|
Any help I could use? :) The gist is: I have squid running on machine A, and an app on machine B. The app sets proxy (A's ip address and squid port #) when making HTTP requests but the requests are failing.
Aniruddha Gore
Sent from Outlook.com From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> on behalf of Aniruddha Gore <agnrie@xxxxxxxxxxx>
Sent: Friday, May 7, 2021 10:57 AM To: squid-users@xxxxxxxxxxxxxxxxxxxxx <squid-users@xxxxxxxxxxxxxxxxxxxxx> Subject: Re: [squid-users] HTTPS request times out going through Squid proxy
I spoke too soon, so embarrassed 🙁
When I run Squid on the same machine where my application is running it works fine, but when I run Squid with the same exact default config on a different machine it doesn't. I supply other machine's IP address and port (3128) on command line to my app,
and it simply takes it and sets web proxy property on CPPRest SDK's http_config object.
The access.log file has many lines like the following:
1620409014.520 42289
<ip adress> TAG_NONE/500
0 CONNECT <uri>:443 - HIER_DIRECT/13.107.246.70 -
When capturing network calls via Wireshark (on this other machine where Squid is running), the CONNECT call succeeds but the following TCP call seems to fail with a RESET status (Wireshark is highlighting it in Yellow). Here's the frame if I am doing it right:
Frame 317: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{5DF77CC1-9630-47C0-883C-EB71B3CB5012}, id 0
Interface id: 0 (\Device\NPF_{5DF77CC1-9630-47C0-883C-EB71B3CB5012})
Encapsulation type: Ethernet (1)
Arrival Time: May 7, 2021 10:36:16.229675000 Pacific Daylight Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1620408976.229675000 seconds
[Time delta from previous captured frame: 0.009061000 seconds]
[Time delta from previous displayed frame: 3.998702000 seconds]
[Time since reference or first frame: 8.098563000 seconds]
Frame Number: 317
Frame Length: 54 bytes (432 bits)
Capture Length: 54 bytes (432 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp]
[Coloring Rule Name: TCP RST]
[Coloring Rule String: tcp.flags.reset eq 1]
Ethernet II, Src: IntelCor_5a:b3:e2 (c8:09:a8:5a:b3:e2), Dst: IntelCor_4e:5e:85 (34:02:86:4e:5e:85)
Internet Protocol Version 4, Src: 192.168.1.13, Dst: 192.168.1.10
Transmission Control Protocol, Src Port: 5526, Dst Port: 3128, Seq: 112, Ack: 1, Len: 0
Source Port: 5526
Destination Port: 3128
[Stream index: 7]
[TCP Segment Len: 0]
Sequence Number: 112 (relative sequence number)
Sequence Number (raw): 3926084777
[Next Sequence Number: 112 (relative sequence number)]
Acknowledgment Number: 1 (relative ack number)
Acknowledgment number (raw): 363949443
0101 .... = Header Length: 20 bytes (5)
Flags: 0x014 (RST, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 0... = Push: Not set
.... .... .1.. = Reset: Set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
[TCP Flags: ·······A·R··]
Window: 0
[Calculated window size: 0]
[Window size scaling factor: 256]
Checksum: 0x50b9 [unverified]
[Checksum Status: Unverified]
Urgent Pointer: 0
[Timestamps]From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> on behalf of Aniruddha Gore <agnrie@xxxxxxxxxxx>
Sent: Friday, May 7, 2021 2:14 AM To: squid-users@xxxxxxxxxxxxxxxxxxxxx <squid-users@xxxxxxxxxxxxxxxxxxxxx> Subject: Re: [squid-users] HTTPS request times out going through Squid proxy
Matus, thanks a ton for your responses. I removed https_port and things started working again. Unfortunately, I am not sure what I was doing wrong before adding https_port. Well, it works now
🙂
From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> on behalf of Matus UHLAR - fantomas <uhlar@xxxxxxxxxxx>
Sent: Friday, May 7, 2021 12:16 AM To: squid-users@xxxxxxxxxxxxxxxxxxxxx <squid-users@xxxxxxxxxxxxxxxxxxxxx> Subject: Re: [squid-users] HTTPS request times out going through Squid proxy On 07.05.21 06:52, Aniruddha Gore wrote:
>Thanks Matus for responding 🙂 no need for private copy, mailing list is enough. >Following is what the relevant line in squid.conf: > ># Squid normally listens to port 3128 >http_port 3128 > >I suspect you might be pointing out that there is no https_port configured. no. https_port is used for reverse proxying, not for forward proxying of HTTPS requests. > While I was adding https_port, I noticed no process is listening on port > 3128 (doesn't appear in output of netstat -aon on Windows). So now the > calls are failing with "WinHttpSendRequest: 12029: A connection with the > server could not be established" 😕 >have you set up your squid host:port as HTTP proxy in the application? - means: have you set up the applictaion to use HTTP proxy? >Can you see anything in squid logs? - what is in squid logs? >From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> on behalf of Matus UHLAR - fantomas <uhlar@xxxxxxxxxxx> >On 06.05.21 01:06, Aniruddha Gore wrote: >> Pinging back hoping to get some help. I suspect I am missing something >> very basic and would really appreciate if someone could point me in the >> right direction. :) >I haven't seen your packet trace but so far it shouldn't be needed. > >> Context I have an application running on a machine (A) that does not have >> internet connectivity. It, however, can talk to another machine (B) which >> has full connectivity. The application makes HTTPS calls. I am hoping to >> set-up Squid on B and set-up web proxy (ip address and port) when making >> HTTPS calls in the app. > > >> I have installed Squid for >> Windows<https://na01.safelinks.protection.outlook.com/?url="">> >> on B with default squid config. >> >> >> Problem HTTPS requests are timing out. >> >> >> I am new to proxy so don't know lot of ways to investigate further. This >> is what Wireshark captured running on B. Unfortunately, I am unable to >> gather any actionable info from this, it just confirms that calls do make >> it to B and then something wrong happens. -- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; https://na01.safelinks.protection.outlook.com/?url=""> Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Spam = (S)tupid (P)eople's (A)dvertising (M)ethod _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx https://na01.safelinks.protection.outlook.com/?url=""> |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
