On 8/8/19 3:29 PM, Tom Karches wrote:
> I am in the process of upgrading our Squid proxy server from 3.1 (on
> RHEL6) to 3.3 (on RHEL7).
It could have been worse! For example, you could ask a question about
upgrading Squid from v1.0 to v2.0... I will try to help, but I do not
remember much about v3.3 specifics.
I realize that it's a bit old. It is the default for RHEL 7 and unless there is a specific reason to update to the latest version, I usually stick with the default. The current proxy is 3.1 and totally works for our application.
No, simply logging HTTP CONNECT requests does not require bumping SSL.
Great. Don't want to go down that path.
> I used curl to test the new proxy. When I attempt to proxy an external
> https connection, this is the result :
> $ curl --proxy http://127.0.0.1:3128 https://www.google.com
> curl: (56) Received HTTP code 503 from proxy after CONNECT
Your Squid told curl that something went wrong. If you look at the
actual response, you may know what went wrong. The same information may
be available in Squid access.log, but the error response may have more
details than a log record. Please share that info here if it does not
point you to a solution.
> Where should I be looking for the problem?
In Squid response to curl. You can use curl tracing options or Wireshark
to see it. Squid access.log may have some clues as well.
$curl --trace --proxy http://127.0.0.1:3128 https://www.google.com
I get the HTML of the page, with this near the top :
<title>ERROR: The requested URL could not be retrieved</title>
<style type="text/css"><!--
and then :
<div id="content">
<p>The following error was encountered while trying to retrieve the URL: <a href=""><blockquote id="error">
<p><b>Invalid URL</b></p>
</blockquote>
and no 503 error at the end.
Getting this in access.log :
1565358617.666 0 127.0.0.1 TAG_NONE/400 3958 GET / - HIER_NONE/- text/html
Which seems odd. So the page is being delivered, but I don't see it unless --trace is turned on.
When I use :
curl --proxy http://127.0.0.1:3128 https://www.google.com
I get this in access.log :
1565358720.756 2 127.0.0.1 TAG_NONE/503 0 CONNECT www.google.com:443 - HIER_NONE/- -
My http_port directive is set as such :
# Squid normally listens to port 3128
http_port 3128
This is an explicit proxy so everything should be going through 3128.
-- <div id="content">
<p>The following error was encountered while trying to retrieve the URL: <a href=""><blockquote id="error">
<p><b>Invalid URL</b></p>
</blockquote>
and no 503 error at the end.
Getting this in access.log :
1565358617.666 0 127.0.0.1 TAG_NONE/400 3958 GET / - HIER_NONE/- text/html
Which seems odd. So the page is being delivered, but I don't see it unless --trace is turned on.
When I use :
curl --proxy http://127.0.0.1:3128 https://www.google.com
I get this in access.log :
1565358720.756 2 127.0.0.1 TAG_NONE/503 0 CONNECT www.google.com:443 - HIER_NONE/- -
My http_port directive is set as such :
# Squid normally listens to port 3128
http_port 3128
This is an explicit proxy so everything should be going through 3128.
I don't feel so bad about not figuring this out sooner. There was a thread with a similar problem on the list (though it was not helpful) where they were still stuck at this point after a month. I've only spent a week.
Thanks,
Tom
Thomas Karches
NCSU OIT CSI - Systems Specialist
NCSU OIT CSI - Systems Specialist
M.E Student - Technology Education
Hillsborough 319 / 919.515.5508
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users