Re: [squid-users] How to handle 302 redirect when setting up squid as transparent proxy?

From: yegle <cnyegle_at_gmail.com>
Date: Sun, 14 Mar 2010 18:14:50 +0800

On Sun, Mar 14, 2010 at 6:00 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>
> yegle wrote:
>>
>> Hi,
>> Here's what I got in cache.log after adding debug_options 58,6
>>
>> 2010/03/14 17:22:25.679| ctx: enter level  0: 'http://evernote.com'
>> 2010/03/14 17:22:25.679| HttpMsg::parse: failed to find end of headers
>> (eof: 0) in 'HTTP/1.1 302 Object Moved^M
>> Location: http://www.evernote.com/^M
>> '
>
> <snip>
>>
>> Seems it's evernote.com's fault?
>>
>
> Yes, partially. They are sending a incomplete HTTP response back.
> Squid should be handling it better though and able to treat it properly.
>
> If you can add a bug report with your headers trace, I'll work on getting a patch for it.
>
> Amos
>
>>
>>
>> On Sun, Mar 14, 2010 at 5:19 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>>>
>>> yegle wrote:
>>>>
>>>> Hi list,
>>>> I'm trying to set up a squid server as transparent proxy,however I
>>>> found some errors when handling 302 redirect pages.
>>>>
>>>> Here's my configure file:
>>>> acl manager proto cache_object
>>>> acl localhost src 127.0.0.1/32
>>>> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
>>>> acl localnet src 10.0.0.0/8    # RFC1918 possible internal network
>>>> acl localnet src 172.16.0.0/12    # RFC1918 possible internal network
>>>> acl localnet src 192.168.0.0/16    # RFC1918 possible internal network
>>>> acl SSL_ports port 443
>>>> acl Safe_ports port 80        # http
>>>> acl purge method PURGE
>>>> acl CONNECT method CONNECT
>>>> http_access allow manager localhost
>>>> http_access deny manager
>>>> http_access allow purge localhost
>>>> http_access deny purge
>>>> http_access deny !Safe_ports
>>>> http_access deny CONNECT !SSL_ports
>>>> http_access allow localnet
>>>> http_access allow localhost
>>>> http_access deny all
>>>> icp_access allow localnet
>>>> icp_access deny all
>>>> htcp_access allow localnet
>>>> htcp_access deny all
>>>> http_port 3128 transparent
>>>> hierarchy_stoplist cgi-bin ?
>>>> cache_mem 512 MB
>>>> maximum_object_size_in_memory 512 KB
>>>> cache_dir ufs /var/cache/squid 10240 16 256
>>>> minimum_object_size 0 KB
>>>> maximum_object_size 40960 KB
>>>> access_log /var/log/squid/access.log squid
>>>> refresh_pattern ^ftp:        1440    20%    10080
>>>> refresh_pattern ^gopher:    1440    0%    1440
>>>> refresh_pattern (cgi-bin|\?)    0    0%    0
>>>> refresh_pattern .        0    20%    4320
>>>> visible_hostname none
>>>> icp_port 3130
>>>> forwarded_for off
>>>> coredump_dir /var/cache/squid
>>>>
>>>> Test url:
>>>> http://evernote.com
>>>>
>>>> Normal interaction:
>>>> $ curl -v evernote.com
>>>> * About to connect() to evernote.com port 80 (#0)
>>>> *   Trying 205.234.25.136... connected
>>>> * Connected to evernote.com (205.234.25.136) port 80 (#0)
>>>>>
>>>>> GET / HTTP/1.1
>>>>> User-Agent: curl/7.20.0 (x86_64-pc-linux-gnu) libcurl/7.20.0 GnuTLS/2.8.5
>>>>> zlib/1.2.3
>>>>> Host: evernote.com
>>>>> Accept: */*
>>>>>
>>>> < HTTP/1.1 302 Object Moved
>>>> < Location: http://www.evernote.com/
>>>> * Connection #0 to host evernote.com left intact
>>>> * Closing connection #0
>>>>
>>>> Unnormal interaction with squid transparent proxy:
>>>> $ curl -v evernote.com
>>>> * About to connect() to evernote.com port 80 (#0)
>>>> *   Trying 205.234.25.136... connected
>>>> * Connected to evernote.com (205.234.25.136) port 80 (#0)
>>>>>
>>>>> GET / HTTP/1.1
>>>>> User-Agent: curl/7.20.0 (x86_64-pc-linux-gnu) libcurl/7.20.0 GnuTLS/2.8.5
>>>>> zlib/1.2.3
>>>>> Host: evernote.com
>>>>> Accept: */*
>>>>>
>>>> * HTTP 1.0, assume close after body
>>>> < HTTP/1.0 502 Bad Gateway
>>>> < Server: squid/3.0.STABLE19
>>>> < Mime-Version: 1.0
>>>> < Date: Sun, 14 Mar 2010 08:10:06 GMT
>>>> < Content-Type: text/html
>>>> < Content-Length: 1687
>>>> < X-Squid-Error: ERR_INVALID_RESP 0
>>>> < X-Cache: MISS from none
>>>> < X-Cache-Lookup: MISS from none:3128
>>>> < Via: 1.0 none (squid/3.0.STABLE19)
>>>> < Proxy-Connection: close
>>>>
>>>> Messages from access.log:
>>>> 1268555151.842    137 XX.XX.XX.XX TCP_MISS/502 2562 GET
>>>> http://evernote.com/favicon.ico - DIRECT/205.234.25.136 text/html
>>>>
>>>>
>>>> Can anyone give me a hint, how to avoid this? Thank you!
>>>
>>> There is something wrong with the reply being sent back to Squid from the
>>> server.  Look in your squid cache.log to see what is wrong with that reply.
>>> You may need to configure "debug_options 58,6 " to see what Squid is
>>> getting.
>>>
>>> Amos
>>> --
>>> Please be using
>>>  Current Stable Squid 2.7.STABLE8 or 3.0.STABLE25
>>>  Current Beta Squid 3.1.0.18
>>>
>
>
> --
> Please be using
>  Current Stable Squid 2.7.STABLE8 or 3.0.STABLE25
>  Current Beta Squid 3.1.0.18

Hi Amos,
Here's the issue I submitted:
http://bugs.squid-cache.org/show_bug.cgi?id=2879

Thank you :-)
Received on Sun Mar 14 2010 - 10:14:57 MDT

This archive was generated by hypermail 2.2.0 : Sun Mar 14 2010 - 12:00:04 MDT