[squid-users] Issues with CMS Redirects and Squid as Reverse Proxy
John Gardner
jeg1972 at gmail.com
Wed Jan 21 21:41:28 UTC 2015
We have a Squid 3.4 server configured as a Reverse Proxy on Oracle
Linux 6. It is working correctly for most sites, those which are HTTP
all the way through to the peer, Those which are HTTPS all the way
through to the peer and those which have SSL offloaded at the external
interface on Squid. We have however come across a problem when using
a proprietary Content Management System. In this CMS, you set each
page to show how it should be served i.e. HTTP or HTTPS. If traffic
comes into the CMS with HTTP and it's set for HTTPS, the CMS tries to
re-write/force the URL so that it comes back with https:// at the
start.
The problem is that, this appears to come through Squid as an
indefinite loop and the page fails. When connecting a Browser
directly to the CMS server, and using the same site and page settings,
it works, but when going through squid, it doesn't. Now, I'm willing
to believe that the CMS is affecting the HTTP traffic so that it is
not strict and that Squid then fails as it it doesn't know how to
handle it, but I thought I would post here and see if anyone could
help.
Our config is the following (with obfuscation);
http_port 10.x.x.42:80 accel defaultsite=server_2.bl.co.uk
https_port 10.x.x.42:443 accel cert=/usr/newrprgate/CertAuth/www/s.crt
key=/usr/newrprgate/CertAuth/www/southtynesidehomes_key.pem
cipher=ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
options=NO_SSLv2,NO_SSLv3 defaultsite=server_2.bl.co.uk
cache_peer 10.x.x.202 parent 80 0 no-query originserver name=server_2_http
cache_peer 10.x.x.202 parent 443 0 no-query originserver login=PASS
connection-auth=on ssl
sslcert=/usr/newrprgate/CertAuth/www/peer_keys/www.pem sslversion=1
sslflags=DONT_VERIFY_PEER front-end-https name=server_2_https
acl sites_server_2 dstdomain www.s.org.uk
cache_peer_access server_2_http allow sites_server_2
cache_peer_access server_2_https allow sites_server_2
cache_peer_access server_2_http deny all
cache_peer_access server_2_https deny all
I have switched full logging on and the output is shown below;
----------
2015/01/13 20:54:38.697 kid1| http.cc(2219) sendRequest: HTTP Server
local=10.x.x.40:35186 remote=10.x.x.202:80 FD 34 flags=1
2015/01/13 20:54:38.697 kid1| http.cc(2220) sendRequest: HTTP Server REQUEST:
---------
GET /article/9842/About-us HTTP/1.1
Host: www.s.org.uk
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
Referer: http://www.s.org.uk/article/11445/Publications
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-GB,en-US;q=0.8,en;q=0.6
Cookie: ASP.NET_SessionId=krnzwqana4w3gz452ogmtki4; mode=0;
clientvars=dca8813b-feb8-4398-ab5f-11fa4cf5bc1b
Via: 1.1 servername.bl.co.uk (squid)
Surrogate-Capability: servername.bl.co.uk="Surrogate/1.0 ESI/1.0"
X-Forwarded-For: 92.237.143.136
Cache-Control: max-age=259200
Connection: keep-alive
----------
2015/01/13 20:54:38.732 kid1| ctx: enter level 0:
'https://www.s.org.uk/article/9842/About-us'
2015/01/13 20:54:38.732 kid1| http.cc(749) processReplyHeader: HTTP
Server local=10.x.x.40:35186 remote=10.x.x.202:80 FD 34 flags=1
2015/01/13 20:54:38.732 kid1| http.cc(750) processReplyHeader: HTTP
Server REPLY:
---------
HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 176
Content-Type: text/html; charset=utf-8
Location: https://www.s.org.uk/article/9842/About-us
Server: Microsoft-IIS/7.5
Set-Cookie: clientvars=dca8813b-feb8-4398-ab5f-11fa4cf5bc1b;
expires=Thu, 15-Jan-2015 21:03:45 GMT; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Tue, 13 Jan 2015 21:03:44 GMT
<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a
href="https://www.s.org.uk/article/9842/About-us">here</a>.</h2>
</body></html>
----------
2015/01/13 20:54:38.732 kid1| ctx: exit level 0
