Hi,
I've noticed one more difference between the CONNECT packets (it appears in the HTTP layer):
--> client's firefox configured with the ip and port of the parent proxy (172.16.103.254:3128), surf on the Net ok:
Frame 58: 255 bytes on wire (2040 bits), 255 bytes captured (2040 bits) on interface eth1, id 0
Ethernet II, Src: D-LinkIn_79:24:ed (ac:f1:df:79:24:ed), Dst: VMware_92:8a:f2 (00:0c:29:92:8a:f2)
Internet Protocol Version 4, Src: 172.16.103.101, Dst: 172.16.103.254
Transmission Control Protocol, Src Port: 35604, Dst Port: 3128, Seq: 1, Ack: 1, Len: 201
Hypertext Transfer Protocol
CONNECT www.google.com:443 HTTP/1.1\r\n
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0\r\n
Proxy-Connection: keep-alive\r\n
Connection: keep-alive\r\n
Host: www.google.com:443\r\n
\r\n
[Full request URI: www.google.com:443]
[HTTP request 1/1]
[Response in frame: 62]
--> client's firefox configured to use system proxy settings (can't surf on the Net):
Frame 620: 295 bytes on wire (2360 bits), 295 bytes captured (2360 bits) on interface eth1, id 0
Ethernet II, Src: D-LinkIn_79:24:ed (ac:f1:df:79:24:ed), Dst: VMware_92:8a:f2 (00:0c:29:92:8a:f2)
Internet Protocol Version 4, Src: 172.16.103.101, Dst: 172.16.103.254
Transmission Control Protocol, Src Port: 35528, Dst Port: 3128, Seq: 1, Ack: 1, Len: 241
Hypertext Transfer Protocol
CONNECT www.google.com:443 HTTP/1.1\r\n
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0\r\n
Host: www.google.com:443\r\n
Via: 1.1 tjener.intern (squid/4.6)\r\n
X-Forwarded-For: 10.0.2.2\r\n -> request field introduit par squid
Cache-Control: max-age=259200\r\n -> si on vire le cache dans la config, tjs là ?
\r\n
[Full request URI: www.google.com:443]
[HTTP request 1/1]
[Response in frame: 624]
Remarks: tjener.inter is my server with squid (172.16.103.101) and 172.16.103.254:3128 is the parent.
10.0.2.2 is the IP of the client.
If you have any idea to help me to fix this ....
Thanks for your answer.
Yannick
--
Securely sent with Tutanota. Get your own encrypted, ad-free mailbox:
https://tutanota.com
Jun 26, 2020, 07:11 by squid3@xxxxxxxxxxxxx:
On 24/06/20 7:27 am, yannick.rousseau@xxxxxxxxxxxx wrote:Hi,I'm using squid (4.6) on my server (debianedu buster LTSP), and I'mtrying to configure a parent proxy.At first, when I configure the client's firefox (manual proxyconfiguration) with the ip and port of the parent proxy, it's ok, I cansurf on the internet.But I would like to configure my server's Squid Proxy to forward to aparent proxy (172.16.103.254:3128)-> So I add these two lines at the end of squid.conf:cache_peer 172.16.103.254 parent 3128 0 no-query no-digestnever_direct allow all-> And restart squid. It seems to be ok:# cat /var/log/squid/cache.log(.....)2020/06/23 09:51:12 kid1| Configuring Parent 172.16.103.254/3128/0(....)-> Then I configure firefox to use system proxy settings, but when I tryto google something or visit debian-fr.org, it doesn't work (no reponsefrom the proxy).That is odd. The log shows a 403 response being delivered by the parentproxy and delivered to Firefox.Browsers refuse to display proxy responses on CONNECT requests. So thefirst is expected. But the second one using http:// should be shown.But my squid's configuration seems to be ok:# cat /var/log/squid/access.log(....)1592921221.753 138 10.0.2.2 TCP_TUNNEL/403 361CONNECT www.google.com:443 <http://www.google.com:443/> -FIRSTUP_PARENT/172.16.103.254 -1592921275.641 521 10.0.2.2 TCP_MISS/403 4289GET http://www.debian-fr.org/ - FIRSTUP_PARENT/172.16.103.254 text/html1592921275.692 0 10.0.2.2 TCP_HIT/200 13072 GET(...)Is it possible that the squid parent refuse to have "a child" ?Maybe. You will need to know the parent proxy configuration to tellthat. All that is visible from the detail you have shown is that parentproxy has forbidden the requests it is receiving.Amos_______________________________________________squid-users mailing listsquid-users@xxxxxxxxxxxxxxxxxxxxxhttp://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
