Re: [squid-users] Frustrating "Invalid Request" Reply

From: Ümit Kablan <umitkablan_at_gmail.com>
Date: Fri, 25 Feb 2011 11:53:48 +0200

Hi,

2011/2/24 Amos Jeffries <squid3_at_treenet.co.nz>:
>
> Please keep the replies on the mailing list for others to benefit from.
> I charge for private assistance.

Sorry I failed to send reply to all :-(

>
> On Wed, 23 Feb 2011 12:32:56 +0200, Ümit Kablan wrote:
>>
>>
>> 2011/2/22 Amos Jeffries :
>>>
>>> On Tue, 22 Feb 2011 17:24:39 +0200, Ümit Kablan wrote:
>>>>
>>>> 2011/2/21 Amos Jeffries wrote:
>>>>>
>>>>> On Mon, 21 Feb 2011 16:19:53 +0200, Ümit Kablan wrote:
>>>>>>
>>>>>> -------
>>>>>> GET
>>>>>>
>>>>>>
>>>>>>
>>>>>> /search?hl=tr&source=hp&biw=1276&bih=823&q=eee+ktu&aq=0&aqi=g10&aql=&oq=eee&fp=64d53dfd7a69225a&tch=3&ech=1ψ=6UBOTbHmCtah_Aa2haXRDw12969740590425&wrapid=tlif129697480915821&safe=active
>>>>>> HTTP/1.1
>>>>>
>>>>> Note the missing http://domain details in the URL. This is not a
>>>>> browser->proxy HTTP request. It is a browsers->origin request.
>>>>>
>>>>> IIRC interception of this type of request does not work in Windows,
>>>>> since
>>>>> the kernel NAT details are not available without proprietary
>>>>> third-party
>>>>> network drivers. Look at WPAD configuration of the localnet browsers
>>>>> instead, that way they will send browser->proxy requests nicely.
>>>>
>>>> Exactly! The working requests are all starting with http://domain/ as
>>>> you mentioned. (I must say I couldn't capture loopback network packets
>>>> ...
>>>
>>> Squid needs to be configured via the http_port to know what mode/type of
>>> traffic it is going to receive. The browsers need to be sending the right
>>> type as well.
>>
>> I have
>> -----
>> http_port 3128
>> -----
>> in my configuration. Do I miss something?
>
> Yes. But you keep omitting the details of *how* browsers are getting to
> squid, so we can't tell if you are attempting to run a transparent proxy or
> a reverse proxy. Two very different configurations both in Squid and in the
> network underneath.
>
> Please confirm your network layout and traffic flows including software
> which is involved on each related machine.
>

My network has 20+ machines all connecting to internet individually
through ONE adsl modem in my network (those are connected to each
other with a switch). My browsers are configured to use the squid
proxy explicitly (so I think it has nothing to to with transparency)

>
> You say this Squid is on Windows where interception type of transparent
> proxy is not possible for free, but keep mentioning the public website
> google as working.

Actually I was trying to stress on the weird problem I encountered to
help shed some light on the problem.

>
> I suspect you are trying to perform NAT interception on a separate box to
> Squid. Which is highly dangerous.
>

I think NAT inspection you mentioned is not executed on the XP machine
where squid is running, yes. But I am not sharing my internet
connection through that windows machine. I just want clients (those
browsers configured to use proxy) use the internal proxy.

>
>>>
>>> There are a number of workaround, So we are at the question of what
>>> exactly
>>> are you trying to do with the traffic? what does your goal look like?
>>
>> I have a slow internet connection all machines connecting to internet
>> individually so I simply want squid work correctly to make things
>> faster.
>
> Details please. So far we know this:
>
> When failing
>  Clients traffic passes through gateway box __ which is running __ and does
> __ to the connections, then __ and then __ and Squid sends an "invalid
> request" message back.
>
> When working
>  Clients traffic passes through gateway box __ which is running __ and does
> __ to the connections, then __ and then __ and Squid fetches the request
> over a slow Internet link and sends it back.
>
>
>>
>> Browser doesnt send correct http://domain/xyz address to the proxy
>> instead it sends GET /xyz and it does seem to be same on firefox, ie
>> and chrome. The browser additionally send Host: www.xxx.com data with
>> missing url info. What I thought of was telling squid concatenate
>> these data: "http://" "www.xyz.com" "/xyz" if possible.
>>
>> Everything works correctly at localhost and it seems strange to me.
>
> Localhost is very special.
>
>>
>> When you enter google everything is fine, when you hit keys google
>> gets completion successfully BUT when you hit enter the browser just
>> sends /xyz unlike before.
>>
>> I am sending my configuration for Squid 2.7STABLE8 downloaded from
>> http://squid.acmeconsulting.it/index.html.
>>
>>>
>>> Amos

Regards,

-- 
Ümit
Received on Fri Feb 25 2011 - 09:53:55 MST

This archive was generated by hypermail 2.2.0 : Fri Feb 25 2011 - 12:00:03 MST