charm. So, the problem seems to arise when i > create a web server in squid and point it to port 443 of the webserver. > And just in case anyone asks, I did disable internal certificate. Not > sure if that makes a difference. > > Hopefully what i wrote is clear and it will help pinpoint the problem. > > Thanks a lot > > >
