[squid-users] Getting timeout 301 with GET command using cURL.

vintech spaceman4445 at gmail.com
Sun May 3 01:00:00 UTC 2015 

Hi,

Iam running squid 3.5.2 stable , however i have problems while i connect it
through GET as it gives me an HTTP 301 error.
Also while i use the squid with browser iam able to open and connect to the
destination but with get and cURl i am having issues and it gives timed out
error.
Also using bind for DNS so no problems in resolving also. Also iam using
random ports which are NAT to default ports. 


Here's the debug info:

----------

* About to connect() to proxy x.x.186.209 port 49539 (#0)
* Trying x.x.186.209... * Connected to x.x.186.209 (x.x.186.209) port 49539
(#0)
* Proxy auth using Basic with user 'cntservers'
> GET http://www.bookbyte.com/buyback2.aspx?isbns=0470405449 HTTP/1.1
Proxy-Authorization: Basic Y250c2VydmVyczo=
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:28.0) Gecko/20100101
Firefox/28.0
Host: www.bookbyte.com
Accept: */*
Proxy-Connection: Keep-Alive

< HTTP/1.1 301 Moved Permanently
< Server: CloudFront
< Date: Sat, 02 May 2015 02:20:17 GMT
< Content-Type: text/html
< Content-Length: 183
< Location: https://www.bookbyte.com/buyback2.aspx?isbns=0470405449
< X-Cache: Redirect from cloudfront
< X-Amz-Cf-Id: C3MVSCo5QoyoZa09U48QHd54SiP7UEigcQkujqNETLT5eMwJXWnunw==
< X-Cache: MISS from JDar
< X-Cache-Lookup: MISS from JDar:11000
< Via: 1.1 2eaad1ad7617abb10fd0dd05b1db7182.cloudfront.net (CloudFront), 1.1
JDar (squid/3.5.2)
< Connection: keep-alive
< 
* Ignoring the response-body
* Closing connection #0
* Issue another request to this URL:
'https://www.bookbyte.com/buyback2.aspx?isbns=0470405449'
* About to connect() to proxy x.x.186.209 port 49539 (#0)
* Trying x.x.186.209... * Connected to x.x.186.209 (x.x.186.209) port 49539
(#0)
* Establish HTTP proxy tunnel to www.bookbyte.com:443
* Proxy auth using Basic with user 'ctserve'
> CONNECT www.bookbyte.com:443 HTTP/1.1
Host: www.bookbyte.com:443
Proxy-Authorization: Basic Y250c2VydmVyczo=
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:28.0) Gecko/20100101
Firefox/28.0
Proxy-Connection: Keep-Alive

< HTTP/1.1 200 Connection established
< 
* Proxy replied OK to CONNECT request
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* Connected to x.x.186.209 (x.x.186.209) port 49539 (#0)
* SSL connection using AES256-SHA
* Server certificate:
* subject: OU=GT37244111; OU=See www.rapidssl.com/resources/cps (c)14;
OU=Domain Control Validated - RapidSSL(R); CN=*.bookbyte.com
* start date: 2015-01-29 02:59:29 GMT
* expire date: 2016-07-12 13:16:46 GMT
* subjectAltName: www.bookbyte.com matched
* issuer: C=US; O=GeoTrust Inc.; CN=RapidSSL SHA256 CA - G3
* SSL certificate verify ok.
> GET /buyback2.aspx?isbns=0470405449 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:28.0) Gecko/20100101
Firefox/28.0
Host: www.bookbyte.com
Accept: */*

* Operation timed out after 8000 milliseconds with 0 bytes received
* Closing connection #0


------------------


Following in the squid config:

#
# Recommended minimum configuration:
#
cache_effective_user squid
cache_effective_group squid
visible_hostname JDar
######################################
####################################
aclsquid_localmyip x.x.199.254
tcp_outgoing_address x.x.199.254 squid_local
####################
# Anynymous
include /etc/proxy/anonymous.conf
##################
include /etc/proxy/outgoing.conf
####################################
http_port 3128
http_port 3129
http_port 3130
http_port 3131
###################################
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acllocalnetsrc 10.0.0.0/8     # RFC1918 possible internal network
acllocalnetsrc 172.16.0.0/12  # RFC1918 possible internal network
acllocalnetsrc 192.168.0.0/16 # RFC1918 possible internal network
acllocalnetsrc fc00::/7       # RFC 4193 local private network range
acllocalnetsrc fe80::/10      # RFC 4291 link-local (directly plugged)
machines

aclSSL_ports port 443
aclSafe_ports port 80          # http
aclSafe_ports port 21          # ftp
aclSafe_ports port 443         # https
aclSafe_ports port 70          # gopher
aclSafe_ports port 210         # wais
aclSafe_ports port 1025-65535  # unregistered ports
aclSafe_ports port 280         # http-mgmt
aclSafe_ports port 488         # gss-http
aclSafe_ports port 591         # filemaker
aclSafe_ports port 777         # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access allow all

# Squid normally listens to port 3128
#http_port 3128

# Uncomment and adjust the following to add a disk cache directory.
#cache_dirufs /var/cache/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/cache/squid

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320
####################################
dns_v4_first on 
cache_mem 2 GB
workers 8
#m8ximum_object_size_in_memory 10 M
strip_query_terms off
fqdncache_size 65535
memory_replacement_policy heap GDSF
cache_replacement_policy heap GDSF
dns_nameservers 127.0.0.1
client_dst_passthru off
host_verify_strict off
range_offset_limit -1 
quick_abort_min -1
##read_ahead_gap 128 KB
logfile_rotate 1
max_filedescriptors 65535
######################################
memory_pools off
pconn_timeout 2 minutes
persistent_request_timeout 1 minute

-----------------------------------------------------

Please suggest!

Thanks!




--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Getting-timeout-301-with-GET-command-using-cURL-tp4671043.html
Sent from the Squid - Users mailing list archive at Nabble.com.

More information about the squid-users mailing list