2015/01/13 20:54:38.732 kid1| client_side.cc(1459) sendStartOfMessage:
HTTP Client local=10.x.x.42:443 remote=92.237.143.136:54310 FD 30
flags=1
2015/01/13 20:54:38.732 kid1| client_side.cc(1460) sendStartOfMessage:
HTTP Client REPLY:
---------
HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 176
Content-Type: text/html; charset=utf-8
Location: https://www.s.org.uk/article/9842/About-us
Server: Microsoft-IIS/7.5
Set-Cookie: clientvars=dca8813b-feb8-4398-ab5f-11fa4cf5bc1b;
expires=Thu, 15-Jan-2015 21:03:45 GMT; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Tue, 13 Jan 2015 21:03:44 GMT
X-Cache: MISS from servername.bl.co.uk
X-Cache-Lookup: MISS from servername.bl.co.uk:80
Via: 1.1 servername.bl.co.uk (squid)
Connection: keep-alive
----------
2015/01/13 20:54:38.773 kid1| client_side.cc(2407) parseHttpRequest:
HTTP Client local=10.x.x.42:443 remote=92.237.143.136:54307 FD 28
flags=1
2015/01/13 20:54:38.773 kid1| client_side.cc(2408) parseHttpRequest:
HTTP Client REQUEST:
---------
GET /article/9842/About-us HTTP/1.1
Host: www.s.org.uk
Connection: keep-alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
Referer: http://www.s.org.uk/article/11445/Publications
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-GB,en-US;q=0.8,en;q=0.6
Cookie: ASP.NET_SessionId=krnzwqana4w3gz452ogmtki4; mode=0;
clientvars=dca8813b-feb8-4398-ab5f-11fa4cf5bc1b
----------
2015/01/13 20:54:38.774 kid1| http.cc(2219) sendRequest: HTTP Server
local=10.x.x.40:35186 remote=10.x.x.202:80 FD 34 flags=1
2015/01/13 20:54:38.774 kid1| http.cc(2220) sendRequest: HTTP Server REQUEST:
---------
GET /article/9842/About-us HTTP/1.1
Host: www.s.org.uk
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
Referer: http://www.s.org.uk/article/11445/Publications
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-GB,en-US;q=0.8,en;q=0.6
Cookie: ASP.NET_SessionId=krnzwqana4w3gz452ogmtki4; mode=0;
clientvars=dca8813b-feb8-4398-ab5f-11fa4cf5bc1b
Via: 1.1 servername.bl.co.uk (squid)
Surrogate-Capability: servername.bl.co.uk="Surrogate/1.0 ESI/1.0"
X-Forwarded-For: 92.237.143.136
Cache-Control: max-age=259200
Connection: keep-alive
----------
2015/01/13 20:54:38.806 kid1| ctx: enter level 0:
'https://www.s.org.uk/article/9842/About-us'
2015/01/13 20:54:38.806 kid1| http.cc(749) processReplyHeader: HTTP
Server local=10.x.x.40:35186 remote=10.x.x.202:80 FD 34 flags=1
2015/01/13 20:54:38.806 kid1| http.cc(750) processReplyHeader: HTTP
Server REPLY:
---------
HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 176
Content-Type: text/html; charset=utf-8
Location: https://www.s.org.uk/article/9842/About-us
Server: Microsoft-IIS/7.5
Set-Cookie: clientvars=dca8813b-feb8-4398-ab5f-11fa4cf5bc1b;
expires=Thu, 15-Jan-2015 21:03:45 GMT; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Tue, 13 Jan 2015 21:03:44 GMT
<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a
href="https://www.s.org.uk/article/9842/About-us">here</a>.</h2>
</body></html>
----------
2015/01/13 20:54:38.806 kid1| ctx: exit level 0
2015/01/13 20:54:38.806 kid1| client_side.cc(1459) sendStartOfMessage:
HTTP Client local=10.x.x.42:443 remote=92.237.143.136:54307 FD 28
flags=1
2015/01/13 20:54:38.806 kid1| client_side.cc(1460) sendStartOfMessage:
HTTP Client REPLY:
---------
HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 176
Content-Type: text/html; charset=utf-8
Location: https://www.s.org.uk/article/9842/About-us
Server: Microsoft-IIS/7.5
Set-Cookie: clientvars=dca8813b-feb8-4398-ab5f-11fa4cf5bc1b;
expires=Thu, 15-Jan-2015 21:03:45 GMT; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Tue, 13 Jan 2015 21:03:44 GMT
X-Cache: MISS from servername.bl.co.uk
X-Cache-Lookup: MISS from servername.bl.co.uk:80
Via: 1.1 servername.bl.co.uk (squid)
Connection: keep-alive
----------
2015/01/13 20:54:38.850 kid1| client_side.cc(2407) parseHttpRequest:
