On Wed, Dec 4, 2019 at 6:15 AM Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > > I'm trying to see for myself if this is actually normal/OK - since I > don't know how familiar you are with HTTP accel mode syntax. > > The requests in particular are most interesting, though what responses > are paired with each is also potentially important. Hope it fits here. Otherwise, I'll pastebin it in another e-mail. Here's the whole shebang: 2019/12/03 14:52:25.964 kid1| 11,2| client_side.cc(2372) parseHttpRequest: HTTP Client local=10.215.145.81:50443 remote=10.215.144.48:54243 FD 12 flags=1 2019/12/03 14:52:25.964 kid1| 11,2| client_side.cc(2373) parseHttpRequest: HTTP Client REQUEST: --------- POST /whatever/j_spring_security_check HTTP/1.1 Host: intranet.mydomain.org:50443 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.8,es-ES;q=0.6,es;q=0.4,ca;q=0.2 Accept-Encoding: gzip, deflate, br Referer: https://intranet.mydomain.org:50443/whatever/security/login Content-Type: application/x-www-form-urlencoded Content-Length: 48 Cookie: JSESSIONID=pveHPU4LMS7YcbpaFwAADdL3 Connection: keep-alive Upgrade-Insecure-Requests: 1 redirect=&username=myuser&password=mypassword ---------- 2019/12/03 14:52:25.964 kid1| 11,2| http.cc(2229) sendRequest: HTTP Server local=10.215.248.91:49470 remote=10.215.248.40:8080 FD 17 flags=1 2019/12/03 14:52:25.964 kid1| 11,2| http.cc(2230) sendRequest: HTTP Server REQUEST: --------- POST /whatever/j_spring_security_check HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.8,es-ES;q=0.6,es;q=0.4,ca;q=0.2 Accept-Encoding: gzip, deflate, br Referer: https://intranet.mydomain.org:50443/whatever/security/login Content-Type: application/x-www-form-urlencoded Content-Length: 48 Cookie: JSESSIONID=pveHPU4LMS7YcbpaFwAADdL3 Upgrade-Insecure-Requests: 1 Host: intranet.mydomain.org:50443 Via: 1.1 rev_whatever (squid) Surrogate-Capability: inf-fw2="Surrogate/1.0" X-Forwarded-For: 10.215.144.48 Cache-Control: max-age=259200 Connection: keep-alive ---------- 2019/12/03 14:52:26.509 kid1| ctx: enter level 0: 'https://intranet.mydomain.org:50443/whatever/j_spring_security_check' 2019/12/03 14:52:26.509 kid1| 11,2| http.cc(719) processReplyHeader: HTTP Server local=10.215.248.91:49470 remote=10.215.248.40:8080 FD 17 flags=1 2019/12/03 14:52:26.509 kid1| 11,2| http.cc(720) processReplyHeader: HTTP Server REPLY: --------- HTTP/1.1 302 Moved Temporarily Server: Apache-Coyote/1.1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: 0 X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Set-Cookie: JSESSIONID=DQS7FWuX-JxNHXMZE+BHeQ2H; Path=/whatever Location: http://intranet.mydomain.org:50443/whatever/security/afterLogin Content-Length: 0 Date: Tue, 03 Dec 2019 13:52:25 GMT ---------- 2019/12/03 14:52:26.509 kid1| ctx: exit level 0 2019/12/03 14:52:26.509 kid1| 11,2| client_side.cc(1409) sendStartOfMessage: HTTP Client local=10.215.145.81:50443 remote=10.215.144.48:54243 FD 12 flags=1 2019/12/03 14:52:26.509 kid1| 11,2| client_side.cc(1410) sendStartOfMessage: HTTP Client REPLY: --------- HTTP/1.1 302 Found Server: Apache-Coyote/1.1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: 0 X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Set-Cookie: JSESSIONID=DQS7FWuX-JxNHXMZE+BHeQ2H; Path=/whatever Location: http://intranet.mydomain.org:50443/whatever/security/afterLogin Content-Length: 0 Date: Tue, 03 Dec 2019 13:52:25 GMT X-Cache: MISS from inf-fw2 X-Cache-Lookup: MISS from inf-fw2:50443 Via: 1.1 rev_whatever (squid) Connection: keep-alive ---------- > > > > 2019/12/03 14:52:26.509 kid1| 11,2| http.cc(720) processReplyHeader: > > HTTP Server REPLY: > > --------- > > HTTP/1.1 302 Moved Temporarily > ... > > Location: http://whatever.org:50443/whatever/security/afterLogin > > That is a very good sign. The server is using the Squid listening port > in its generated URLs. Yes, the port is fine. It's the protocol that's http instead of https. Vieri _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users