HTTP Client local=10.x.x.42:443 remote=92.237.143.136:54306 FD 32
flags=1
2015/01/13 20:54:38.850 kid1| client_side.cc(2408) parseHttpRequest:
HTTP Client REQUEST:
---------
GET /article/9842/About-us HTTP/1.1
Host: www.s.org.uk
Connection: keep-alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
Referer: http://www.s.org.uk/article/11445/Publications
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-GB,en-US;q=0.8,en;q=0.6
Cookie: ASP.NET_SessionId=krnzwqana4w3gz452ogmtki4; mode=0;
clientvars=dca8813b-feb8-4398-ab5f-11fa4cf5bc1b
----------
2015/01/13 20:54:38.850 kid1| http.cc(2219) sendRequest: HTTP Server
local=10.x.x.40:35186 remote=10.x.x.202:80 FD 34 flags=1
2015/01/13 20:54:38.850 kid1| http.cc(2220) sendRequest: HTTP Server REQUEST:
---------
GET /article/9842/About-us HTTP/1.1
Host: www.s.org.uk
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
Referer: http://www.s.org.uk/article/11445/Publications
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-GB,en-US;q=0.8,en;q=0.6
Cookie: ASP.NET_SessionId=krnzwqana4w3gz452ogmtki4; mode=0;
clientvars=dca8813b-feb8-4398-ab5f-11fa4cf5bc1b
Via: 1.1 servername.bl.co.uk (squid)
Surrogate-Capability: servername.bl.co.uk="Surrogate/1.0 ESI/1.0"
X-Forwarded-For: 92.237.143.136
Cache-Control: max-age=259200
Connection: keep-alive
----------
2015/01/13 20:54:38.881 kid1| ctx: enter level 0:
'https://www.s.org.uk/article/9842/About-us'
2015/01/13 20:54:38.881 kid1| http.cc(749) processReplyHeader: HTTP
Server local=10.x.x.40:35186 remote=10.x.x.202:80 FD 34 flags=1
2015/01/13 20:54:38.881 kid1| http.cc(750) processReplyHeader: HTTP
Server REPLY:
---------
HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 176
Content-Type: text/html; charset=utf-8
Location: https://www.s.org.uk/article/9842/About-us
Server: Microsoft-IIS/7.5
Set-Cookie: clientvars=dca8813b-feb8-4398-ab5f-11fa4cf5bc1b;
expires=Thu, 15-Jan-2015 21:03:45 GMT; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Tue, 13 Jan 2015 21:03:44 GMT
<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a
href="https://www.s.org.uk/article/9842/About-us">here</a>.</h2>
</body></html>
----------
2015/01/13 20:54:38.881 kid1| ctx: exit level 0
2015/01/13 20:54:38.881 kid1| client_side.cc(1459) sendStartOfMessage:
HTTP Client local=10.x.x.42:443 remote=92.237.143.136:54306 FD 32
flags=1
2015/01/13 20:54:38.881 kid1| client_side.cc(1460) sendStartOfMessage:
HTTP Client REPLY:
---------
HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 176
Content-Type: text/html; charset=utf-8
Location: https://www.s.org.uk/article/9842/About-us
Server: Microsoft-IIS/7.5
Set-Cookie: clientvars=dca8813b-feb8-4398-ab5f-11fa4cf5bc1b;
expires=Thu, 15-Jan-2015 21:03:45 GMT; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Tue, 13 Jan 2015 21:03:44 GMT
X-Cache: MISS from servername.bl.co.uk
X-Cache-Lookup: MISS from servername.bl.co.uk:80
Via: 1.1 servername.bl.co.uk (squid)
Connection: keep-alive
----------
2015/01/13 20:54:38.930 kid1| client_side.cc(2407) parseHttpRequest:
HTTP Client local=10.x.x.42:443 remote=92.237.143.136:54308 FD 25
flags=1
2015/01/13 20:54:38.930 kid1| client_side.cc(2408) parseHttpRequest:
HTTP Client REQUEST:
---------
GET /article/9842/About-us HTTP/1.1
Host: www.s.org.uk
Connection: keep-alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
Referer: http://www.s.org.uk/article/11445/Publications
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-GB,en-US;q=0.8,en;q=0.6
Cookie: ASP.NET_SessionId=krnzwqana4w3gz452ogmtki4; mode=0;
clientvars=dca8813b-feb8-4398-ab5f-11fa4cf5bc1b
I'd greatly appreciated it if someone could cast their eyes over the
logs and see if anything pops out as to why this infinite loop is
displayed by Squid.
Thanks very much in advance.
John
More information about the squid-users
mailing list